Emma Thorpe
85139ddfb1
- Add common-nixos.nix (timezone, locale, git/fastfetch) imported by every NixOS host, and laptop.nix (systemd-boot, sway, dvorak, iwd, firewall) imported by X1 and MBP. Strip the nixos-generate-config boilerplate from both machine configs and reduce them to host-specific settings. - Enable the firewall on the laptops (was disabled); X1 opens 22 next to its sshd. - Pin nixpkgs input to github:nixos/nixpkgs/nixos-26.05 for consistency; lock rev unchanged (still b51242d). - Drop unused module arguments. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
34 lines
894 B
Nix
34 lines
894 B
Nix
# ThinkPad X1 (NixOS). Shared laptop options live in ../../modules/laptop.nix;
|
|
# only host-specific settings are here.
|
|
{ ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "X1-NixOS";
|
|
networking.domain = "client.cbg.emmaisvery.gay";
|
|
|
|
console.font = "Lat2-Terminus16";
|
|
|
|
services.pipewire = {
|
|
enable = true;
|
|
pulse.enable = true;
|
|
};
|
|
|
|
# This host accepts SSH, so open 22 (the firewall itself is enabled in
|
|
# laptop.nix with a default-deny policy).
|
|
services.openssh.enable = true;
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
|
|
# Fingerprint reader: allow swaylock to authenticate via fprintd.
|
|
services.fprintd.enable = true;
|
|
security.pam.services.swaylock.fprintAuth = true;
|
|
|
|
# See `man configuration.nix` / the stateVersion docs before changing.
|
|
system.stateVersion = "24.11";
|
|
}
|