summaryrefslogtreecommitdiff
path: root/machines
diff options
context:
space:
mode:
Diffstat (limited to 'machines')
-rw-r--r--machines/boron.nix150
-rw-r--r--machines/helium.nix171
-rw-r--r--machines/lib/base.nix73
-rw-r--r--machines/lib/users.nix (renamed from machines/users.nix)15
4 files changed, 277 insertions, 132 deletions
diff --git a/machines/boron.nix b/machines/boron.nix
new file mode 100644
index 0000000..9db376b
--- /dev/null
+++ b/machines/boron.nix
@@ -0,0 +1,150 @@
+
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ./lib/users.nix
+ ./lib/base.nix
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/e6faab32-526f-440f-8556-bfc3941f25a6";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/439A-2C57";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.bluetooth.enable = true;
+ hardware.bluetooth.package = pkgs.bluez;
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+ # Bootloader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostName = "boron"; # Define your hostname.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Configure network proxy if necessary
+ # networking.proxy.default = "http://user:password@proxy:port/";
+ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+ # Enable networking
+ networking.networkmanager.enable = true;
+
+ # Set your time zone.
+ time.timeZone = "America/New_York";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "en_US.UTF-8";
+ LC_IDENTIFICATION = "en_US.UTF-8";
+ LC_MEASUREMENT = "en_US.UTF-8";
+ LC_MONETARY = "en_US.UTF-8";
+ LC_NAME = "en_US.UTF-8";
+ LC_NUMERIC = "en_US.UTF-8";
+ LC_PAPER = "en_US.UTF-8";
+ LC_TELEPHONE = "en_US.UTF-8";
+ LC_TIME = "en_US.UTF-8";
+ };
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+
+ # Enable the GNOME Desktop Environment.
+ services.xserver.displayManager.gdm.enable = true;
+ services.xserver.desktopManager.gnome.enable = true;
+
+ # Configure keymap in X11
+ services.xserver.layout = "us";
+ services.xserver.xkbVariant = "";
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+
+ # Enable sound with pipewire.
+ sound.enable = true;
+ hardware.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ # If you want to use JACK applications, uncomment this
+ #jack.enable = true;
+
+ # use the example session manager (no others are packaged yet so this is enabled by default,
+ # no need to redefine it in your config for now)
+ #media-session.enable = true;
+ };
+
+
+ # Enable automatic login for the user.
+ services.xserver.displayManager.autoLogin.enable = true;
+ services.xserver.displayManager.autoLogin.user = "ben";
+
+ # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+ systemd.services."getty@tty1".enable = false;
+ systemd.services."autovt@tty1".enable = false;
+
+ # Allow unfree packages
+ nixpkgs.config.allowUnfree = true;
+
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+ # wget
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = {
+ # enable = true;
+ # enableSSHSupport = true;
+ # };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ # services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "23.05"; # Did you read the comment?
+
+}
diff --git a/machines/helium.nix b/machines/helium.nix
index 97f51c8..e2eded8 100644
--- a/machines/helium.nix
+++ b/machines/helium.nix
@@ -5,15 +5,10 @@
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
in {
- imports = [ ./users.nix ];
-
- console.font = "${pkgs.fira-mono}/share/fonts/opentype/FiraMono-Regular.otf";
-
- security.sudo.wheelNeedsPassword = true;
- security.pam.yubico.enable = true;
- security.pam.yubico.debug = false;
- security.pam.yubico.control = "sufficient"; # use yubikey in lieu of password
- security.pam.yubico.mode = "challenge-response";
+ imports = [
+ ./lib/users.nix
+ ./lib/base.nix
+ ];
boot.initrd.availableKernelModules = [
"ehci_pci" "ahci"
@@ -38,29 +33,6 @@ in {
24800 # barrier
];
- time.timeZone = "America/New_York";
-
- location.latitude = 40.80;
- location.longitude = -81.52;
-
- fonts.fonts = with pkgs; [
- google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
- fira fira-code fira-code-symbols
- ];
-
- environment.systemPackages = with pkgs; [
- yubioath-desktop
- yubico-pam
- yubikey-manager
- yubikey-personalization
- ];
-
- nixpkgs = {
- config = {
- allowUnfree = true;
- allowBroken = true;
- };
- };
hardware.video.hidpi.enable = true;
hardware.enableAllFirmware = true;
@@ -76,86 +48,50 @@ in {
hardware.pulseaudio.daemon.logLevel = "debug";
# hardware.pulseaudio.extraConfig = "load-module module-loopback";
- programs = {
- bash.enableCompletion = true;
- command-not-found.enable = true;
- light.enable = true;
- gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
- mosh.enable = true;
- ssh.agentTimeout = "1h";
- };
+ services.udev.extraRules = ''
+ # allows xlock to read the yubikey for challenge-response when unlocking.
