diff --git a/modules/nixos/boot/loader/systemd-boot.nix b/modules/nixos/boot/loader/systemd-boot.nix index 77a5f9b32..fe7408d50 100644 --- a/modules/nixos/boot/loader/systemd-boot.nix +++ b/modules/nixos/boot/loader/systemd-boot.nix @@ -18,23 +18,21 @@ in }; config = mkIf (cfg.loader == "systemd-boot") { - boot.loader = { - systemd-boot = - { - enable = mkDefault true; - configurationLimit = 15; # prevent "too many" configuration from showing up on the boot menu - consoleMode = mkDefault "max"; # the default is "keep" + boot.loader.systemd-boot = + { + enable = mkDefault true; + configurationLimit = 15; # prevent "too many" configuration from showing up on the boot menu + consoleMode = mkDefault "max"; # the default is "keep" - # Fix a security hole. See desc in nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix - editor = false; - } - // optionalAttrs cfg.memtest.enable { - extraFiles."efi/memtest86plus/memtest.efi" = "${cfg.boot.memtest.package}/memtest.efi"; - extraEntries."memtest86plus.conf" = '' - title MemTest86+ - efi /efi/memtest86plus/memtest.efi - ''; - }; - }; + # Fix a security hole. See desc in nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix + editor = false; + } + // optionalAttrs cfg.memtest.enable { + extraFiles."efi/memtest86plus/memtest.efi" = "${cfg.boot.memtest.package}/memtest.efi"; + extraEntries."memtest86plus.conf" = '' + title MemTest86+ + efi /efi/memtest86plus/memtest.efi + ''; + }; }; } diff --git a/modules/nixos/hardware/gpu/nvidia.nix b/modules/nixos/hardware/gpu/nvidia.nix index 154c16d43..97d3caa28 100644 --- a/modules/nixos/hardware/gpu/nvidia.nix +++ b/modules/nixos/hardware/gpu/nvidia.nix @@ -103,17 +103,8 @@ in }; graphics = { - extraPackages = builtins.attrValues { - inherit (pkgs) - nvidia-vaapi-driver - ; - }; - - extraPackages32 = builtins.attrValues { - inherit (pkgs.pkgsi686Linux) - nvidia-vaapi-driver - ; - }; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; }; }; diff --git a/modules/profiles/graphical/login/greetd.nix b/modules/profiles/graphical/login/greetd.nix index 0cb0a1db2..fd5a5ec83 100644 --- a/modules/profiles/graphical/login/greetd.nix +++ b/modules/profiles/graphical/login/greetd.nix @@ -48,8 +48,8 @@ in }; initial_session = mkIf system.autoLogin { - user = "${system.mainUser}"; - command = "${environment.desktop}"; + user = system.mainUser; + command = environment.desktop; }; }; }; diff --git a/modules/profiles/graphical/login/pam.nix b/modules/profiles/graphical/login/pam.nix index d64ca8d2b..7867421e2 100644 --- a/modules/profiles/graphical/login/pam.nix +++ b/modules/profiles/graphical/login/pam.nix @@ -1,18 +1,22 @@ +{ lib, ... }: let - common = { - enableGnomeKeyring = true; - gnupg = { - enable = true; - noAutostart = true; - storeOnly = true; - }; - }; + inherit (lib.attrsets) genAttrs; in { # unlock GPG keyring on login - security.pam.services = { - login = common; - greetd = common; - tuigreet = common; - }; + security.pam.services = + genAttrs + [ + "login" + "greetd" + "tuigreet" + ] + (_: { + enableGnomeKeyring = true; + gnupg = { + enable = true; + noAutostart = true; + storeOnly = true; + }; + }); } diff --git a/modules/profiles/graphical/security/polkit.nix b/modules/profiles/graphical/security/polkit.nix index 472a3d5a9..3adcce257 100644 --- a/modules/profiles/graphical/security/polkit.nix +++ b/modules/profiles/graphical/security/polkit.nix @@ -8,7 +8,7 @@ let inherit (lib.modules) mkIf; in { - systemd = mkIf config.garden.system.video.enable { + systemd = mkIf (config.garden.system.video.enable && config.garden.environment.isWM) { user.services.polkit-pantheon-authentication-agent-1 = { description = "Pantheon PolicyKit agent"; serviceConfig = { diff --git a/modules/profiles/graphical/services/earlyoom.nix b/modules/profiles/graphical/services/earlyoom.nix index 7f79c4326..aa587ec34 100644 --- a/modules/profiles/graphical/services/earlyoom.nix +++ b/modules/profiles/graphical/services/earlyoom.nix @@ -2,6 +2,45 @@ let inherit (lib.modules) mkForce; inherit (builtins) concatStringsSep; + + avoid = concatStringsSep "|" [ + "(h|H)yprland" + "sway" + "Xwayland" + "cryptsetup" + "dbus-.