From 05b5e67464fe8380fb18422daf5e34e520452414 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Thu, 16 Sep 2021 16:29:16 -0400
Subject: more work on machines

---
 machines/oxygen.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'machines/oxygen.nix')

diff --git a/machines/oxygen.nix b/machines/oxygen.nix
index 309cd20..d9c89b1 100644
--- a/machines/oxygen.nix
+++ b/machines/oxygen.nix
@@ -1,12 +1,13 @@
 { config, lib, pkgs, ... }:
 
-# My airgapped machine for generating and backing up security keys
+# airgapped machine
 
 let
   nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
 in {
+  imports = [ ./users.nix ];
 
-  security.sudo.wheelNeedsPassword = false;
+  security.sudo.enable = false;
   #security.pam.services."user".yubicoAuth = true;
   #security.pam.yubico.enable = true;
   #security.pam.yubico.control = "sufficient"; # pam.conf(5)
@@ -40,15 +41,17 @@ in {
   services.xserver.layout = "us";
   services.xserver.libinput.enable = true;
   services.xserver.xkbOptions = "caps:ctrl_modifier";
-  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
   services.xserver.windowManager.xmonad.enable = true;
   services.xserver.desktopManager.xterm.enable = true;
 
-  services.clamav.daemon.enable = true;
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelParams = [
+    # this probably breaks xserver, see https://superuser.com/a/1255015
+    # "CONFIG_NET=n"
+  ];
 
   powerManagement.enable = false;
 
-- 
cgit v1.2.3