gwg313/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some updates

Browse source
This commit is contained in:
gwg313 2025-03-17 18:25:13 -04:00
parent e09709c638
commit e9adb6d552
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
6 changed files with 46 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
common/nixos/logrotate.nix
View file

@ -5,9 +5,14 @@
services.logrotate = { services.logrotate = {
settings = { settings = {
header = {
dateext = true;
};
"var/log/audit/audit.log" = { "var/log/audit/audit.log" = {
frequency = "daily"; frequency = "daily";
rotate = 3; rotate = 3;
size = "100k";
}; };
}; };
}; };

9
common/nixos/ssh/default.nix
View file

@ -1,5 +1,10 @@
{lib, ...}: { { lib, ... }:
imports = [./ssh.nix ./ssh_client.nix ./ssh_guard.nix]; {
imports = [
./ssh.nix
./ssh_client.nix
./ssh_guard.nix
];
ssh_client.enable = lib.mkDefault true; ssh_client.enable = lib.mkDefault true;
ssh.enable = lib.mkDefault false; ssh.enable = lib.mkDefault false;

3
common/nixos/sysctl/kernel.nix
View file

@ -31,7 +31,8 @@
# - 2: only admins can use ptrace (CAP_SYS_PTRACE capability required) # - 2: only admins can use ptrace (CAP_SYS_PTRACE capability required)
# - 3: disables ptrace completely, reboot is required to re-enable ptrace # - 3: disables ptrace completely, reboot is required to re-enable ptrace
# If you need ptrace to work, then avoid non-ancestor ptrace access to running processes and their credentials, and use value "1". # If you need ptrace to work, then avoid non-ancestor ptrace access to running processes and their credentials, and use value "1".
"kernel.yama.ptrace_scope" = 3; # # breaks debuggers
# "kernel.yama.ptrace_scope" = 3;
# restrict kernel logs to root only # restrict kernel logs to root only
"kernel.dmesg_restrict" = 1; "kernel.dmesg_restrict" = 1;

18
common/virtualization/libvirt.nix
View file

@ -43,10 +43,24 @@
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
qemu.ovmf.enable = true; # qemu.ovmf.enable = true;
qemu.runAsRoot = false; # qemu.runAsRoot = false;
onBoot = "ignore"; onBoot = "ignore";
onShutdown = "shutdown"; onShutdown = "shutdown";
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
ovmf = {
enable = true;
packages = [
(pkgs.OVMF.override {
secureBoot = true;
tpmSupport = true;
}).fd
];
};
};
}; };
users.extraGroups.libvirtd.members = [ "${user}" ]; users.extraGroups.libvirtd.members = [ "${user}" ];

1
home-manager/modules/common-gui.nix
View file

@ -5,6 +5,7 @@
./fuzzel.nix ./fuzzel.nix
./kitty.nix ./kitty.nix
./ghostty.nix ./ghostty.nix
./obs.nix
]; ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

15
home-manager/modules/obs.nix Normal file
View file

@ -0,0 +1,15 @@
# A cat clone with syntax highlighting and Git integration.
{ pkgs, ... }:
{
programs.obs-studio = {
enable = true;
# additional packages to add to gjs's runtime
# extraPackages = with pkgs; [
# gtksourceview
# webkitgtk
# accountsservice
# libdbusmenu-gtk3
# ];
};
}