refactor to disable many things by default

1 files changed, 46 insertions, 39 deletions

diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix
index 3558a99..0b2bdbc 100644
--- a/nixos/kusanagi.nix
+++ b/nixos/kusanagi.nix
@@ -21,8 +21,6 @@ in
       (modulesPath + "/installer/scan/not-detected.nix")
       ./common.nix
       ./sway.nix
-      ./wayfire.nix
-      ./local.nix
       (import "${home-manager}/nixos")
     ];
 
@@ -107,7 +105,6 @@ in
   users.mutableUsers = false;
   users.users.lx.hashedPasswordFile = "/Z/lx/.password";
   users.users.lx.uid = 1000;
-  users.users.lx.extraGroups = [ "vboxusers" "docker" ];
 
   # ---- no persistent home, use home manager to set everything up ----
 
@@ -131,47 +128,57 @@ in
     Option "TearFree" "true"
   '';
 
-  # ---- printing ----
-
-  services.printing.enable = true;
-  services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
-  services.avahi.enable = true;
-  services.avahi.nssmdns = true;
-  services.avahi.openFirewall = true;
-
-  # ---- other
-
-  virtualisation.docker.enable = true;
-  virtualisation.virtualbox.host.enable = true;
-
-  # ---- remote backup (restic to infracoll)
+  # ---- specialization with extra stuff
 
-  services.restic.backups."infracoll" = {
-    repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
-    environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
-    passwordFile = "/persist/etc/secrets/restic/infracoll/password";
-    paths = [
-      "/persist"
-      "/Z/lx"
-    ];
-    exclude = [
-      "/persist/var/log"
+  specialisation."extra".configuration = { pkgs, ...}: {
+    imports = [
+      ./common2.nix
+      ./wayfire.nix
     ];
-    timerConfig = {
-      OnCalendar = "Fri, 8:00";
-      Persistent = true;
+
+    # ---- printing ----
+
+    services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
+
+    services.avahi.enable = true;
+    services.avahi.nssmdns = true;
+    services.avahi.openFirewall = true;
+
+    # ---- tor paths ----
+
+    services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth";
+    systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ];
+
+    # ---- remote backup (restic to infracoll)
+    # requires tailscale so not enabled in default specialisation
+
+    services.restic.backups."infracoll" = {
+      repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
+      environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
+      passwordFile = "/persist/etc/secrets/restic/infracoll/password";
+      paths = [
+        "/persist"
+        "/Z/lx"
+      ];
+      exclude = [
+        "/persist/var/log"
+      ];
+      timerConfig = {
+        OnCalendar = "Fri, 8:00";
+        Persistent = true;
+      };
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+        "--keep-yearly 75"
+      ];
     };
-    pruneOpts = [
-      "--keep-daily 7"
-      "--keep-weekly 5"
-      "--keep-monthly 12"
-      "--keep-yearly 75"
-    ];
   };
 
   # ----
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  nixpkgs.hostPlatform =  "x86_64-linux";
+  powerManagement.cpuFreqGovernor = "powersave";
+  hardware.cpu.intel.updateMicrocode = true;
 }