Squash bugs and make aspi config work

2025-04-23 09:59:02 +02:00
parent 532bbe8675
commit 7db055ca27
27 changed files with 163 additions and 152 deletions
--- a/hosts/common/global/default.nix
+++ b/hosts/common/global/default.nix
@ -11,7 +11,6 @@
      ./fish.nix # fish for admin
      ./locale.nix
      ./nix.nix
-      ./openssh.nix
      ./podman.nix
      ./sops.nix
      ./xserver.nix
@ -26,43 +25,4 @@
    inherit inputs outputs;
  };

-  # Apply overlays
-  nixpkgs = {
-    overlays = builtins.attrValues outputs.overlays;
-    config = {
-      allowUnfree = true;
-    };
-  };
-
-  nix.settings.auto-optimise-store = true;
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  # Setup binary caches
-  nix.settings = {
-    substituters = [
-      "https://nix-community.cachix.org"
-      "https://cache.nixos.org/"
-      "https://hyprland.cachix.org"
-      "http://binarycache.julian-mutter.de"
-    ];
-    trusted-public-keys = [
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
-    ];
-
-    trusted-users = [ "@wheel" ]; # needed for devenv to add custom caches
-  };
-
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
-  };
-
-  programs.nix-ld.enable = true;
-
 }
--- a/hosts/common/global/locale.nix
+++ b/hosts/common/global/locale.nix
@ -19,6 +19,4 @@
    layout = "de";
    variant = "";
  };
-  # Configure console keymap
-  console.keyMap = "de";
 }
--- a/hosts/common/global/nix.nix
+++ b/hosts/common/global/nix.nix
@ -1,8 +1,23 @@
 {
  lib,
+  outputs,
  ...
 }:
 {
+
+  # Apply overlays
+  nixpkgs = {
+    # TODO: apply this to hm and nixos without duplicate code
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = _: true; # TODO: what is this
+      permittedInsecurePackages = [
+        "olm-3.2.16"
+      ];
+    };
+  };
+
  nix.settings.auto-optimise-store = lib.mkDefault true;
  nix.settings.experimental-features = [
    "nix-command"
--- a/hosts/common/global/openssh.nix
+++ b/hosts/common/global/openssh.nix
@ -1,52 +0,0 @@
-{
-  outputs,
-  lib,
-  config,
-  ...
-}:
-let
-  hosts = lib.attrNames outputs.nixosConfigurations;
-in
-{
-  services.openssh = {
-    enable = true;
-    settings = {
-      # Harden
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-
-      # TODO: what does this d
-      # Let WAYLAND_DISPLAY be forwarded
-      AcceptEnv = "WAYLAND_DISPLAY";
-      X11Forwarding = true;
-    };
-
-    hostKeys = [
-      {
-        path = "/etc/ssh/ssh_host_ed25519_key";
-        type = "ed25519";
-      }
-    ];
-  };
-
-  # TODO: is automatic known hosts file even necessary?
-  # programs.ssh = {
-  #   # Each hosts public key
-  #   knownHosts = lib.genAttrs hosts (hostname: {
-  #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
-  #     extraHostNames =
-  #       [
-  #         "${hostname}.m7.rs"
-  #       ]
-  #       ++
-  #         # Alias for localhost if it's the same host
-  #         (lib.optional (hostname == config.networking.hostName) "localhost")
-  #       # Alias to m7.rs and git.m7.rs if it's alcyone
-  #       ++ (lib.optionals (hostname == "alcyone") [
-  #         "m7.rs"
-  #         "git.m7.rs"
-  #       ]);
-  #   });
-  # };
-
-}