Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

save

Browse source
This commit is contained in:
Grimmauld 2024-12-21 21:53:10 +01:00
parent 7eee8fc5f4
commit 9f2621b6be
Signed by: Grimmauld
SSH key fingerprint: SHA256:Q8IL6Y7sSKqzkyFdV1L0O/EflEh1fFV3tBtwxpapRH4
9 changed files with 152 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
common/tooling/apparmor/bare.nix Normal file
View file

@ -0,0 +1,26 @@
{
pkgs,
config,
lib,
...
}:
let
inherit (config.grimmShared) enable tooling;
inherit (lib) mkIf;
in
{
config = mkIf (enable && tooling.enable && config.security.apparmor.enable) {
services.dbus.apparmor = "enabled";
security.auditd.enable = true;
security.apparmor.enableCache = true;
environment.systemPackages = with pkgs; [ apparmor-parser ];
# security.apparmor.aa-alias-manager.enable = false;
security.audit.backlogLimit = 512;
};
}

2
common/tooling/apparmor/default.nix
View file

@ -22,6 +22,8 @@ in
alias /bin/spotify -> ${pkgs.spotify}/share/spotify/spotify,
'';
environment.systemPackages = with pkgs; [ apparmor-parser ];
# security.apparmor.aa-alias-manager.enable = false;
security.audit.backlogLimit = 512;

2
common/tooling/default.nix
View file

@ -23,7 +23,7 @@ in
./lsp.nix
./helix.nix
./git.nix
./wine.nix
# ./wine.nix
./c.nix
./java.nix
./opensnitch

1
common/tooling/nix.nix
View file

@ -45,6 +45,7 @@
experimental-features = [
"nix-command"
"flakes"
"pipe-operator"
];
warn-dirty = false;
};

2
common/xdg/mime.nix
View file

@ -53,7 +53,7 @@ in
gnome-console
alacritty_pkg
imhex
libreoffice-qt
# libreoffice-qt
filezilla
obsidian
nomacs

137
flake.lock
View file

@ -31,11 +31,11 @@
]
},
"locked": {
"lastModified": 1732889580,
"narHash": "sha256-67MC0DhkRPTPy/g76sm/jzMqcmUBIlX5qoSH5B27Twk=",
"lastModified": 1734540176,
"narHash": "sha256-msxbnOw/nh8GJ87YtBEDT1jhVldOBtxHRF2KgvYPeDA=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "5b6ceba740feaf260ec205e41e3dde8af510a547",
"rev": "00df3ad02364a6fb8f1105dc72ae770b748c62eb",
"type": "github"
},
"original": {
@ -92,6 +92,28 @@
"type": "github"
}
},
"apparmor-dev": {
"inputs": {
"flake-utils": "flake-utils_2",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734558035,
"narHash": "sha256-v45bzSPoI7q/mGeP0YyBaE5F/fFuQ75GPHRGTPNpcsw=",
"owner": "LordGrimmauld",
"repo": "apparmor-dev",
"rev": "d9d7d629c902a10e1c9986efb8b79c7d9daf02ed",
"type": "github"
},
"original": {
"owner": "LordGrimmauld",
"repo": "apparmor-dev",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -118,11 +140,11 @@
]
},
"locked": {
"lastModified": 1733072746,
"narHash": "sha256-Rds19CCMsbT+eo5HoJahl2N/wLrvGZ0Nw6Vlu+hvfmE=",
"lastModified": 1734346739,
"narHash": "sha256-Um5yY36idRodddotyBaI9sQjw/xw5SV6tt3jPRgL330=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "36d157737c1682d31721f68c812353225956471b",
"rev": "7228d7032f0316dbc69b69584ec07707efbd38c9",
"type": "github"
},
"original": {
@ -189,11 +211,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -250,6 +272,24 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -302,11 +342,11 @@
]
},
"locked": {
"lastModified": 1732884235,
"narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
"lastModified": 1734093295,
"narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "819f682269f4e002884702b87e445c82840c68f2",
"rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8",
"type": "github"
},
"original": {
@ -317,18 +357,18 @@
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions_2",
"nix-github-actions": "nix-github-actions_3",
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732739177,
"narHash": "sha256-iL32+TA/8geCzcL1r3uthrH/GPvbUak5QE++WJUkaiI=",
"lastModified": 1734162608,
"narHash": "sha256-m2AX+3eiVqIK6uO7GbGY7SFnkkYOlR5fQiNI0eRvWOQ=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "8d7b2149e618696d5100c2683af1ffa893f02a75",
"rev": "31bdf4c7c91204d65afbde01146deee0259a8fb7",
"type": "github"
},
"original": {
@ -343,7 +383,7 @@
"nixpkgs-update",
"nixpkgs"
],
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1710694589,
@ -381,6 +421,27 @@
}
},
"nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"apparmor-dev",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731952509,
"narHash": "sha256-p4gB3Rhw8R6Ak4eMl8pqjCPOLCZRqaehZxdZ/mbFClM=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "7b5f051df789b6b20d259924d349a9ba3319b226",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-github-actions_3": {
"inputs": {
"nixpkgs": [
"chaotic",
@ -413,11 +474,11 @@
"nixpkgs-24_05": "nixpkgs-24_05"
},
"locked": {
"lastModified": 1722877200,
"narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
"lastModified": 1734370678,
"narHash": "sha256-a8zkti1QM5Oxkdfnzr/NjrFlyqI36/kYV/X8G1jOmB4=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
"rev": "c43d8c4a3ce84a7bebd110b06e69365484db6208",
"type": "gitlab"
},
"original": {
@ -449,27 +510,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1733015953,
"narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
"lastModified": 1734536697,
"narHash": "sha256-G/HnRTtU+ob8x967kjzMRqjNFbAdllrcjYc+IcaR15Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
"rev": "9c40bef08a5bdc0ccc3207f4282a1ded83e77a7a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-24_05": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github"
},
"original": {
@ -502,11 +563,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1732958734,
"narHash": "sha256-DY1Aq+pAU/n0loBjCRfeSbEG/ji2M+mrEkcEnsN/AHk=",
"lastModified": 1734260421,
"narHash": "sha256-vsr+9xKkirwEjvXTS2sOVIxlKQmF/QjszD+Ph0/oRgc=",
"owner": "nix-community",
"repo": "nixpkgs-update",
"rev": "dffb2930904b08ca8d226594b543cbae150b5f67",
"rev": "712e24bd6543801c52f6c0656a8371f8d029030e",
"type": "github"
},
"original": {
@ -558,6 +619,7 @@
"aa-alias-manager": "aa-alias-manager",
"aagl-gtk-on-nix": "aagl-gtk-on-nix",
"agenix": "agenix",
"apparmor-dev": "apparmor-dev",
"chaotic": "chaotic",
"nixos-mailserver": "nixos-mailserver",
"nixos-matrix-modules": "nixos-matrix-modules",
@ -668,6 +730,21 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [

