This commit is contained in:
iFargle 2023-06-30 11:39:01 +09:00
parent c1c629ae31
commit 2bf8a90f29
6 changed files with 147 additions and 4 deletions

View file

@ -1,6 +1,12 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
# Nix Reference Manual:
# https://nixos.org/manual/nix/stable/
# NixOS Packages / Options:
# https://search.nixos.org/packages?
{ config, pkgs, ... }: { { config, pkgs, ... }: {
imports = imports =
[ [
@ -11,6 +17,8 @@
./home-manager.nix ./home-manager.nix
# Gnome configuration file. # Gnome configuration file.
./gnome.nix ./gnome.nix
# Promtail logging
./promtail.nix
]; ];
# Keep the system up-to-date automatically # Keep the system up-to-date automatically
@ -115,6 +123,7 @@
steam steam
lutris lutris
vlc vlc
vscodium
]; ];
}; };

8
laptop/dconf.nix Normal file
View file

@ -0,0 +1,8 @@
dconf.settings = {
"org/gnome/calculator" = {
button-mode = "programming";
show-thousands = true;
base = 10;
word-size = 64;
window-position = lib.hm.gvariant.mkTuple [100 100];
};

View file

@ -34,5 +34,4 @@
gnomeExtensions.caffeine gnomeExtensions.caffeine
gnome3.gnome-tweaks gnome3.gnome-tweaks
]; ];
} }

View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
# Home-Manager Manual
# https://nix-community.github.io/home-manager/index.html
# Home-Manager Options Search
# https://mipmip.github.io/home-manager-option-search/
let let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz"; home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz";
in in
@ -19,8 +24,8 @@ in
}; };
# dconf settings: # dconf settings:
# https://github.com/gvolpe/dconf2nix
};
}; };
home-manager.users.root = { home-manager.users.root = {

74
laptop/promtail.nix Normal file
View file

@ -0,0 +1,74 @@
{ config, pkgs, ... }: {
# Promtail Logging
# Install the package
environment.systemPackages = with pkgs; [
promtail
];
# Configure the package:
# https://mynixos.com/nixpkgs/option/services.promtail.configuration
services.promtail = {
enable = true;
configuration = {
{
"positions": {
"filename": "/tmp/positions.yaml"
},
"clients": [
{
"url": "https://loki.sysctl.io/loki/api/v1/push",
"basic_auth": {
"username": "loki-sa",
"password": https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes
}
}
],
"scrape_configs": [
{
"job_name": "system",
"static_configs": [
{
"targets": [
"localhost"
],
"labels": {
"job": "varlogs",
"__path__": "/host/var/log/*.log"
}
}
],
"pipeline_stages": [
{
"static_labels": {
"host": "nixos-p1"
}
}
]
},
{
"job_name": "secure",
"static_configs": [
{
"targets": [
"localhost"
],
"labels": {
"job": "varlogs",
"__path__": "/host/var/log/secure"
}
}
],
"pipeline_stages": [
{
"static_labels": {
"host": "nixos-p1"
}
}
]
}
]
}
};
};
}

48
laptop/secureboot.nix Normal file
View file

@ -0,0 +1,48 @@
{
description = "A SecureBoot-enabled NixOS configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, lanzaboote, ...}: {
nixosConfigurations = {
yourHost = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
# This is not a complete NixOS configuration and you need to reference
# your normal configuration here.
lanzaboote.nixosModules.lanzaboote
({ pkgs, lib, ... }: {
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
})
];
};
};
};
}