{ config, lib, pkgs, ... }: # My airgapped machine for generating and backing up security keys let nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); in { security.sudo.wheelNeedsPassword = false; #security.pam.services."user".yubicoAuth = true; #security.pam.yubico.enable = true; #security.pam.yubico.control = "sufficient"; # pam.conf(5) #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1) #file."~/.yubico/authorized_yubikeys" = ; networking = { hostName = "beryllium"; networkmanager.enable = false; }; time.timeZone = "America/New_York"; environment.systemPackages = [ pkgs.brightnessctl ]; nixpkgs = { config = { allowUnfree = false; allowBroken = false; }; }; hardware = { enableAllFirmware = ; bluetooth.enable = false; }; programs = { bash.enableCompletion = true; command-not-found.enable = true; light.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; }; services = { pcscd = { enable = true; }; printing.enable = true; xserver = { enable = true; autorun = true; layout = "us"; libinput.enable = true; xkbOptions = "caps:ctrl_modifier"; displayManager.sddm.enable = true; windowManager.xmonad.enable = true; desktopManager = { xterm.enable = true; }; }; # security stuff clamav = { daemon.enable = true; }; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; powerManagement.enable = false; nix = { nixPath = [ "nixpkgs=${nixpkgs}" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; binaryCaches = [ ]; extraOptions = '' keep-outputs = true keep-derivations = true builders-use-substitutes = true ''; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "19.03"; # Did you read the comment? system.autoUpgrade.enable = false; }