18
flake.nix
View file

@ -3,7 +3,7 @@
inputs = {
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable";
url = "github:NixOS/nixpkgs/nixos-unstable-small";
# url = "git+file:///home/grimmauld/coding/nixpkgs";
};
chaotic = {
@ -36,6 +36,10 @@
url = "github:nix-community/nixpkgs-update";
# inputs.nixpkgs.follows = "nixpkgs";
};
apparmor-dev = {
url = "github:LordGrimmauld/apparmor-dev";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@ -49,14 +53,15 @@
nixos-matrix-modules,
aa-alias-manager,
nixpkgs-update,
apparmor-dev,
...
}:
let
patches = [
{
url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/356796.patch";
hash = "sha256-nlyqFxvD6O7MDNJxs/9pCRWzo4XvG++Znc3HvDFkiiY=";
}
# {
# url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/356796.patch";
# hash = "sha256-hiXVdMeoKYbzJ4QxtTF85huRTe4EwgD3E1qXKhJGw1U=";
# }
];
customNixosSystem =
@ -68,7 +73,7 @@
src = inputs.nixpkgs;
patches = map (p: if (builtins.isPath p) then p else (unpatched.fetchpatch p)) patches;
};
nixosSystem = import (patched + "/nixos/lib/eval-config.nix");
nixosSystem = if patches == [] then nixpkgs.lib.nixosSystem else import (patched + "/nixos/lib/eval-config.nix");
in
nixosSystem (
{
@ -108,6 +113,7 @@
aagl-gtk-on-nix.nixosModules.default
./configuration.nix
aa-alias-manager.nixosModules.default
# apparmor-dev.nixosModules.default
./specific/grimm-nixos-ssd/configuration.nix
];

2
overlays/default.nix
View file

@ -38,7 +38,7 @@
./ooye.nix
./factorio.nix
./ranger.nix
./ncspot.nix
# ./ncspot.nix
./grpcio-tools.nix
];
}

2
sway/default.nix
View file

@ -196,7 +196,7 @@
(getExe' config.hardware.opentabletdriver.package "otd-daemon")
pkgs.swaynotificationcenter
pkgs.networkmanagerapplet
aw-bundle
# aw-bundle
# (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart
];
extraConfig = ''