diff options
author | Ben Sima <ben@bsima.me> | 2021-08-31 08:58:19 -0400 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2021-08-31 08:58:33 -0400 |
commit | d3503a13da2bdaf11adcc72bca44214960c23190 (patch) | |
tree | 5e25c969228106b353ccce69f507dd2fd4cc6c71 /machines | |
parent | 836da08a0e669c62f9e192b4e9af9e70accfe85a (diff) |
stub beryllium config
Diffstat (limited to 'machines')
-rw-r--r-- | machines/beryllium.nix | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/machines/beryllium.nix b/machines/beryllium.nix new file mode 100644 index 0000000..3d0a452 --- /dev/null +++ b/machines/beryllium.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +# My airgapped machine for generating and backing up security keys + +let + nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); +in { + + security.sudo.wheelNeedsPassword = false; + #security.pam.services."user".yubicoAuth = true; + #security.pam.yubico.enable = true; + #security.pam.yubico.control = "sufficient"; # pam.conf(5) + #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1) + #file."~/.yubico/authorized_yubikeys" = <list of keys>; + + networking = { + hostName = "beryllium"; + networkmanager.enable = false; + }; + + time.timeZone = "America/New_York"; + + environment.systemPackages = [ + pkgs.brightnessctl + ]; + + nixpkgs = { + config = { + allowUnfree = false; + allowBroken = false; + }; + }; + + hardware = { + enableAllFirmware = ; + bluetooth.enable = false; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + light.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + + services = { + pcscd = { + enable = true; + }; + + printing.enable = true; + + xserver = { + enable = true; + autorun = true; + layout = "us"; + libinput.enable = true; + + xkbOptions = "caps:ctrl_modifier"; + + displayManager.sddm.enable = true; + + windowManager.xmonad.enable = true; + desktopManager = { + xterm.enable = true; + }; + }; + + # security stuff + clamav = { + daemon.enable = true; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + powerManagement.enable = false; + + nix = { + nixPath = [ + "nixpkgs=${nixpkgs}" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + binaryCaches = [ ]; + extraOptions = '' + keep-outputs = true + keep-derivations = true + builders-use-substitutes = true + ''; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? + system.autoUpgrade.enable = false; +} |