lyrathorpe/nixfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(nixos): extract shared modules, enable firewall, pin nixpkgs url

Browse Source 
- Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every
  NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall)
  imported by X1 and MBP. Strip the nixos-generate-config boilerplate from
  both machine configs and reduce them to host-specific settings.
- Enable the firewall on the laptops (was disabled); X1 opens 22 next to
  its sshd.
- Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency;
  lock rev unchanged (still b51242d).
- Drop unused module arguments.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
2026-06-04 13:34:44 +00:00
parent f42b134ab1
commit 85139ddfb1
8 changed files with 68 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files
system/modules/common-nixos.nix
+15
View File
@@ -0,0 +1,15 @@
# Options shared by every NixOS host (laptops and the WSL box). Imported via
# baseModules in flake.nix. Host- and platform-specific settings stay in the
# per-machine configs; laptop-only settings live in ./laptop.nix.
{ pkgs, ... }:
{
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
# Minimal system-level CLI available before the home-manager profile loads
# (e.g. early boot / rescue). User-level tooling lives in home-manager.
environment.systemPackages = with pkgs; [
git
fastfetch
];
}
system/modules/laptop.nix
+21
View File
@@ -0,0 +1,21 @@
# Shared configuration for the physical NixOS laptops (X1, MBP-Asahi). Imported
# from the host table in flake.nix. Platform-specific bits (bootloader EFI var
# touching, firmware, audio, hostname, sshd) stay in the per-machine configs.
{ ... }:
{
boot.loader.systemd-boot.enable = true;
features.swayDesktop.enable = true;
console.keyMap = "dvorak";
# Wi-Fi via iwd with its built-in DHCP/network configuration.
networking.wireless.iwd = {
enable = true;
settings.General.EnableNetworkConfiguration = true;
};
# Default-deny inbound. Hosts that run a listening service open their own
# ports next to where the service is enabled (e.g. sshd -> 22 on X1).
networking.firewall.enable = true;
}
system/modules/work/default.nix
+1 -7
View File
@@ -1,10 +1,4 @@
{
config,
pkgs,
inputs,
lib,
...
}:
{ pkgs, ... }:
{
programs.git = {