update machines, wip oxygen

4 files changed, 84 insertions, 104 deletions

diff --git a/machines/README.md b/machines/README.md
new file mode 100644
index 0000000..ae7ad68
--- /dev/null
+++ b/machines/README.md
@@ -0,0 +1,9 @@
+NixOS configurations I use.
+
+To create a vm, for example:
+
+    nixos-generate -f virtualbox -c ./oxygen.nix
+
+Available formats are listed here:
+https://github.com/nix-community/nixos-generators#supported-formats
+
diff --git a/machines/beryllium.nix b/machines/beryllium.nix
deleted file mode 100644
index 3d0a452..0000000
--- a/machines/beryllium.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# My airgapped machine for generating and backing up security keys
-
-let
-  nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
-in {
-
-  security.sudo.wheelNeedsPassword = false;
-  #security.pam.services."user".yubicoAuth = true;
-  #security.pam.yubico.enable = true;
-  #security.pam.yubico.control = "sufficient"; # pam.conf(5)
-  #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1)
-  #file."~/.yubico/authorized_yubikeys" = <list of keys>;
-
-  networking = {
-    hostName = "beryllium";
-    networkmanager.enable = false;
-  };
-
-  time.timeZone = "America/New_York";
-
-  environment.systemPackages = [
-    pkgs.brightnessctl
-  ];
-
-  nixpkgs = {
-    config = {
-      allowUnfree = false;
-      allowBroken = false;
-    };
-  };
-
-  hardware = {
-    enableAllFirmware = ;
-    bluetooth.enable = false;
-  };
-
-  programs = {
-    bash.enableCompletion = true;
-    command-not-found.enable = true;
-    light.enable = true;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
-  };
-
-  services = {
-    pcscd = {
-      enable = true;
-    };
-
-    printing.enable = true;
-
-    xserver = {
-      enable = true;
-      autorun = true;
-      layout = "us";
-      libinput.enable = true;
-
-      xkbOptions = "caps:ctrl_modifier";
-
-      displayManager.sddm.enable = true;
-
-      windowManager.xmonad.enable = true;
-      desktopManager = {
-        xterm.enable = true;
-     };
-    };
-
-    # security stuff
-    clamav = {
-      daemon.enable = true;
-    };
-  };
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  powerManagement.enable = false;
-
-  nix = {
-    nixPath = [
-      "nixpkgs=${nixpkgs}"
-      "nixos-config=/etc/nixos/configuration.nix"
-      "/nix/var/nix/profiles/per-user/root/channels"
-    ];
-    binaryCaches =  [ ];
-    extraOptions = ''
-      keep-outputs = true
-      keep-derivations = true
-      builders-use-substitutes = true
-    '';
-  };
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.03"; # Did you read the comment?
-  system.autoUpgrade.enable = false;
-}
diff --git a/machines/helium.nix b/machines/helium.nix
index f8850cb..84e3da1 100644
--- a/machines/helium.nix
+++ b/machines/helium.nix
@@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }:
 
+# Dev environment,
+
 let
   nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
 in {
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
new file mode 100644
index 0000000..309cd20
--- /dev/null
+++ b/machines/oxygen.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+# My airgapped machine for generating and backing up security keys
+
+let
+  nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
+in {
+
+  security.sudo.wheelNeedsPassword = false;
+  #security.pam.services."user".yubicoAuth = true;
+  #security.pam.yubico.enable = true;
+  #security.pam.yubico.control = "sufficient"; # pam.conf(5)
+  #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1)
+  #file."~/.yubico/authorized_yubikeys" = <list of keys>;
+
+  # networking is disabled, but we still need a hostname
+  networking.hostName = "oxygen";
+  systemd.network.enable = false;
+
+  time.timeZone = "America/New_York";
+
+  environment.systemPackages = [
+    pkgs.brightnessctl
+  ];
+
+  nixpkgs.config.allowUnfree = false;
+  nixpkgs.config.allowBroken = false;
+
+  programs.bash.enableCompletion = true;
+  programs.command-not-found.enable = true;
+  programs.light.enable = true;
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.agent.enableSSHSupport = true;
+
+  services.pcscd.enable = true;
+  services.printing.enable = true;
+
+  services.xserver.enable = true;
+  services.xserver.autorun = true;
+  services.xserver.layout = "us";
+  services.xserver.libinput.enable = true;
+  services.xserver.xkbOptions = "caps:ctrl_modifier";
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.windowManager.xmonad.enable = true;
+  services.xserver.desktopManager.xterm.enable = true;
+
+  services.clamav.daemon.enable = true;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  powerManagement.enable = false;
+
+  nix.nixPath = [
+    "nixpkgs=${nixpkgs}"
+    "nixos-config=/etc/nixos/configuration.nix"
+    "/nix/var/nix/profiles/per-user/root/channels"
+  ];
+  nix.binaryCaches =  [ ];
+  nix.extraOptions = ''
+    keep-outputs = true
+    keep-derivations = true
+    builders-use-substitutes = true
+  '';
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+  system.autoUpgrade.enable = false;
+}