summaryrefslogtreecommitdiff
path: root/machines
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2021-09-15 21:46:34 -0400
committerBen Sima <ben@bsima.me>2021-09-15 21:46:34 -0400
commitbec0be8b42bca1785922237a4c06674bb5123e0c (patch)
treeac9bf1ecc6ded8cced9216a7f3a2a9f498f32c6a /machines
parentd3503a13da2bdaf11adcc72bca44214960c23190 (diff)
update machines, wip oxygen
Diffstat (limited to 'machines')
-rw-r--r--machines/README.md9
-rw-r--r--machines/beryllium.nix104
-rw-r--r--machines/helium.nix2
-rw-r--r--machines/oxygen.nix73
4 files changed, 84 insertions, 104 deletions
diff --git a/machines/README.md b/machines/README.md
new file mode 100644
index 0000000..ae7ad68
--- /dev/null
+++ b/machines/README.md
@@ -0,0 +1,9 @@
+NixOS configurations I use.
+
+To create a vm, for example:
+
+ nixos-generate -f virtualbox -c ./oxygen.nix
+
+Available formats are listed here:
+https://github.com/nix-community/nixos-generators#supported-formats
+
diff --git a/machines/beryllium.nix b/machines/beryllium.nix
deleted file mode 100644
index 3d0a452..0000000
--- a/machines/beryllium.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# My airgapped machine for generating and backing up security keys
-
-let
- nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
-in {
-
- security.sudo.wheelNeedsPassword = false;
- #security.pam.services."user".yubicoAuth = true;
- #security.pam.yubico.enable = true;
- #security.pam.yubico.control = "sufficient"; # pam.conf(5)
- #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1)
- #file."~/.yubico/authorized_yubikeys" = <list of keys>;
-
- networking = {
- hostName = "beryllium";
- networkmanager.enable = false;
- };
-
- time.timeZone = "America/New_York";
-
- environment.systemPackages = [
- pkgs.brightnessctl
- ];
-
- nixpkgs = {
- config = {
- allowUnfree = false;
- allowBroken = false;
- };
- };
-
- hardware = {
- enableAllFirmware = ;
- bluetooth.enable = false;
- };
-
- programs = {
- bash.enableCompletion = true;
- command-not-found.enable = true;
- light.enable = true;
- gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
- };
-
- services = {
- pcscd = {
- enable = true;
- };
-
- printing.enable = true;
-
- xserver = {
- enable = true;
- autorun = true;
- layout = "us";
- libinput.enable = true;
-
- xkbOptions = "caps:ctrl_modifier";
-
- displayManager.sddm.enable = true;
-
- windowManager.xmonad.enable = true;
- desktopManager = {
- xterm.enable = true;
- };
- };
-
- # security stuff
- clamav = {
- daemon.enable = true;
- };
- };
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- powerManagement.enable = false;
-
- nix = {
- nixPath = [
- "nixpkgs=${nixpkgs}"
- "nixos-config=/etc/nixos/configuration.nix"
- "/nix/var/nix/profiles/per-user/root/channels"
- ];
- binaryCaches = [ ];
- extraOptions = ''
- keep-outputs = true
- keep-derivations = true
- builders-use-substitutes = true
- '';
- };
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "19.03"; # Did you read the comment?
- system.autoUpgrade.enable = false;
-}
diff --git a/machines/helium.nix b/machines/helium.nix
index f8850cb..84e3da1 100644
--- a/machines/helium.nix
+++ b/machines/helium.nix
@@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }:
+# Dev environment,
+
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
in {
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
new file mode 100644
index 0000000..309cd20
--- /dev/null
+++ b/machines/oxygen.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+# My airgapped machine for generating and backing up security keys
+
+let
+ nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
+in {
+
+ security.sudo.wheelNeedsPassword = false;
+ #security.pam.services."user".yubicoAuth = true;
+ #security.pam.yubico.enable = true;
+ #security.pam.yubico.control = "sufficient"; # pam.conf(5)
+ #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1)
+ #file."~/.yubico/authorized_yubikeys" = <list of keys>;
+
+ # networking is disabled, but we still need a hostname
+ networking.hostName = "oxygen";
+ systemd.network.enable = false;
+
+ time.timeZone = "America/New_York";
+
+ environment.systemPackages = [
+ pkgs.brightnessctl
+ ];
+
+ nixpkgs.config.allowUnfree = false;
+ nixpkgs.config.allowBroken = false;
+
+ programs.bash.enableCompletion = true;
+ programs.command-not-found.enable = true;
+ programs.light.enable = true;
+ programs.gnupg.agent.enable = true;
+ programs.gnupg.agent.enableSSHSupport = true;
+
+ services.pcscd.enable = true;
+ services.printing.enable = true;
+
+ services.xserver.enable = true;
+ services.xserver.autorun = true;
+ services.xserver.layout = "us";
+ services.xserver.libinput.enable = true;
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.desktopManager.xterm.enable = true;
+
+ services.clamav.daemon.enable = true;
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ powerManagement.enable = false;
+
+ nix.nixPath = [
+ "nixpkgs=${nixpkgs}"
+ "nixos-config=/etc/nixos/configuration.nix"
+ "/nix/var/nix/profiles/per-user/root/channels"
+ ];
+ nix.binaryCaches = [ ];
+ nix.extraOptions = ''
+ keep-outputs = true
+ keep-derivations = true
+ builders-use-substitutes = true
+ '';
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "19.03"; # Did you read the comment?
+ system.autoUpgrade.enable = false;
+}