From 0141332392cbba74ab086e08ddf7aad8533c193a Mon Sep 17 00:00:00 2001 From: iFargle Date: Wed, 12 Jul 2023 15:08:57 +0900 Subject: [PATCH] rearrange things --- README.md | 12 +- configuration.nix | 6 +- desktops/common.nix | 5 - flake.lock | 296 ------------------ {common/dotfiles => home-manager}/bash.nix | 1 + {common/dotfiles => home-manager}/firefox.nix | 0 {common/dotfiles => home-manager}/git.nix | 0 {common/dotfiles => home-manager}/neovim.nix | 0 hosts/nixos-laptop/configuration.nix | 5 +- services/openssh.nix | 4 +- services/telegraf.nix | 1 - users/albert/gnome-dconf.nix | 132 +------- users/albert/home.nix | 10 +- users/root/home.nix | 6 +- 14 files changed, 29 insertions(+), 449 deletions(-) delete mode 100644 flake.lock rename {common/dotfiles => home-manager}/bash.nix (97%) rename {common/dotfiles => home-manager}/firefox.nix (100%) rename {common/dotfiles => home-manager}/git.nix (100%) rename {common/dotfiles => home-manager}/neovim.nix (100%) diff --git a/README.md b/README.md index 3986e1c8..0d5f837f 100644 --- a/README.md +++ b/README.md @@ -30,4 +30,14 @@ Repo for nix configuration files 1. To edit a file: cd to `/path/to/nix-files/` and run: * `nix-shell -p sops --run "sops secrets/secret_file.yml` * New shell alias: `sops secrets/secret_file.yml` -2. Ensure your GPG keys are set up. \ No newline at end of file +2. Ensure your GPG keys are set up. + +# Lanzaboote / SecureBoot +* Instructions here - [Link](https://git.sysctl.io/Mirrors/lanzaboote/src/branch/master/docs/QUICK_START.md) +1. Create your keys: `sbctl create-keys` +2. Verify your machine is ready for SecureBoot: `sbctl verify` - Everything except `*-bzImage.efi` are signed +3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10) + * Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit +4. Enroll the keys: `sbctl enroll-keys --microsoft` + * If you wish, you acan select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild) +5. Reboot and verify you are activated: `bootctl status` \ No newline at end of file diff --git a/configuration.nix b/configuration.nix index 68208f20..6ec8f6b2 100644 --- a/configuration.nix +++ b/configuration.nix @@ -18,9 +18,6 @@ ./services/telegraf.nix ]; - # Define the default sops file: - sops.defaultSopsFile = ./secrets/secrets.yaml; - # Keep the system up-to-date automatically system = { autoUpgrade = { @@ -112,6 +109,9 @@ neofetch gnupg fail2ban + + # nvtop for use with nvidia cards + nvtop-nvidia ]; # Enable various system services diff --git a/desktops/common.nix b/desktops/common.nix index 1788fcb9..5b0dfe16 100644 --- a/desktops/common.nix +++ b/desktops/common.nix @@ -7,7 +7,6 @@ steam lutris vlc - vscodium ]; }; @@ -32,10 +31,6 @@ enable = true; layout = "us"; xkbVariant = ""; - # libinput = { - # enable = true; - # touchpad.tapping = true; - # }; # Enable nVidia drivers videoDrivers = [ "nvidia" ]; diff --git a/flake.lock b/flake.lock deleted file mode 100644 index cf009b8f..00000000 --- a/flake.lock +++ /dev/null @@ -1,296 +0,0 @@ -{ - "nodes": { - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1683560683, - "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "006c75898cf814ef9497252b022e91c946ba8e17", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "stable-nixpkgs" - ] - }, - "locked": { - "lastModified": 1687871164, - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-23.05", - "repo": "home-manager", - "type": "github" - } - }, - "lanzaboote": { - "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "nixpkgs": [ - "stable-nixpkgs" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix" - }, - "locked": { - "lastModified": 