Remove general allowUnfree and use specific allowUnfreePredicate

That way I have an allow list instead of wildcard.
2024-03-07 10:39:13 +01:00 · 2024-03-07 10:39:13 +01:00 · 0973ee80ac
parent 561b5ace36
commit 0973ee80ac
1 changed files with 42 additions and 37 deletions
--- a/systems/hikari/configuration.nix
+++ b/systems/hikari/configuration.nix
@ -2,7 +2,7 @@
 # your system.  help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:

 {
  imports = [
@ -48,13 +48,6 @@
    extraHosts = builtins.readFile ./files/hosts;
  };

-  services.dnsmasq = {
-    enable = true;
-    settings = {
-      server = config.networking.nameservers;
-    };
-  };
-
  documentation = {
    dev.enable = false;
    doc.enable = false;
@ -88,41 +81,53 @@
    };
  };

-  # Enable the X11 windowing system.
-  services.xserver = {
-    enable = true;
-
-    # Configure keymap in X11
-    layout = "us";
-    xkbVariant = "";
-
-    # Enable the LXQT Desktop Environment.
-    desktopManager.lxqt.enable = true;
-
-    displayManager = {
-      lightdm.enable = true;
-
-      # Enable automatic login for the user.
-      autoLogin = {
+  services = {
+    # Enable the X11 windowing system.
+    xserver = {
        enable = true;
-        user = "daniels";
+
+        # Configure keymap in X11
+        xkb = {
+            layout = "us";
+            variant = "";
+        };
+
+        # Enable the LXQT Desktop Environment.
+        desktopManager.lxqt.enable = true;
+
+        displayManager = {
+        lightdm.enable = true;
+
+        # Enable automatic login for the user.
+        autoLogin = {
+            enable = true;
+            user = "daniels";
+        };
+        };
+    };
+
+    dnsmasq = {
+      enable = true;
+      settings = {
+        server = config.networking.nameservers;
      };
    };
-  };

-  # Enable CUPS to print documents.
-  services.printing.enable = false;
+    # Enable CUPS to print documents.
+    printing.enable = false;
+
+    pipewire = {
+        enable = true;
+        alsa.enable = true;
+        alsa.support32Bit = true;
+        pulse.enable = true;
+    };
+  };

  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.daniels = {
@ -135,9 +140,9 @@
    ];
  };

-  # Allow unfree packages
-  # Necessary for broadcom
-  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "broadcom-sta"
+  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget