nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Packages Projects Releases Wiki Activity

Init yoga with secure boot

Browse source
This commit is contained in:
Natsu Kagami 2023-08-30 23:53:14 +02:00
parent 26f6f84daf
commit 1cd5c82dc5
Signed by: nki
GPG key ID: 55A032EB38B49ADB
7 changed files with 437 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

251
flake.lock
View file

@ -92,6 +92,39 @@
"type": "github"
}
},
"crane_3": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"rust-overlay": [
"lanzaboote",
"rust-overlay"
]
},
"locked": {
"lastModified": 1681177078,
"narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -223,6 +256,22 @@
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -237,7 +286,7 @@
"type": "github"
}
},
"flake-compat_5": {
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -274,6 +323,27 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@ -341,12 +411,15 @@
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
@ -357,11 +430,11 @@
},
"flake-utils_6": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
@ -385,6 +458,43 @@
"type": "github"
}
},
"flake-utils_8": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
@ -454,9 +564,36 @@
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane_3",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1682802423,
"narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "64b903ca87d18cef2752c19c098af275c6e51d63",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.3.0",
"repo": "lanzaboote",
"type": "github"
}
},
"mpd-mpris": {
"inputs": {
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs"
]
@ -520,11 +657,11 @@
},
"nixos-m1": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_3"
"rust-overlay": "rust-overlay_4"
},
"locked": {
"lastModified": 1693064156,
@ -556,6 +693,22 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1691464053,
@ -683,6 +836,37 @@
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1681413034,
"narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"rnix-lsp": {
"inputs": {
"naersk": "naersk",
@ -715,6 +899,7 @@
"home-manager": "home-manager",
"kak-lsp": "kak-lsp",
"kakoune": "kakoune",
"lanzaboote": "lanzaboote",
"mpd-mpris": "mpd-mpris",
"nixos-m1": "nixos-m1",
"nixpkgs": "nixpkgs_5",
@ -797,6 +982,31 @@
}
},
"rust-overlay_3": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682129965,
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2c417c0460b788328220120c698630947547ee83",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"flake": false,
"locked": {
"lastModified": 1686795910,
@ -814,7 +1024,7 @@
},
"secrets": {
"inputs": {
"flake-utils": "flake-utils_6"
"flake-utils": "flake-utils_7"
},
"locked": {
"lastModified": 1686133200,
@ -855,7 +1065,7 @@
},
"swayfx": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"nixpkgs": [
"nixpkgs"
]
@ -904,6 +1114,21 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
@ -936,7 +1161,7 @@
},
"youmubot": {
"inputs": {
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_8",
"naersk": "naersk_2",
"nixpkgs": "nixpkgs_7"
},

43
flake.nix
View file

@ -14,6 +14,12 @@
deploy-rs.url = "github:Serokell/deploy-rs";
nur.url = "github:nix-community/NUR";
# --- Secure boot
lanzaboote = {
url = github:nix-community/lanzaboote/v0.3.0;
inputs.nixpkgs.follows = "nixpkgs";
};
# --- Build tools
flake-utils.url = github:numtide/flake-utils;
crane.url = github:ipetkov/crane;
@ -137,20 +143,29 @@
}
];
};
# x1c1 configuration
# nixosConfigurations."nki-x1c1" = nixpkgs.lib.nixosSystem rec {
# system = "x86_64-linux";
# modules = [
# (common-nixos nixpkgs)
# ./nki-x1c1/configuration.nix
# home-manager.nixosModules.home-manager
# {
# home-manager.useGlobalPkgs = true;
# home-manager.useUserPackages = true;
# home-manager.users.nki = import ./home/nki-x1c1.nix;
# }
# ];
# };
# yoga g8 configuration
nixosConfigurations."nki-yoga-g8" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
(common-nixos nixpkgs)
inputs.lanzaboote.nixosModules.lanzaboote
({ ... }: {
# Sets up secure boot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
})
./nki-yoga-g8/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.nki = import ./home/nki-x1c1.nix;
}
];
};
# macbook nixos
nixosConfigurations."kagami-air-m1" = inputs.nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";

