stub beryllium config

1 files changed, 104 insertions, 0 deletions

diff --git a/machines/beryllium.nix b/machines/beryllium.nix
new file mode 100644
index 0000000..3d0a452
--- /dev/null
+++ b/machines/beryllium.nix
@@ -0,0 +1,104 @@
+{ config, lib, pkgs, ... }:
+
+# My airgapped machine for generating and backing up security keys
+
+let
+  nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
+in {
+
+  security.sudo.wheelNeedsPassword = false;
+  #security.pam.services."user".yubicoAuth = true;
+  #security.pam.yubico.enable = true;
+  #security.pam.yubico.control = "sufficient"; # pam.conf(5)
+  #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1)
+  #file."~/.yubico/authorized_yubikeys" = <list of keys>;
+
+  networking = {
+    hostName = "beryllium";
+    networkmanager.enable = false;
+  };
+
+  time.timeZone = "America/New_York";
+
+  environment.systemPackages = [
+    pkgs.brightnessctl
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = false;
+      allowBroken = false;
+    };
+  };
+
+  hardware = {
+    enableAllFirmware = ;
+    bluetooth.enable = false;
+  };
+
+  programs = {
+    bash.enableCompletion = true;
+    command-not-found.enable = true;
+    light.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  services = {
+    pcscd = {
+      enable = true;
+    };
+
+    printing.enable = true;
+
+    xserver = {
+      enable = true;
+      autorun = true;
+      layout = "us";
+      libinput.enable = true;
+
+      xkbOptions = "caps:ctrl_modifier";
+
+      displayManager.sddm.enable = true;
+
+      windowManager.xmonad.enable = true;
+      desktopManager = {
+        xterm.enable = true;
+     };
+    };
+
+    # security stuff
+    clamav = {
+      daemon.enable = true;
+    };
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  powerManagement.enable = false;
+
+  nix = {
+    nixPath = [
+      "nixpkgs=${nixpkgs}"
+      "nixos-config=/etc/nixos/configuration.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+    binaryCaches =  [ ];
+    extraOptions = ''
+      keep-outputs = true
+      keep-derivations = true
+      builders-use-substitutes = true
+    '';
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+  system.autoUpgrade.enable = false;
+}