1687124707, - "narHash": "sha256-BEC2y7zwDI/Saeupr9rijLvwb0OoqTD9vntlcyciyrM=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "c758cdad465e0c8174db57dc493f51a89f0e3372", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lanzaboote", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1688188316, - "narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8277b539d371bf4308fc5097911aa58bfac1794f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1678872516, - "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1688256355, - "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nur": { - "locked": { - "lastModified": 1688272984, - "narHash": "sha256-RzQzZ4msqK2ECgJn0fqgujhoPJvAy8LsbGfv3KByf1U=", - "owner": "nix-community", - "repo": "NUR", - "rev": "c2acdb273bef64edc5f786c53381f736690b6fbf", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1684842236, - "narHash": "sha256-rYWsIXHvNhVQ15RQlBUv67W3YnM+Pd+DuXGMvCBq2IE=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "61e567d6497bc9556f391faebe5e410e6623217f", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "root": { - "inputs": { - "home-manager": "home-manager", - "lanzaboote": "lanzaboote", - "nur": "nur", - "sops-nix": "sops-nix", - "stable-nixpkgs": "stable-nixpkgs", - "unstable-nixpkgs": "unstable-nixpkgs" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1688268466, - "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "stable-nixpkgs": { - "locked": { - "lastModified": 1688109178, - "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "unstable-nixpkgs": { - "locked": { - "lastModified": 1688231357, - "narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "645ff62e09d294a30de823cb568e9c6d68e92606", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/common/dotfiles/bash.nix b/home-manager/bash.nix similarity index 97% rename from common/dotfiles/bash.nix rename to home-manager/bash.nix index 98bbf539..a3d86a89 100644 --- a/common/dotfiles/bash.nix +++ b/home-manager/bash.nix @@ -27,6 +27,7 @@ # nVidia prime selector alias: prime-select = "nvidia-offload"; + XDG_DATA_HOME="$HOME/.local/share" # docker d = "docker"; diff --git a/common/dotfiles/firefox.nix b/home-manager/firefox.nix similarity index 100% rename from common/dotfiles/firefox.nix rename to home-manager/firefox.nix diff --git a/common/dotfiles/git.nix b/home-manager/git.nix similarity index 100% rename from common/dotfiles/git.nix rename to home-manager/git.nix diff --git a/common/dotfiles/neovim.nix b/home-manager/neovim.nix similarity index 100% rename from common/dotfiles/neovim.nix rename to home-manager/neovim.nix diff --git a/hosts/nixos-laptop/configuration.nix b/hosts/nixos-laptop/configuration.nix index e372b2a7..b7900cdd 100644 --- a/hosts/nixos-laptop/configuration.nix +++ b/hosts/nixos-laptop/configuration.nix @@ -43,14 +43,13 @@ }; }; - # Fingerprint software environment.systemPackages = with pkgs; [ + # Fingerprint software fprintd - nvtop-nvidia ]; imports = [ # Modules ../../modules/powertop.nix ]; -} \ No newline at end of file + diff --git a/services/openssh.nix b/services/openssh.nix index 6dcadb2e..8aa6030e 100644 --- a/services/openssh.nix +++ b/services/openssh.nix @@ -1,6 +1,7 @@ -{ config, pkgs, ... }: { +{ config, pkgs, hostname, ... }: { services.openssh = { enable = true; + # Defaults to true -- I don't like it when services default to true for opening firewalls. openFirewall = false; settings = { LogLevel = "VERBOSE"; # Used for fail2ban monitoring @@ -9,6 +10,7 @@ }; banner = '' -- + Welcome to ${hostname} You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. diff --git a/services/telegraf.nix b/services/telegraf.nix index ec5c1f6d..95e5860b 100644 --- a/services/telegraf.nix +++ b/services/telegraf.nix @@ -13,7 +13,6 @@ lm_sensors telegraf smartmontools - fail2ban ]; # Allow telegraf to talk to other executables it requires: diff --git a/users/albert/gnome-dconf.nix b/users/albert/gnome-dconf.nix