19
home/modules/linux/graphical/default.nix
View file

@ -25,6 +25,11 @@ in
description = "List of packages to include in ~/.config/autostart";
default = [ ];
};
defaults.webBrowser = mkOption {
type = types.str;
default = "firefox.desktop";
description = "Desktop file of the default web browser";
};
};
config = mkIf (cfg.type != null) {
# Packages
@ -81,13 +86,13 @@ in
"x-scheme-handler/mailto" = [ "org.gnome.Evolution.desktop" ];
# Default web browser stuff
"text/html" = [ "firefox.desktop" ];
"x-scheme-handler/about" = [ "firefox.desktop" ];
"x-scheme-handler/unknown" = [ "firefox.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/ftp" = [ "firefox.desktop" ];
"x-scheme-handler/ftps" = [ "firefox.desktop" ];
"text/html" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/about" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/unknown" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/http" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/https" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/ftp" = [ cfg.defaults.webBrowser ];
"x-scheme-handler/ftps" = [ cfg.defaults.webBrowser ];
# Torrent
"application/x-bittorrent" = [ "deluge.desktop" ];

24
home/nki-x1c1.nix
View file

@ -31,18 +31,24 @@
# Graphical set up
linux.graphical.type = "wayland";
linux.graphical.wallpaper = ./images/wallpaper_0.png;
linux.graphical.defaults.webBrowser = "librewolf.desktop";
# Enable sway
programs.my-sway.enable = true;
programs.my-sway.fontSize = 14.0;
programs.my-sway.terminal = "${config.programs.kitty.package}/bin/kitty";
programs.my-sway.browser = "librewolf";
# Keyboard support
wayland.windowManager.sway.config = {
input."*".xkb_layout = "jp";
input."1278:34:HHKB-Hybrid_3_Keyboard".xkb_layout = "jp";
input."1:1:AT_Translated_Set_2_keyboard" = {
xkb_options = "ctrl:swapcaps";
xkb_layout = "us";
# xkb_layout = "us";
};
};
# input-remapping
xdg.configFile."autostart/input-remapper-autoload.desktop".source =
"${pkgs.input-remapper}/share/applications/input-remapper-autoload.desktop";
# Kitty
nki.programs.kitty = {
enable = true;
@ -50,14 +56,14 @@
};
# Multiple screen setup
services.kanshi = {
enable = true;
profiles.undocked.outputs = [{ criteria = "LVDS-1"; }];
profiles.docked-hdmi.outputs = [
{ criteria = "LVDS-1"; status = "disable"; }
{ criteria = "HDMI-A-1"; }
];
};
# services.kanshi = {
# enable = true;
# profiles.undocked.outputs = [{ criteria = "LVDS-1"; }];
# profiles.docked-hdmi.outputs = [
# # { criteria = "LVDS-1"; status = "disable"; }
# { criteria = "HDMI-A-1"; }
# ];
# };
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage

2
modules/common/linux/default.nix
View file

@ -17,6 +17,7 @@ let
systemd.network.networks."05-ios-tethering" = {
matchConfig.Driver = "ipheth";
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = "no";
};
};
@ -158,6 +159,7 @@ in
## Network configuration
systemd.network.enable = true;
systemd.network.wait-online.enable = false;
networking.hostName = cfg.networking.hostname;
networking.wireless.iwd.enable = true;
systemd.network.networks = builtins.mapAttrs

93
nki-yoga-g8/configuration.nix Normal file
View file

@ -0,0 +1,93 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Fonts
../modules/personal/fonts
# Encrypted DNS
../modules/services/edns
];
services.xserver.desktopManager.plasma5.enable = true;
# Power Management
services.upower = {
enable = true;
criticalPowerAction = "PowerOff";
usePercentageForPolicy = true;
percentageCritical = 3;
percentageLow = 10;
};
services.logind.lidSwitch = "suspend";
# Printing
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
# Keyboard
services.input-remapper.enable = true;
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
hardware.uinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
common.linux.username = "nki";
# Networking
common.linux.networking = {
hostname = "nki-yoga-g8";
networks."10-wired".match = "enp*";
networks."20-wireless".match = "wlan*";
dnsServers = [ "127.0.0.1" ];
};
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
# Secrets
# sops.defaultSopsFile = ./secrets.yaml;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
## tinc
# sops.secrets."tinc/ed25519-private-key" = { };
# services.my-tinc = {
# enable = true;
# hostName = "macbooknix";
# ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
# bindPort = 6565;
# };
services.dbus.packages = with pkgs; [ gcr ];
# Power Management
powerManagement = {
enable = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

48
nki-yoga-g8/hardware-configuration.nix Normal file
View file

@ -0,0 +1,48 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/b32d27bf-9df6-43c1-8b93-c0693811bf5b";
fsType = "btrfs";
};
common.linux.luksDevices."nixroot" = "/dev/disk/by-uuid/09114015-79bc-4a40-bf60-b4022e969acb";
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/E820-D6C7";
fsType = "vfat";
};
swapDevices = [
{ device = "/var/swapfile"; size = 32 * 1024; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s20f0u1c4i2.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}