+ # you need to do 'udevadm control --reload && udevadm trigger' after
+ # changing this. 'ykinfo -v' without sudo should work.
+ ACTION!="add|change", GOTO="yubico_end", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", OWNER="ben", MODE="0600"
+ LABEL="yubico_end"
+
+ # when yubi is removed, activate yubilock
+ #ACTION=="remove", ENV{ID_BUS}=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", ENV{ID_SERIAL}="Yubico_Yubikey_4_OTP+U2F+CCID", RUN+="${pkgs.systemd}/bin/systemctl start xlock"
+
+ # coldcard https://github.com/Coldcard/ckcc-protocol/blob/6b6052b38c354c6edc0df79f753f455f286d7b4a/51-coinkite.rules
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", GROUP="plugdev", MODE="0666"
+ KERNEL=="hidraw*", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", GROUP="plugdev", MODE="0666"
+
+ #Flipper Zero serial port
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess"
+ #Flipper Zero DFU
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", TAG+="uaccess"
+ ''; # flipper is not in 21.11: + "${pkgs.qFlipper}/etc/udev/rules.d/42-flipperzero.rules";
+
+ services.xserver.enable = true;
+ services.xserver.autorun = true;
+ services.xserver.layout = "us";
+ services.xserver.libinput.enable = true;
+ services.xserver.libinput.mouse.additionalOptions = ''
+ Option "ScrollMethod" "Button"
+ Option "ScrollButton" "3"
+ '';
+ services.xserver.libinput.mouse.buttonMapping = "1 2 8 4 5 6 7 3 9";
+ services.xserver.dpi = 156;
+
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.desktopManager.plasma5.enable = true;
+ services.xserver.desktopManager.wallpaper.mode = "fill";
+
+ services.xserver.xautolock.enable = false;
+ services.xserver.xautolock.locker = "${pkgs.xlockmore}/bin/xlock -mode matrix";
+ services.xserver.xautolock.nowlocker = "${pkgs.xlockmore}/bin/xlock -mode matrix"; # xautolock -locknow
+ services.xserver.xautolock.time = 5; # minutes
+ services.xserver.xautolock.enableNotifier = true;
+ services.xserver.xautolock.notify = 30; # seconds
+ services.xserver.xautolock.notifier = ''${pkgs.libnotify}/bin/notify-send "Locking in 30 seconds"'';
- services = {
- pcscd.enable = true;
-
- logind.lidSwitch = "suspend";
- logind.lidSwitchDocked = "lock";
- logind.lidSwitchExternalPower = "lock";
- #logind.extraConfig = "IdleAction=lock";
-
- clight.enable = true;
- clight.temperature.day = 6500;
- clight.temperature.night = 1800;
-
- printing.enable = true;
-
- xserver.enable = true;
- xserver.autorun = true;
- xserver.layout = "us";
- xserver.libinput.enable = true;
- xserver.libinput.mouse.additionalOptions = ''
- Option "ScrollMethod" "Button"
- Option "ScrollButton" "3"
- '';
- xserver.libinput.mouse.buttonMapping = "1 2 8 4 5 6 7 3 9";
- xserver.xkbOptions = "caps:ctrl_modifier";
- xserver.dpi = 156;
-
- xserver.displayManager.sddm.enable = true;
- xserver.windowManager.xmonad.enable = true;
- xserver.desktopManager.plasma5.enable = true;
- xserver.desktopManager.wallpaper.mode = "fill";
-
- xserver.xautolock.enable = false;
- xserver.xautolock.locker = "${pkgs.xlockmore}/bin/xlock -mode matrix";
- xserver.xautolock.nowlocker = "${pkgs.xlockmore}/bin/xlock -mode matrix"; # xautolock -locknow
- xserver.xautolock.time = 5; # minutes
- #xserver.xautolock.killer = "${pkgs.systemd}/bin/systemctl suspend";
- #xserver.xautolock.killtime = 120; # minutes
- xserver.xautolock.enableNotifier = true;
- xserver.xautolock.notify = 30; # seconds
- xserver.xautolock.notifier = ''${pkgs.libnotify}/bin/notify-send "Locking in 30 seconds"'';
-
- vnstat.enable = true;
-
- # security stuff
- fail2ban.enable = true;
- clamav.daemon.enable = false;
- clamav.updater.enable = false;
-
- udev.extraRules = ''
- # allows xlock to read the yubikey for challenge-response when unlocking.
- # you need to do 'udevadm control --reload && udevadm trigger' after
- # changing this. 'ykinfo -v' without sudo should work.