index 7ef19511..dce8f64b 100644 --- a/users/albert/gnome-dconf.nix +++ b/users/albert/gnome-dconf.nix @@ -9,16 +9,6 @@ with lib.hm.gvariant; keyrings-selected = [ "openssh:///home/albert/.ssh" ]; }; - "apps/seahorse/windows/key-manager" = { - height = 476; - width = 600; - }; - - "org/gnome/Console" = { - last-window-size = mkTuple [ 824 754 ]; - theme = "dark"; - }; - "org/gnome/GWeather4" = { temperature-unit = "centigrade"; }; @@ -37,11 +27,6 @@ with lib.hm.gvariant; size = mkTuple [ 870 690 ]; }; - "org/gnome/control-center" = { - last-panel = "display"; - window-state = mkTuple [ 980 640 ]; - }; - "org/gnome/desktop/app-folders" = { folder-children = [ "Utilities" "YaST" ]; }; @@ -72,11 +57,6 @@ with lib.hm.gvariant; show-weekdate = false; }; - "org/gnome/desktop/input-sources" = { - sources = [ (mkTuple [ "xkb" "us" ]) ]; - xkb-options = [ "terminate:ctrl_alt_bksp" ]; - }; - "org/gnome/desktop/interface" = { clock-show-date = true; clock-show-weekday = false; @@ -89,20 +69,7 @@ with lib.hm.gvariant; }; "org/gnome/desktop/notifications" = { - application-children = [ "gnome-power-panel" "bitwarden" "firefox" ]; - show-banners = false; - }; - - "org/gnome/desktop/notifications/application/bitwarden" = { - application-id = "bitwarden.desktop"; - }; - - "org/gnome/desktop/notifications/application/firefox" = { - application-id = "firefox.desktop"; - }; - - "org/gnome/desktop/notifications/application/gnome-power-panel" = { - application-id = "gnome-power-panel.desktop"; + show-banners = true; }; "org/gnome/desktop/peripherals/touchpad" = { @@ -110,65 +77,14 @@ with lib.hm.gvariant; two-finger-scrolling-enabled = true; }; - "org/gnome/desktop/screensaver" = { - color-shading-type = "solid"; - picture-options = "zoom"; - primary-color = "#3a4ba0"; - secondary-color = "#2f302f"; - }; - - "org/gnome/desktop/wm/keybindings" = { - maximize = []; - unmaximize = []; - }; - "org/gnome/desktop/wm/preferences" = { button-layout = "appmenu:minimize,maximize,close"; }; - "org/gnome/evolution-data-server" = { - migrated = true; - }; - - "org/gnome/gnome-system-monitor" = { - # This breaks dconf.nix import for some reason.. - # cpu-colors = [ (mkTuple [ mkUint32 0 "#e6194B" ]) (mkTuple [ 1 "#f58231" ]) (mkTuple [ 2 "#ffe119" ]) (mkTuple [ 3 "#bfef45" ]) (mkTuple [ 4 "#3cb44b" ]) (mkTuple [ 5 "#42d4f4" ]) (mkTuple [ 6 "#4363d8" ]) (mkTuple [ 7 "#911eb4" ]) (mkTuple [ 8 "#f032e6" ]) (mkTuple [ 9 "#fabebe" ]) (mkTuple [ 10 "#ffd8b1" ]) (mkTuple [ 11 "#fffac8" ]) (mkTuple [ 12 "#aaffc3" ]) (mkTuple [ 13 "#469990" ]) (mkTuple [ 14 "#000075" ]) (mkTuple [ 15 "#e6beff" ]) (mkTuple [ 16 "#d4867999f332" ]) (mkTuple [ 17 "#7999f332b10b" ]) (mkTuple [ 18 "#f3328d907999" ]) (mkTuple [ 19 "#7999891df332" ]) ]; - current-tab = "disks"; - maximized = false; - network-total-in-bits = false; - show-dependencies = false; - show-whose-processes = "user"; - window-state = mkTuple [ 850 649 ]; - }; - - "org/gnome/gnome-system-monitor/disktreenew" = { - col-6-visible = true; - col-6-width = 0; - }; - "org/gnome/mutter" = { edge-tiling = false; }; - "org/gnome/mutter/keybindings" = { - toggle-tiled-left = []; - toggle-tiled-right = []; - }; - - "org/gnome/nautilus/preferences" = { - default-folder-viewer = "icon-view"; - migrated-gtk-settings = true; - search-filter-time-type = "last_modified"; - }; - - "org/gnome/nautilus/window-state" = { - initial-size = mkTuple [ 986 674 ]; - }; - - "org/gnome/photos" = { - window-maximized = true; - }; - "org/gnome/settings-daemon/plugins/color" = { night-light-enabled = true; night-light-temperature = mkUint32 3418; @@ -176,7 +92,6 @@ with lib.hm.gvariant; "org/gnome/shell" = { app-picker-layout = "[{'org.gnome.Extensions.desktop': <{'position': <0>}>, 'htop.desktop': <{'position': <1>}>, 'nixos-manual.desktop': <{'position': <2>}>, 