add boron

2 files changed, 89 insertions, 0 deletions

diff --git a/machines/lib/base.nix b/machines/lib/base.nix
new file mode 100644
index 0000000..3805aa4
--- /dev/null
+++ b/machines/lib/base.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+let
+  nixpkgs = builtins.fetchTarball (import ../../nixpkgs.nix);
+in {
+  console.font = "${pkgs.fira-code}/share/fonts/truetype/FiraCode-VF.ttf";
+
+  environment.systemPackages = with pkgs; [
+    yubioath-flutter
+    yubico-pam
+    yubikey-manager
+    yubikey-personalization
+  ];
+
+
+  fonts.fonts = with pkgs; [
+    google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+    fira fira-code fira-code-symbols
+  ];
+
+  location.latitude = 40.80;
+  location.longitude = -81.52;
+
+  programs.bash.enableCompletion = true;
+  programs.command-not-found.enable = true;
+  programs.light.enable = true;
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.agent.enableSSHSupport = true;
+  programs.mosh.enable = true;
+  programs.ssh.agentTimeout = "1h";
+
+  security.pam.yubico.control = "sufficient";  # use yubikey in lieu of password
+  security.pam.yubico.debug = false;
+  security.pam.yubico.enable = true;
+  security.pam.yubico.mode = "challenge-response";
+  security.sudo.wheelNeedsPassword = true;
+
+  services.pcscd.enable = true;
+
+  services.logind.lidSwitch = "suspend";
+  services.logind.lidSwitchDocked = "lock";
+  services.logind.lidSwitchExternalPower = "lock";
+
+  services.clight.enable = true;
+  services.clight.temperature.day = 6500;
+  services.clight.temperature.night = 1800;
+
+  services.printing.enable = true;
+
+  services.xserver.xkbOptions = "caps:ctrl_modifier";
+
+  services.vnstat.enable = true;
+
+  services.fail2ban.enable = true;
+  services.clamav.daemon.enable = false;
+  services.clamav.updater.enable = false;
+
+  nix.nixPath = [
+    "nixpkgs=${nixpkgs}"
+    "nixos-config=/etc/nixos/configuration.nix"
+    "/nix/var/nix/profiles/per-user/root/channels"
+  ];
+  nix.gc.automatic = false;
+  nix.gc.dates = "03:15";
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
+
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowBroken = true;
+
+  time.timeZone = "America/New_York";
+}
diff --git a/machines/lib/users.nix b/machines/lib/users.nix
new file mode 100644
index 0000000..a9235d1
--- /dev/null
+++ b/machines/lib/users.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+let
+  benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium";
+in
+{
+  users.users = {
+    ben = {
+      isNormalUser = true;
+      description = "Ben Sima";
+      home = "/home/ben";
+      openssh.authorizedKeys.keys = [ "${benKey}" ];
+      extraGroups = [ "wheel" "networkmanager" "docker" "audio" "video"];
+    };
+  };
+}