summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2021-09-16 16:29:16 -0400
committerBen Sima <ben@bsima.me>2021-09-16 16:29:16 -0400
commit05b5e67464fe8380fb18422daf5e34e520452414 (patch)
treea4559b59649afc652bab8367dc2b6e468e4cd435
parenta9618ced7bb4228e67b021b3a54760be78584588 (diff)
more work on machines
-rw-r--r--machines/helium.nix152
-rw-r--r--machines/oxygen.nix13
2 files changed, 79 insertions, 86 deletions
diff --git a/machines/helium.nix b/machines/helium.nix
index 84e3da1..1653149 100644
--- a/machines/helium.nix
+++ b/machines/helium.nix
@@ -1,31 +1,45 @@
{ config, lib, pkgs, ... }:
-# Dev environment,
+# usual environment, as a thin OS
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
in {
+ imports = [ ./users.nix ];
- security = {
- sudo = {
- wheelNeedsPassword = false;
- };
- };
+ security.sudo.wheelNeedsPassword = false;
- networking = {
- hostName = "helium";
- networkmanager.enable = true;
- };
+ boot.initrd.availableKernelModules = [
+ "xhi_pci" "ehci_pci" "ahci"
+ "usb_storage" "sd_mod"
+ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [];
+
+ fileSystems."/boot".device = "/dev/disk/by-label/boot";
+ fileSystems."/boot".fsType = "vfat";
+
+ fileSystems."/".device = "/dev/disk/by-label/nixos";
+ fileSystems."/".fsType = "ext4";
+
+ swapDevices = [
+ { device = "/dev/disk/by-label/swap"; }
+ ];
+
+ networking.hostName = "helium";
+ networking.networkmanager.enable = true;
time.timeZone = "America/New_York";
+ location.latitude = 40.80;
+ location.longitude = -81.52;
+
fonts.fonts = with pkgs; [
google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
fira fira-code fira-code-symbols
];
environment.systemPackages = [
- pkgs.brightnessctl
];
nixpkgs = {
@@ -35,25 +49,21 @@ in {
};
};
- hardware = {
- enableAllFirmware = true;
- bluetooth.enable = true;
- bluetooth.package = pkgs.bluezFull;
- opengl.enable = true;
- pulseaudio = {
+ hardware.enableAllFirmware = true;
+ hardware.bluetooth.enable = true;
+ hardware.bluetooth.package = pkgs.bluezFull;
+ # hardware.acpilight.enable = true;
+ hardware.brillo.enable = true;
+ hardware.opengl.enable = true;
+ hardware.pulseaudio = {
enable = true;
extraConfig = ''
load-module module-loopback
'';
};
- };
- sound = {
- enable = true;
- mediaKeys = {
- enable = true;
- };
- };
+ sound.enable = true;
+ sound.mediaKeys.enable = true;
programs = {
bash.enableCompletion = true;
@@ -68,56 +78,39 @@ in {
};
services = {
- pcscd = {
- enable = true;
- };
+ pcscd.enable = true;
- fractalart = {
- enable = true;
- };
+ logind.lidSwitch = "suspend";
+ logind.extraConfig = "IdleAction=lock";
- logind = {
- lidSwitch = "suspend";
- extraConfig = "IdleAction=lock";
- };
+ clight.enable = true;
+ clight.temperature.day = 5000;
+ clight.temperature.night = 2300;
printing.enable = true;
- xserver = {
- enable = true;
- autorun = true;
- layout = "us";
- libinput.enable = true;
-
- xkbOptions = "caps:ctrl_modifier";
-
- displayManager.sddm.enable = true;
-
- #session = [
- # {
- # manage = "desktop";
- # name = "home-manager";
- # start = ''
- # ${pkgs.runtimeShell} $HOME/.hm-xsession &
- # waitPID=$!
- # '';
- # }
- #];
-
- windowManager.xmonad.enable = true;
- desktopManager = {
- xterm.enable = true;
- };
- };
+ xserver.enable = true;
+ xserver.autorun = true;
+ xserver.layout = "us";
+ xserver.libinput.enable = true;
+ xserver.xkbOptions = "caps:ctrl_modifier";
+
+ xserver.displayManager.sddm.enable = true;
+ xserver.windowManager.xmonad.enable = true;
+ xserver.desktopManager.xterm.enable = true;
+
+ xserver.xautolock.enable = true;
+ xserver.xautolock.enableNotifier = true;
+ xserver.xautolock.notifier = "${pkgs.libnotify}/bin/notify-send 'locking in 10 seconds'";
+ xserver.xautolock.nowlocker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password";
+ xserver.xautolock.locker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password";
vnstat.enable = true;
# security stuff
fail2ban.enable = true;
- clamav = {
- daemon.enable = true;
- updater.enable = true;
- };
+ clamav.daemon.enable = true;
+ clamav.updater.enable = true;
};
# Use the systemd-boot EFI boot loader.
@@ -125,25 +118,23 @@ in {
boot.loader.efi.canTouchEfiVariables = true;
powerManagement.enable = true;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- nix = {
- nixPath = [
+ nix.nixPath = [
"nixpkgs=${nixpkgs}"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
- gc = {
- automatic = false;
- dates = "03:15";
- };
- binaryCaches = [ "https://cache.nixos.org/" ];
- extraOptions = ''
- keep-outputs = true
- keep-derivations = true
- builders-use-substitutes = true
- '';
-
- buildMachines = [
+
+ nix.gc.automatic = false;
+ nix.gc.dates = "03:15";
+ nix.binaryCaches = [ "https://cache.nixos.org/" ];
+ nix.extraOptions = ''
+ builders-use-substitutes = true
+ '';
+
+ nix.maxJobs = lib.mkDefault 4;
+ nix.buildMachines = [
{
hostName = "192.168.1.42";
sshUser = "ben";
@@ -158,9 +149,8 @@ in {
}
];
- distributedBuilds = true;
- trustedUsers = [ "root" "ben" ];
- };
+ nix.distributedBuilds = true;
+ nix.trustedUsers = [ "root" "ben" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
index 309cd20..d9c89b1 100644
--- a/machines/oxygen.nix
+++ b/machines/oxygen.nix
@@ -1,12 +1,13 @@
{ config, lib, pkgs, ... }:
-# My airgapped machine for generating and backing up security keys
+# airgapped machine
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
in {
+ imports = [ ./users.nix ];
- security.sudo.wheelNeedsPassword = false;
+ security.sudo.enable = false;
#security.pam.services."user".yubicoAuth = true;
#security.pam.yubico.enable = true;
#security.pam.yubico.control = "sufficient"; # pam.conf(5)
@@ -40,15 +41,17 @@ in {
services.xserver.layout = "us";
services.xserver.libinput.enable = true;
services.xserver.xkbOptions = "caps:ctrl_modifier";
- services.xserver.displayManager.sddm.enable = true;
+ services.xserver.displayManager.lightdm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.desktopManager.xterm.enable = true;
- services.clamav.daemon.enable = true;
-
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ boot.kernelParams = [
+ # this probably breaks xserver, see https://superuser.com/a/1255015
+ # "CONFIG_NET=n"
+ ];
powerManagement.enable = false;