From d3503a13da2bdaf11adcc72bca44214960c23190 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Tue, 31 Aug 2021 08:58:19 -0400 Subject: stub beryllium config --- machines/beryllium.nix | 104 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 machines/beryllium.nix diff --git a/machines/beryllium.nix b/machines/beryllium.nix new file mode 100644 index 0000000..3d0a452 --- /dev/null +++ b/machines/beryllium.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +# My airgapped machine for generating and backing up security keys + +let + nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); +in { + + security.sudo.wheelNeedsPassword = false; + #security.pam.services."user".yubicoAuth = true; + #security.pam.yubico.enable = true; + #security.pam.yubico.control = "sufficient"; # pam.conf(5) + #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1) + #file."~/.yubico/authorized_yubikeys" = ; + + networking = { + hostName = "beryllium"; + networkmanager.enable = false; + }; + + time.timeZone = "America/New_York"; + + environment.systemPackages = [ + pkgs.brightnessctl + ]; + + nixpkgs = { + config = { + allowUnfree = false; + allowBroken = false; + }; + }; + + hardware = { + enableAllFirmware = ; + bluetooth.enable = false; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + light.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + + services = { + pcscd = { + enable = true; + }; + + printing.enable = true; + + xserver = { + enable = true; + autorun = true; + layout = "us"; + libinput.enable = true; + + xkbOptions = "caps:ctrl_modifier"; + + displayManager.sddm.enable = true; + + windowManager.xmonad.enable = true; + desktopManager = { + xterm.enable = true; + }; + }; + + # security stuff + clamav = { + daemon.enable = true; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + powerManagement.enable = false; + + nix = { + nixPath = [ + "nixpkgs=${nixpkgs}" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + binaryCaches = [ ]; + extraOptions = '' + keep-outputs = true + keep-derivations = true + builders-use-substitutes = true + ''; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? + system.autoUpgrade.enable = false; +} -- cgit v1.2.3