some updates

2025-03-17 18:25:13 -04:00 · 2025-03-17 18:25:13 -04:00 · e9adb6d552
commit e9adb6d552
parent e09709c638
6 changed files with 46 additions and 5 deletions
--- a/common/nixos/logrotate.nix
+++ b/common/nixos/logrotate.nix
@ -5,9 +5,14 @@

  services.logrotate = {
    settings = {
+      header = {
+        dateext = true;
+      };
+
      "var/log/audit/audit.log" = {
        frequency = "daily";
        rotate = 3;
+        size = "100k";
      };
    };
  };
--- a/common/nixos/ssh/default.nix
+++ b/common/nixos/ssh/default.nix
@ -1,5 +1,10 @@
-{lib, ...}: {
-  imports = [./ssh.nix ./ssh_client.nix ./ssh_guard.nix];
+{ lib, ... }:
+{
+  imports = [
+    ./ssh.nix
+    ./ssh_client.nix
+    ./ssh_guard.nix
+  ];

  ssh_client.enable = lib.mkDefault true;
  ssh.enable = lib.mkDefault false;
--- a/common/nixos/sysctl/kernel.nix
+++ b/common/nixos/sysctl/kernel.nix
@ -31,7 +31,8 @@
    #   - 2: only admins can use ptrace (CAP_SYS_PTRACE capability required)
    #   - 3: disables ptrace completely, reboot is required to re-enable ptrace
    # If you need ptrace to work, then avoid non-ancestor ptrace access to running processes and their credentials, and use value "1".
-    "kernel.yama.ptrace_scope" = 3;
+    # # breaks debuggers
+    # "kernel.yama.ptrace_scope" = 3;

    # restrict kernel logs to root only
    "kernel.dmesg_restrict" = 1;
--- a/common/virtualization/libvirt.nix
+++ b/common/virtualization/libvirt.nix
@ -43,10 +43,24 @@

    virtualisation.libvirtd = {
      enable = true;
-      qemu.ovmf.enable = true;
-      qemu.runAsRoot = false;
+      # qemu.ovmf.enable = true;
+      # qemu.runAsRoot = false;
      onBoot = "ignore";
      onShutdown = "shutdown";
+      qemu = {
+        package = pkgs.qemu_kvm;
+        runAsRoot = true;
+        swtpm.enable = true;
+        ovmf = {
+          enable = true;
+          packages = [
+            (pkgs.OVMF.override {
+              secureBoot = true;
+              tpmSupport = true;
+            }).fd
+          ];
+        };
+      };
    };

    users.extraGroups.libvirtd.members = [ "${user}" ];
--- a/home-manager/modules/common-gui.nix
+++ b/home-manager/modules/common-gui.nix
@ -5,6 +5,7 @@
    ./fuzzel.nix
    ./kitty.nix
    ./ghostty.nix
+    ./obs.nix
  ];

  fonts.fontconfig.enable = true;
--- a/home-manager/modules/obs.nix
+++ b/home-manager/modules/obs.nix
@ -0,0 +1,15 @@
+# A cat clone with syntax highlighting and Git integration.
+{ pkgs, ... }:
+{
+  programs.obs-studio = {
+    enable = true;
+
+    # additional packages to add to gjs's runtime
+    # extraPackages = with pkgs; [
+    #   gtksourceview
+    #   webkitgtk
+    #   accountsservice
+    #   libdbusmenu-gtk3
+    # ];
+  };
+}