diff options
| author | Tim Keller <tjkeller.xyz> | 2024-11-05 10:00:57 -0600 |
|---|---|---|
| committer | Tim Keller <tjkeller.xyz> | 2024-11-05 10:00:57 -0600 |
| commit | 78d758b4b22e1150b32f3643ef5a9f04f76abf26 (patch) | |
| tree | 0e770f821caa8040ccc4ff383824c92fe5641b50 /modules/root | |
| parent | e2796bbd4ff55fcaacbceddd996890593c2b762a (diff) | |
| download | nixos-78d758b4b22e1150b32f3643ef5a9f04f76abf26.tar.xz nixos-78d758b4b22e1150b32f3643ef5a9f04f76abf26.zip | |
fix bugs for t495 and cleanup
Diffstat (limited to 'modules/root')
| -rw-r--r-- | modules/root/default.nix | 2 | ||||
| -rw-r--r-- | modules/root/normaluser.nix | 2 | ||||
| -rw-r--r-- | modules/root/secrets.nix | 16 | ||||
| -rw-r--r-- | modules/root/software.nix | 1 | ||||
| -rw-r--r-- | modules/root/tlp.nix | 9 | ||||
| -rw-r--r-- | modules/root/wifi.nix | 2 |
6 files changed, 30 insertions, 2 deletions
diff --git a/modules/root/default.nix b/modules/root/default.nix index 9b3bedd..62eb9b5 100644 --- a/modules/root/default.nix +++ b/modules/root/default.nix @@ -17,6 +17,7 @@ ./printing.nix ./secrets.nix ./software.nix + ./tlp.nix ./virtualisation.nix ./wifi.nix ./x11.nix @@ -40,6 +41,7 @@ home-manager.enable = lib.mkDefault true; pipewire.enable = lib.mkDefault true; printing.enable = lib.mkDefault true; + tlp.enable = lib.mkDefault true; scanning.enable = lib.mkDefault true; software = { desktop = { diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix index 192e64e..4be90e8 100644 --- a/modules/root/normaluser.nix +++ b/modules/root/normaluser.nix @@ -3,6 +3,6 @@ description = userDetails.fullname; #home = userDetails.home.root; isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = [ "wheel" "docker" ]; }; } diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix index 464a8f2..bfeb542 100644 --- a/modules/root/secrets.nix +++ b/modules/root/secrets.nix @@ -10,4 +10,20 @@ wireless-env = { }; }; }; + + # This service is a workaround to ensure that secrets are available on + # reboot when the secret keys are on a separate subvolume + systemd.services.npcnix-force-rebuild-sops-hack = { + wantedBy = [ "multi-user.target" ]; + before = [ + # List all services that require secrets + "wpa_supplicant.service" + ]; + serviceConfig = { + ExecStart = "/run/current-system/activate"; + Type = "oneshot"; + Restart = "on-failure"; # because oneshot + RestartSec = "10s"; + }; + }; } diff --git a/modules/root/software.nix b/modules/root/software.nix index 635ecf6..d7ab886 100644 --- a/modules/root/software.nix +++ b/modules/root/software.nix @@ -64,6 +64,7 @@ ] ++ pkgs.lib.optionals config.software.utils.enable [ # Utilities age + cryptsetup ddcutil # TODO fastfetch htop diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix new file mode 100644 index 0000000..3414c03 --- /dev/null +++ b/modules/root/tlp.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: { + options = { + tlp.enable = lib.mkEnableOption "enables tlp"; + }; + + config = lib.mkIf config.tlp.enable { + services.tlp.enable = true; + }; +} diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix index ff143b9..880d436 100644 --- a/modules/root/wifi.nix +++ b/modules/root/wifi.nix @@ -2,7 +2,7 @@ let mkNetworksFromEnvironmentFile = n: builtins.listToAttrs ( map (i: { - name = "@SSID_${toString i}@"; + name = "@SSID_${toString i}@"; value = { psk = "@PSK_${toString i}@"; priority = n - i; |