112 lines
2 KiB
Nix
112 lines
2 KiB
Nix
{
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
options.dendritic.roles = lib.mkOption {
|
|
type = lib.types.attrsOf (
|
|
lib.types.submodule (
|
|
{ ... }:
|
|
{
|
|
options = {
|
|
roles = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
};
|
|
|
|
features = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
};
|
|
};
|
|
}
|
|
)
|
|
);
|
|
default = { };
|
|
};
|
|
|
|
config.dendritic.roles = {
|
|
core-user.features = [
|
|
"shell"
|
|
"nh"
|
|
"system-nix"
|
|
];
|
|
|
|
security-baseline.features = [
|
|
"security-kernel-hardened"
|
|
"system-services"
|
|
"security-systemd"
|
|
"security-sysctl"
|
|
"security-firewall"
|
|
"security-auditd"
|
|
"security-malware-clamav"
|
|
"ntp-chrony"
|
|
"security-usbguard"
|
|
];
|
|
|
|
desktop-wayland.features = [
|
|
"browser-brave"
|
|
"wm-niri"
|
|
"terminal-ghostty"
|
|
"audio"
|
|
"bluetooth"
|
|
"gnupg-agent"
|
|
"wayland"
|
|
"proton"
|
|
"earlyoom"
|
|
"dolphin"
|
|
"pass"
|
|
"zk"
|
|
"gui-programs"
|
|
"steam"
|
|
];
|
|
|
|
laptop.features = [
|
|
"hardware-laptop"
|
|
"security-systemd-bluetooth"
|
|
];
|
|
|
|
server.roles = [
|
|
"security-baseline"
|
|
"security-sysctl-strict"
|
|
];
|
|
|
|
server.features = [
|
|
"security-ssh-hardening"
|
|
"security-firewall-nftables"
|
|
"ops-server-base"
|
|
];
|
|
|
|
developer.features = [
|
|
"jujutsu"
|
|
"developer-cli"
|
|
"cli-programs"
|
|
"editor-neovim"
|
|
"containers-podman"
|
|
"ops-k8s"
|
|
"virtualization-libvirt"
|
|
"security-sudo-rs"
|
|
"security-ssh-client"
|
|
"dev-devenv"
|
|
];
|
|
|
|
secrets-managed.features = [
|
|
"secrets-system-sops"
|
|
"secrets-home-sops"
|
|
];
|
|
|
|
theme-stylix.features = [
|
|
"theme-system-stylix"
|
|
"theme-home-stylix"
|
|
];
|
|
|
|
workstation.roles = [
|
|
"core-user"
|
|
"security-baseline"
|
|
"desktop-wayland"
|
|
"developer"
|
|
"secrets-managed"
|
|
"theme-stylix"
|
|
];
|
|
};
|
|
}
|