'nvidia-settings.desktop': <{'position': <3>}>, 'vlc.desktop': <{'position': <4>}>, 'xterm.desktop': <{'position': <5>}>, 'org.gnome.Settings.desktop': <{'position': <6>}>, 'org.gnome.Calculator.desktop': <{'position': <7>}>, 'org.gnome.clocks.desktop': <{'position': <8>}>, 'org.gnome.Contacts.desktop': <{'position': <9>}>, 'simple-scan.desktop': <{'position': <10>}>, 'yelp.desktop': <{'position': <11>}>, 'org.gnome.Calendar.desktop': <{'position': <12>}>, 'gnome-system-monitor.desktop': <{'position': <13>}>, 'org.gnome.TextEditor.desktop': <{'position': <14>}>, 'Utilities': <{'position': <15>}>, 'org.gnome.Weather.desktop': <{'position': <16>}>, 'org.gnome.Photos.desktop': <{'position': <17>}>}]"; - command-history = [ "restart gnome-shell" "restart" "gnome-shell -r" "r" ]; disable-user-extensions = false; disabled-extensions = [ "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ]; enabled-extensions = [ "blur-my-shell@aunetx" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "user-theme@gnome-shell-extensions.gcampax.github.com" "Vitals@CoreCoding.com" "tiling-assistant@leleat-on-github" "hibernate-status@dromi" "nightthemeswitcher@romainvigier.fr" ]; @@ -234,51 +149,6 @@ with lib.hm.gvariant; sunset = 19.0; }; - "org/gnome/shell/extensions/tiling-assistant" = { - activate-layout0 = []; - activate-layout1 = []; - activate-layout2 = []; - activate-layout3 = []; - active-window-hint = 1; - active-window-hint-color = "rgb(53,132,228)"; - auto-tile = []; - center-window = []; - debugging-free-rects = []; - debugging-show-tiled-rects = []; - default-move-mode = 0; - dynamic-keybinding-behavior = 0; - enable-raise-tile-group = false; - import-layout-examples = false; - last-version-installed = 41; - overridden-settings = "{'org.gnome.mutter.edge-tiling': }"; - restore-window = [ "Down" ]; - search-popup-layout = []; - single-screen-gap = 20; - tile-bottom-half = [ "KP_2" ]; - tile-bottom-half-ignore-ta = []; - tile-bottomleft-quarter = [ "KP_1" ]; - tile-bottomleft-quarter-ignore-ta = []; - tile-bottomright-quarter = [ "KP_3" ]; - tile-bottomright-quarter-ignore-ta = []; - tile-edit-mode = [ "t" ]; - tile-left-half = [ "Left" "KP_4" ]; - tile-left-half-ignore-ta = []; - tile-maximize = [ "Up" "KP_5" ]; - tile-maximize-horizontally = []; - tile-maximize-vertically = []; - tile-right-half = [ "Right" "KP_6" ]; - tile-right-half-ignore-ta = []; - tile-top-half = [ "KP_8" ]; - tile-top-half-ignore-ta = []; - tile-topleft-quarter = [ "KP_7" ]; - tile-topleft-quarter-ignore-ta = []; - tile-topright-quarter = [ "KP_9" ]; - tile-topright-quarter-ignore-ta = []; - toggle-always-on-top = []; - toggle-tiling-popup = []; - window-gap = 20; - }; - "org/gnome/shell/extensions/user-theme" = { name = "vimix-dark-doder"; }; diff --git a/users/albert/home.nix b/users/albert/home.nix index 83a576b5..e394b854 100644 --- a/users/albert/home.nix +++ b/users/albert/home.nix @@ -1,10 +1,10 @@ { config, pkgs, ... }: { home.stateVersion = "23.05"; imports = [ - ./gnome-dconf.nix - ../../common/dotfiles/git.nix - ../../common/dotfiles/neovim.nix - ../../common/dotfiles/bash.nix - ../../common/dotfiles/firefox.nix + ./gnome-dconf.nix + ../../home-manager/git.nix + ../../home-manager/neovim.nix + ../../home-manager/bash.nix + ../../home-manager/firefox.nix ]; } \ No newline at end of file diff --git a/users/root/home.nix b/users/root/home.nix index c6d1f604..93a3033d 100644 --- a/users/root/home.nix +++ b/users/root/home.nix @@ -1,8 +1,8 @@ { config, pkgs, ... }: { home.stateVersion = "23.05"; imports = [ - ../../common/dotfiles/git.nix - ../../common/dotfiles/neovim.nix - ../../common/dotfiles/bash.nix + ../../home-manager/git.nix + ../../home-manager/neovim.nix + ../../home-manager/bash.nix ]; } \ No newline at end of file