more work on machines

author: Ben Sima <ben@bsima.me> 2021-09-16 16:29:16 -0400
committer: Ben Sima <ben@bsima.me> 2021-09-16 16:29:16 -0400
commit: 05b5e67464fe8380fb18422daf5e34e520452414 (patch)
tree: a4559b59649afc652bab8367dc2b6e468e4cd435 /machines/oxygen.nix
parent: a9618ced7bb4228e67b021b3a54760be78584588 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
index 309cd20..d9c89b1 100644
--- a/machines/oxygen.nix
+++ b/machines/oxygen.nix
@@ -1,12 +1,13 @@
 { config, lib, pkgs, ... }:
 
-# My airgapped machine for generating and backing up security keys
+# airgapped machine
 
 let
   nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
 in {
+  imports = [ ./users.nix ];
 
-  security.sudo.wheelNeedsPassword = false;
+  security.sudo.enable = false;
   #security.pam.services."user".yubicoAuth = true;
   #security.pam.yubico.enable = true;
   #security.pam.yubico.control = "sufficient"; # pam.conf(5)
@@ -40,15 +41,17 @@ in {
   services.xserver.layout = "us";
   services.xserver.libinput.enable = true;
   services.xserver.xkbOptions = "caps:ctrl_modifier";
-  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
   services.xserver.windowManager.xmonad.enable = true;
   services.xserver.desktopManager.xterm.enable = true;
 
-  services.clamav.daemon.enable = true;
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelParams = [
+    # this probably breaks xserver, see https://superuser.com/a/1255015
+    # "CONFIG_NET=n"
+  ];
 
   powerManagement.enable = false;
author	Ben Sima <ben@bsima.me>	2021-09-16 16:29:16 -0400
committer	Ben Sima <ben@bsima.me>	2021-09-16 16:29:16 -0400
commit	05b5e67464fe8380fb18422daf5e34e520452414 (patch)
tree	a4559b59649afc652bab8367dc2b6e468e4cd435 /machines/oxygen.nix
parent	a9618ced7bb4228e67b021b3a54760be78584588 (diff)