- ACTION!="add|change", GOTO="yubico_end", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", OWNER="ben", MODE="0600"
- LABEL="yubico_end"
-
- # when yubi is removed, activate yubilock
- #ACTION=="remove", ENV{ID_BUS}=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", ENV{ID_SERIAL}="Yubico_Yubikey_4_OTP+U2F+CCID", RUN+="${pkgs.systemd}/bin/systemctl start xlock"
-
- # coldcard https://github.com/Coldcard/ckcc-protocol/blob/6b6052b38c354c6edc0df79f753f455f286d7b4a/51-coinkite.rules
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", GROUP="plugdev", MODE="0666"
- KERNEL=="hidraw*", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", GROUP="plugdev", MODE="0666"
-
- #Flipper Zero serial port
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess"
- #Flipper Zero DFU
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", TAG+="uaccess"
- ''; # flipper is not in 21.11: + "${pkgs.qFlipper}/etc/udev/rules.d/42-flipperzero.rules";
- };
systemd.services = {
"xlock" = {
enable = false;
@@ -178,19 +114,6 @@ in {
powerManagement.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- nix.nixPath = [
- "nixpkgs=${nixpkgs}"
- "nixos-config=/etc/nixos/configuration.nix"
- "/nix/var/nix/profiles/per-user/root/channels"
- ];
-
- nix.gc.automatic = false;
- nix.gc.dates = "03:15";
-
- nix.extraOptions = ''
- builders-use-substitutes = true
- '';
-
nix.buildMachines = [
{
hostName = "dev.simatime.com";
diff --git a/machines/lib/base.nix b/machines/lib/base.nix
new file mode 100644
index 0000000..3805aa4
--- /dev/null
+++ b/machines/lib/base.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+let
+ nixpkgs = builtins.fetchTarball (import ../../nixpkgs.nix);
+in {
+ console.font = "${pkgs.fira-code}/share/fonts/truetype/FiraCode-VF.ttf";
+
+ environment.systemPackages = with pkgs; [
+ yubioath-flutter
+ yubico-pam
+ yubikey-manager
+ yubikey-personalization
+ ];
+
+
+ fonts.fonts = with pkgs; [
+ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+ fira fira-code fira-code-symbols
+ ];
+
+ location.latitude = 40.80;
+ location.longitude = -81.52;
+
+ programs.bash.enableCompletion = true;
+ programs.command-not-found.enable = true;
+ programs.light.enable = true;
+ programs.gnupg.agent.enable = true;
+ programs.gnupg.agent.enableSSHSupport = true;
+ programs.mosh.enable = true;
+ programs.ssh.agentTimeout = "1h";
+
+ security.pam.yubico.control = "sufficient"; # use yubikey in lieu of password
+ security.pam.yubico.debug = false;
+ security.pam.yubico.enable = true;
+ security.pam.yubico.mode = "challenge-response";
+ security.sudo.wheelNeedsPassword = true;
+
+ services.pcscd.enable = true;
+
+ services.logind.lidSwitch = "suspend";
+ services.logind.lidSwitchDocked = "lock";
+ services.logind.lidSwitchExternalPower = "lock";
+
+ services.clight.enable = true;
+ services.clight.temperature.day = 6500;
+ services.clight.temperature.night = 1800;
+
+ services.printing.enable = true;
+
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+
+ services.vnstat.enable = true;
+
+ services.fail2ban.enable = true;
+ services.clamav.daemon.enable = false;
+ services.clamav.updater.enable = false;
+
+ nix.nixPath = [
+ "nixpkgs=${nixpkgs}"
+ "nixos-config=/etc/nixos/configuration.nix"
+ "/nix/var/nix/profiles/per-user/root/channels"
+ ];
+ nix.gc.automatic = false;
+ nix.gc.dates = "03:15";
+ nix.extraOptions = ''
+ builders-use-substitutes = true
+ '';
+
+ nixpkgs.config.allowUnfree = true;
+ nixpkgs.config.allowBroken = true;
+
+ time.timeZone = "America/New_York";
+}
diff --git a/machines/users.nix b/machines/lib/users.nix
index e64e61a..a9235d1 100644
--- a/machines/users.nix
+++ b/machines/lib/users.nix
@@ -4,14 +4,13 @@ let
benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium";
in
{
- users = {
- users = {
- ben = {
- isNormalUser = true;
- home = "/home/ben";
- openssh.authorizedKeys.keys = [ "${benKey}" ];
- extraGroups = [ "wheel" "networkmanager" "docker" "audio" "video"];
- };
+ users.users = {
+ ben = {
+ isNormalUser = true;
+ description = "Ben Sima";
+ home = "/home/ben";
+ openssh.authorizedKeys.keys = [ "${benKey}" ];
+ extraGroups = [ "wheel" "networkmanager" "docker" "audio" "video"];
};
};
}