diff options
-rw-r--r-- | machines/helium.nix | 152 | ||||
-rw-r--r-- | machines/oxygen.nix | 13 |
2 files changed, 79 insertions, 86 deletions
diff --git a/machines/helium.nix b/machines/helium.nix index 84e3da1..1653149 100644 --- a/machines/helium.nix +++ b/machines/helium.nix @@ -1,31 +1,45 @@ { config, lib, pkgs, ... }: -# Dev environment, +# usual environment, as a thin OS let nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); in { + imports = [ ./users.nix ]; - security = { - sudo = { - wheelNeedsPassword = false; - }; - }; + security.sudo.wheelNeedsPassword = false; - networking = { - hostName = "helium"; - networkmanager.enable = true; - }; + boot.initrd.availableKernelModules = [ + "xhi_pci" "ehci_pci" "ahci" + "usb_storage" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = []; + + fileSystems."/boot".device = "/dev/disk/by-label/boot"; + fileSystems."/boot".fsType = "vfat"; + + fileSystems."/".device = "/dev/disk/by-label/nixos"; + fileSystems."/".fsType = "ext4"; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; + + networking.hostName = "helium"; + networking.networkmanager.enable = true; time.timeZone = "America/New_York"; + location.latitude = 40.80; + location.longitude = -81.52; + fonts.fonts = with pkgs; [ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font fira fira-code fira-code-symbols ]; environment.systemPackages = [ - pkgs.brightnessctl ]; nixpkgs = { @@ -35,25 +49,21 @@ in { }; }; - hardware = { - enableAllFirmware = true; - bluetooth.enable = true; - bluetooth.package = pkgs.bluezFull; - opengl.enable = true; - pulseaudio = { + hardware.enableAllFirmware = true; + hardware.bluetooth.enable = true; + hardware.bluetooth.package = pkgs.bluezFull; + # hardware.acpilight.enable = true; + hardware.brillo.enable = true; + hardware.opengl.enable = true; + hardware.pulseaudio = { enable = true; extraConfig = '' load-module module-loopback ''; }; - }; - sound = { - enable = true; - mediaKeys = { - enable = true; - }; - }; + sound.enable = true; + sound.mediaKeys.enable = true; programs = { bash.enableCompletion = true; @@ -68,56 +78,39 @@ in { }; services = { - pcscd = { - enable = true; - }; + pcscd.enable = true; - fractalart = { - enable = true; - }; + logind.lidSwitch = "suspend"; + logind.extraConfig = "IdleAction=lock"; - logind = { - lidSwitch = "suspend"; - extraConfig = "IdleAction=lock"; - }; + clight.enable = true; + clight.temperature.day = 5000; + clight.temperature.night = 2300; printing.enable = true; - xserver = { - enable = true; - autorun = true; - layout = "us"; - libinput.enable = true; - - xkbOptions = "caps:ctrl_modifier"; - - displayManager.sddm.enable = true; - - #session = [ - # { - # manage = "desktop"; - # name = "home-manager"; - # start = '' - # ${pkgs.runtimeShell} $HOME/.hm-xsession & - # waitPID=$! - # ''; - # } - #]; - - windowManager.xmonad.enable = true; - desktopManager = { - xterm.enable = true; - }; - }; + xserver.enable = true; + xserver.autorun = true; + xserver.layout = "us"; + xserver.libinput.enable = true; + xserver.xkbOptions = "caps:ctrl_modifier"; + + xserver.displayManager.sddm.enable = true; + xserver.windowManager.xmonad.enable = true; + xserver.desktopManager.xterm.enable = true; + + xserver.xautolock.enable = true; + xserver.xautolock.enableNotifier = true; + xserver.xautolock.notifier = "${pkgs.libnotify}/bin/notify-send 'locking in 10 seconds'"; + xserver.xautolock.nowlocker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password"; + xserver.xautolock.locker = "${pkgs.i3lock}/bin/i3lock --color=000000 --show-failed-attempts --ignore-empty-password"; vnstat.enable = true; # security stuff fail2ban.enable = true; - clamav = { - daemon.enable = true; - updater.enable = true; - }; + clamav.daemon.enable = true; + clamav.updater.enable = true; }; # Use the systemd-boot EFI boot loader. @@ -125,25 +118,23 @@ in { boot.loader.efi.canTouchEfiVariables = true; powerManagement.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - nix = { - nixPath = [ + nix.nixPath = [ "nixpkgs=${nixpkgs}" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; - gc = { - automatic = false; - dates = "03:15"; - }; - binaryCaches = [ "https://cache.nixos.org/" ]; - extraOptions = '' - keep-outputs = true - keep-derivations = true - builders-use-substitutes = true - ''; - - buildMachines = [ + + nix.gc.automatic = false; + nix.gc.dates = "03:15"; + nix.binaryCaches = [ "https://cache.nixos.org/" ]; + nix.extraOptions = '' + builders-use-substitutes = true + ''; + + nix.maxJobs = lib.mkDefault 4; + nix.buildMachines = [ { hostName = "192.168.1.42"; sshUser = "ben"; @@ -158,9 +149,8 @@ in { } ]; - distributedBuilds = true; - trustedUsers = [ "root" "ben" ]; - }; + nix.distributedBuilds = true; + nix.trustedUsers = [ "root" "ben" ]; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/machines/oxygen.nix b/machines/oxygen.nix index 309cd20..d9c89b1 100644 --- a/machines/oxygen.nix +++ b/machines/oxygen.nix @@ -1,12 +1,13 @@ { config, lib, pkgs, ... }: -# My airgapped machine for generating and backing up security keys +# airgapped machine let nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); in { + imports = [ ./users.nix ]; - security.sudo.wheelNeedsPassword = false; + security.sudo.enable = false; #security.pam.services."user".yubicoAuth = true; #security.pam.yubico.enable = true; #security.pam.yubico.control = "sufficient"; # pam.conf(5) @@ -40,15 +41,17 @@ in { services.xserver.layout = "us"; services.xserver.libinput.enable = true; services.xserver.xkbOptions = "caps:ctrl_modifier"; - services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.lightdm.enable = true; services.xserver.windowManager.xmonad.enable = true; services.xserver.desktopManager.xterm.enable = true; - services.clamav.daemon.enable = true; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.kernelParams = [ + # this probably breaks xserver, see https://superuser.com/a/1255015 + # "CONFIG_NET=n" + ]; powerManagement.enable = false; |