diff options
Diffstat (limited to 'machines/oxygen.nix')
| -rw-r--r-- | machines/oxygen.nix | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/machines/oxygen.nix b/machines/oxygen.nix new file mode 100644 index 0000000..309cd20 --- /dev/null +++ b/machines/oxygen.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +# My airgapped machine for generating and backing up security keys + +let + nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); +in { + + security.sudo.wheelNeedsPassword = false; + #security.pam.services."user".yubicoAuth = true; + #security.pam.yubico.enable = true; + #security.pam.yubico.control = "sufficient"; # pam.conf(5) + #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1) + #file."~/.yubico/authorized_yubikeys" = <list of keys>; + + # networking is disabled, but we still need a hostname + networking.hostName = "oxygen"; + systemd.network.enable = false; + + time.timeZone = "America/New_York"; + + environment.systemPackages = [ + pkgs.brightnessctl + ]; + + nixpkgs.config.allowUnfree = false; + nixpkgs.config.allowBroken = false; + + programs.bash.enableCompletion = true; + programs.command-not-found.enable = true; + programs.light.enable = true; + programs.gnupg.agent.enable = true; + programs.gnupg.agent.enableSSHSupport = true; + + services.pcscd.enable = true; + services.printing.enable = true; + + services.xserver.enable = true; + services.xserver.autorun = true; + services.xserver.layout = "us"; + services.xserver.libinput.enable = true; + services.xserver.xkbOptions = "caps:ctrl_modifier"; + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.desktopManager.xterm.enable = true; + + services.clamav.daemon.enable = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + powerManagement.enable = false; + + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + nix.binaryCaches = [ ]; + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + builders-use-substitutes = true + ''; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? + system.autoUpgrade.enable = false; +} |