lyrathorpe/nixfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(nixos): extract shared modules, enable firewall, pin nixpkgs url

Browse Source 
- Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every
  NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall)
  imported by X1 and MBP. Strip the nixos-generate-config boilerplate from
  both machine configs and reduce them to host-specific settings.
- Enable the firewall on the laptops (was disabled); X1 opens 22 next to
  its sshd.
- Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency;
  lock rev unchanged (still b51242d).
- Drop unused module arguments.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
2026-06-04 13:34:44 +00:00
parent f42b134ab1
commit 85139ddfb1
8 changed files with 68 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files
system/modules/laptop.nix
+21
View File
@@ -0,0 +1,21 @@
# Shared configuration for the physical NixOS laptops (X1, MBP-Asahi). Imported
# from the host table in flake.nix. Platform-specific bits (bootloader EFI var
# touching, firmware, audio, hostname, sshd) stay in the per-machine configs.
{ ... }:
{
boot.loader.systemd-boot.enable = true;
features.swayDesktop.enable = true;
console.keyMap = "dvorak";
# Wi-Fi via iwd with its built-in DHCP/network configuration.
networking.wireless.iwd = {
enable = true;
settings.General.EnableNetworkConfiguration = true;
};
# Default-deny inbound. Hosts that run a listening service open their own
# ports next to where the service is enabled (e.g. sshd -> 22 on X1).
networking.firewall.enable = true;
}