From 2bf8a90f29eaac7a76e5e5c1036ce8acfb0644c9 Mon Sep 17 00:00:00 2001 From: iFargle Date: Fri, 30 Jun 2023 11:39:01 +0900 Subject: [PATCH] Update --- laptop/configuration.nix | 9 +++++ laptop/dconf.nix | 8 +++++ laptop/gnome.nix | 1 - laptop/home-manager.nix | 11 ++++-- laptop/promtail.nix | 74 ++++++++++++++++++++++++++++++++++++++++ laptop/secureboot.nix | 48 ++++++++++++++++++++++++++ 6 files changed, 147 insertions(+), 4 deletions(-) create mode 100644 laptop/dconf.nix create mode 100644 laptop/promtail.nix create mode 100644 laptop/secureboot.nix diff --git a/laptop/configuration.nix b/laptop/configuration.nix index 8b38efa1..2cbe5d81 100644 --- a/laptop/configuration.nix +++ b/laptop/configuration.nix @@ -1,6 +1,12 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). + +# Nix Reference Manual: +# https://nixos.org/manual/nix/stable/ +# NixOS Packages / Options: +# https://search.nixos.org/packages? + { config, pkgs, ... }: { imports = [ @@ -11,6 +17,8 @@ ./home-manager.nix # Gnome configuration file. ./gnome.nix + # Promtail logging + ./promtail.nix ]; # Keep the system up-to-date automatically @@ -115,6 +123,7 @@ steam lutris vlc + vscodium ]; }; diff --git a/laptop/dconf.nix b/laptop/dconf.nix new file mode 100644 index 00000000..6a0f6c37 --- /dev/null +++ b/laptop/dconf.nix @@ -0,0 +1,8 @@ + dconf.settings = { + "org/gnome/calculator" = { + button-mode = "programming"; + show-thousands = true; + base = 10; + word-size = 64; + window-position = lib.hm.gvariant.mkTuple [100 100]; + }; \ No newline at end of file diff --git a/laptop/gnome.nix b/laptop/gnome.nix index 132cb19a..445f2ae8 100644 --- a/laptop/gnome.nix +++ b/laptop/gnome.nix @@ -34,5 +34,4 @@ gnomeExtensions.caffeine gnome3.gnome-tweaks ]; - } \ No newline at end of file diff --git a/laptop/home-manager.nix b/laptop/home-manager.nix index 92c14a6e..9c3b9053 100644 --- a/laptop/home-manager.nix +++ b/laptop/home-manager.nix @@ -1,4 +1,9 @@ { config, pkgs, ... }: +# Home-Manager Manual +# https://nix-community.github.io/home-manager/index.html + +# Home-Manager Options Search +# https://mipmip.github.io/home-manager-option-search/ let home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz"; in @@ -18,9 +23,9 @@ in credential.helper = "cache --timeout=25920000"; }; - # dconf settings: - - }; + # dconf settings: + # https://github.com/gvolpe/dconf2nix + }; home-manager.users.root = { diff --git a/laptop/promtail.nix b/laptop/promtail.nix new file mode 100644 index 00000000..eded85a6 --- /dev/null +++ b/laptop/promtail.nix @@ -0,0 +1,74 @@ +{ config, pkgs, ... }: { + # Promtail Logging + + # Install the package + environment.systemPackages = with pkgs; [ + promtail + ]; + + # Configure the package: + # https://mynixos.com/nixpkgs/option/services.promtail.configuration + services.promtail = { + enable = true; + configuration = { + { + "positions": { + "filename": "/tmp/positions.yaml" + }, + "clients": [ + { + "url": "https://loki.sysctl.io/loki/api/v1/push", + "basic_auth": { + "username": "loki-sa", + "password": https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes + } + } + ], + "scrape_configs": [ + { + "job_name": "system", + "static_configs": [ + { + "targets": [ + "localhost" + ], + "labels": { + "job": "varlogs", + "__path__": "/host/var/log/*.log" + } + } + ], + "pipeline_stages": [ + { + "static_labels": { + "host": "nixos-p1" + } + } + ] + }, + { + "job_name": "secure", + "static_configs": [ + { + "targets": [ + "localhost" + ], + "labels": { + "job": "varlogs", + "__path__": "/host/var/log/secure" + } + } + ], + "pipeline_stages": [ + { + "static_labels": { + "host": "nixos-p1" + } + } + ] + } + ] + } + }; + }; +} \ No newline at end of file diff --git a/laptop/secureboot.nix b/laptop/secureboot.nix new file mode 100644 index 00000000..f540c49e --- /dev/null +++ b/laptop/secureboot.nix @@ -0,0 +1,48 @@ +{ + description = "A SecureBoot-enabled NixOS configurations"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + lanzaboote = { + url = "github:nix-community/lanzaboote"; + + # Optional but recommended to limit the size of your system closure. + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, lanzaboote, ...}: { + nixosConfigurations = { + yourHost = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + # This is not a complete NixOS configuration and you need to reference + # your normal configuration here. + + lanzaboote.nixosModules.lanzaboote + + ({ pkgs, lib, ... }: { + + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }) + ]; + }; + }; + }; +} \ No newline at end of file