From 2b23714e642554c747ad8e750a6504d4fd0da5b0 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Wed, 15 May 2024 21:04:08 -0400 Subject: add boron --- machines/lib/base.nix | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++ machines/lib/users.nix | 16 +++++++++++ 2 files changed, 89 insertions(+) create mode 100644 machines/lib/base.nix create mode 100644 machines/lib/users.nix (limited to 'machines/lib') diff --git a/machines/lib/base.nix b/machines/lib/base.nix new file mode 100644 index 0000000..3805aa4 --- /dev/null +++ b/machines/lib/base.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +let + nixpkgs = builtins.fetchTarball (import ../../nixpkgs.nix); +in { + console.font = "${pkgs.fira-code}/share/fonts/truetype/FiraCode-VF.ttf"; + + environment.systemPackages = with pkgs; [ + yubioath-flutter + yubico-pam + yubikey-manager + yubikey-personalization + ]; + + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + location.latitude = 40.80; + location.longitude = -81.52; + + programs.bash.enableCompletion = true; + programs.command-not-found.enable = true; + programs.light.enable = true; + programs.gnupg.agent.enable = true; + programs.gnupg.agent.enableSSHSupport = true; + programs.mosh.enable = true; + programs.ssh.agentTimeout = "1h"; + + security.pam.yubico.control = "sufficient"; # use yubikey in lieu of password + security.pam.yubico.debug = false; + security.pam.yubico.enable = true; + security.pam.yubico.mode = "challenge-response"; + security.sudo.wheelNeedsPassword = true; + + services.pcscd.enable = true; + + services.logind.lidSwitch = "suspend"; + services.logind.lidSwitchDocked = "lock"; + services.logind.lidSwitchExternalPower = "lock"; + + services.clight.enable = true; + services.clight.temperature.day = 6500; + services.clight.temperature.night = 1800; + + services.printing.enable = true; + + services.xserver.xkbOptions = "caps:ctrl_modifier"; + + services.vnstat.enable = true; + + services.fail2ban.enable = true; + services.clamav.daemon.enable = false; + services.clamav.updater.enable = false; + + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + nix.gc.automatic = false; + nix.gc.dates = "03:15"; + nix.extraOptions = '' + builders-use-substitutes = true + ''; + + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowBroken = true; + + time.timeZone = "America/New_York"; +} diff --git a/machines/lib/users.nix b/machines/lib/users.nix new file mode 100644 index 0000000..a9235d1 --- /dev/null +++ b/machines/lib/users.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +let + benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium"; +in +{ + users.users = { + ben = { + isNormalUser = true; + description = "Ben Sima"; + home = "/home/ben"; + openssh.authorizedKeys.keys = [ "${benKey}" ]; + extraGroups = [ "wheel" "networkmanager" "docker" "audio" "video"]; + }; + }; +} -- cgit v1.2.3