*" + "gpg-agent" + "greetd" + "ssh-agent" + ".*qemu-system.*" + "sddm" + "sshd" + "systemd" + "systemd-.*" + "wezterm" + "kitty" + "bash" + "zsh" + "fish" + "n?vim" + "akkoma" + ]; + + prefer = concatStringsSep "|" [ + "Web Content" + "Isolated Web Co" + "firefox.*" + "chrom(e|ium).*" + "electron" + "dotnet" + ".*.exe" + "java.*" + "pipewire(.*)" + "nix" + "npm" + "node" + "pipewire(.*)" + ]; in { # https://dataswamp.org/~solene/2022-09-28-earlyoom.html @@ -13,51 +52,11 @@ in enableNotifications = true; # annoying, but we want to know what's killed freeSwapThreshold = 2; freeMemThreshold = 2; - extraArgs = - let - avoid = concatStringsSep "|" [ - "(h|H)yprland" - "sway" - "Xwayland" - "cryptsetup" - "dbus-.*" - "gpg-agent" - "greetd" - "ssh-agent" - ".*qemu-system.*" - "sddm" - "sshd" - "systemd" - "systemd-.*" - "wezterm" - "kitty" - "bash" - "zsh" - "fish" - "n?vim" - "akkoma" - ]; - prefer = concatStringsSep "|" [ - "Web Content" - "Isolated Web Co" - "firefox.*" - "chrom(e|ium).*" - "electron" - "dotnet" - ".*.exe" - "java.*" - "pipewire(.*)" - "nix" - "npm" - "node" - "pipewire(.*)" - ]; - in - [ - "-g" - "--avoid '(^|/)(${avoid})'" # things that we want to avoid killing - "--prefer '(^|/)(${prefer})'" # things we want to remove fast - ]; + extraArgs = [ + "-g" + "--avoid '(^|/)(${avoid})'" # things that we want to avoid killing + "--prefer '(^|/)(${prefer})'" # things we want to remove fast + ]; # we should ideally write the logs into a designated log file; or even better, to the journal # for now we can hope this echo sends the log to somewhere we can observe later diff --git a/modules/profiles/graphical/services/systemd.nix b/modules/profiles/graphical/services/systemd.nix index e90efd2e0..dd14e20f3 100644 --- a/modules/profiles/graphical/services/systemd.nix +++ b/modules/profiles/graphical/services/systemd.nix @@ -1,26 +1,31 @@ +{ lib, ... }: +let + inherit (lib.attrsets) genAttrs; + + extraConfig = '' + DefaultTimeoutStartSec=15s + DefaultTimeoutStopSec=15s + DefaultTimeoutAbortSec=15s + DefaultDeviceTimeoutSec=15s + ''; +in { - systemd = - let - extraConfig = '' - DefaultTimeoutStartSec=15s - DefaultTimeoutStopSec=15s - DefaultTimeoutAbortSec=15s - DefaultDeviceTimeoutSec=15s - ''; - in - { - inherit extraConfig; - user = { - inherit extraConfig; - }; + systemd = { + inherit extraConfig; + user = { inherit extraConfig; }; - services = { - "getty@tty1".enable = false; - "autovt@tty1".enable = false; - "getty@tty7".enable = false; - "autovt@tty7".enable = false; - "kmsconvt@tty1".enable = false; - "kmsconvt@tty7".enable = false; - }; - }; + services = + genAttrs + [ + "getty@tty1" + "autovt@tty1" + "getty@tty7" + "autovt@tty7" + "kmsconvt@tty1" + "kmsconvt@tty7" + ] + (_: { + enable = false; + }); + }; } diff --git a/modules/profiles/headless/fonts.nix b/modules/profiles/headless/fonts.nix index b94a35f21..5d2d310f5 100644 --- a/modules/profiles/headless/fonts.nix +++ b/modules/profiles/headless/fonts.nix @@ -1,13 +1,14 @@ { lib, ... }: let inherit (lib.modules) mkForce; + inherit (lib.attrsets) mapAttrs; in { # we don't need fonts on a server # since there are no fonts to be configured outside the console - fonts = { - packages = mkForce [ ]; - fontDir.enable = mkForce false; - fontconfig.enable = mkForce false; + fonts = mapAttrs (_: mkForce) { + packages = [ ]; + fontDir.enable = false; + fontconfig.enable = false; }; }