From bec0be8b42bca1785922237a4c06674bb5123e0c Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Wed, 15 Sep 2021 21:46:34 -0400 Subject: update machines, wip oxygen --- machines/README.md | 9 +++++ machines/beryllium.nix | 104 ------------------------------------------------- machines/helium.nix | 2 + machines/oxygen.nix | 73 ++++++++++++++++++++++++++++++++++ 4 files changed, 84 insertions(+), 104 deletions(-) create mode 100644 machines/README.md delete mode 100644 machines/beryllium.nix create mode 100644 machines/oxygen.nix diff --git a/machines/README.md b/machines/README.md new file mode 100644 index 0000000..ae7ad68 --- /dev/null +++ b/machines/README.md @@ -0,0 +1,9 @@ +NixOS configurations I use. + +To create a vm, for example: + + nixos-generate -f virtualbox -c ./oxygen.nix + +Available formats are listed here: +https://github.com/nix-community/nixos-generators#supported-formats + diff --git a/machines/beryllium.nix b/machines/beryllium.nix deleted file mode 100644 index 3d0a452..0000000 --- a/machines/beryllium.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ config, lib, pkgs, ... }: - -# My airgapped machine for generating and backing up security keys - -let - nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); -in { - - security.sudo.wheelNeedsPassword = false; - #security.pam.services."user".yubicoAuth = true; - #security.pam.yubico.enable = true; - #security.pam.yubico.control = "sufficient"; # pam.conf(5) - #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1) - #file."~/.yubico/authorized_yubikeys" = ; - - networking = { - hostName = "beryllium"; - networkmanager.enable = false; - }; - - time.timeZone = "America/New_York"; - - environment.systemPackages = [ - pkgs.brightnessctl - ]; - - nixpkgs = { - config = { - allowUnfree = false; - allowBroken = false; - }; - }; - - hardware = { - enableAllFirmware = ; - bluetooth.enable = false; - }; - - programs = { - bash.enableCompletion = true; - command-not-found.enable = true; - light.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - - services = { - pcscd = { - enable = true; - }; - - printing.enable = true; - - xserver = { - enable = true; - autorun = true; - layout = "us"; - libinput.enable = true; - - xkbOptions = "caps:ctrl_modifier"; - - displayManager.sddm.enable = true; - - windowManager.xmonad.enable = true; - desktopManager = { - xterm.enable = true; - }; - }; - - # security stuff - clamav = { - daemon.enable = true; - }; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - powerManagement.enable = false; - - nix = { - nixPath = [ - "nixpkgs=${nixpkgs}" - "nixos-config=/etc/nixos/configuration.nix" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - binaryCaches = [ ]; - extraOptions = '' - keep-outputs = true - keep-derivations = true - builders-use-substitutes = true - ''; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.03"; # Did you read the comment? - system.autoUpgrade.enable = false; -} diff --git a/machines/helium.nix b/machines/helium.nix index f8850cb..84e3da1 100644 --- a/machines/helium.nix +++ b/machines/helium.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: +# Dev environment, + let nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); in { diff --git a/machines/oxygen.nix b/machines/oxygen.nix new file mode 100644 index 0000000..309cd20 --- /dev/null +++ b/machines/oxygen.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +# My airgapped machine for generating and backing up security keys + +let + nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); +in { + + security.sudo.wheelNeedsPassword = false; + #security.pam.services."user".yubicoAuth = true; + #security.pam.yubico.enable = true; + #security.pam.yubico.control = "sufficient"; # pam.conf(5) + #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1) + #file."~/.yubico/authorized_yubikeys" = ; + + # networking is disabled, but we still need a hostname + networking.hostName = "oxygen"; + systemd.network.enable = false; + + time.timeZone = "America/New_York"; + + environment.systemPackages = [ + pkgs.brightnessctl + ]; + + nixpkgs.config.allowUnfree = false; + nixpkgs.config.allowBroken = false; + + programs.bash.enableCompletion = true; + programs.command-not-found.enable = true; + programs.light.enable = true; + programs.gnupg.agent.enable = true; + programs.gnupg.agent.enableSSHSupport = true; + + services.pcscd.enable = true; + services.printing.enable = true; + + services.xserver.enable = true; + services.xserver.autorun = true; + services.xserver.layout = "us"; + services.xserver.libinput.enable = true; + services.xserver.xkbOptions = "caps:ctrl_modifier"; + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.desktopManager.xterm.enable = true; + + services.clamav.daemon.enable = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + powerManagement.enable = false; + + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + nix.binaryCaches = [ ]; + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + builders-use-substitutes = true + ''; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? + system.autoUpgrade.enable = false; +} -- cgit v1.2.3