1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
{ config, lib, pkgs, ... }:
# usual environment, as a thin OS
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
in {
imports = [
./lib/users.nix
./lib/base.nix
];
boot.initrd.availableKernelModules = [
"ehci_pci" "ahci"
"usb_storage" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [];
fileSystems."/boot".device = "/dev/disk/by-label/boot";
fileSystems."/boot".fsType = "vfat";
fileSystems."/".device = "/dev/disk/by-label/nixos";
fileSystems."/".fsType = "ext4";
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
networking.hostName = "helium";
networking.networkmanager.enable = true;
networking.firewall.allowedTCPPorts = [
24800 # barrier
];
hardware.video.hidpi.enable = true;
hardware.enableAllFirmware = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.package = pkgs.bluezFull;
# hardware.acpilight.enable = true;
hardware.brillo.enable = true;
hardware.opengl.enable = true;
sound.enable = true;
sound.mediaKeys.enable = true;
hardware.pulseaudio.enable = true;
hardware.pulseaudio.daemon.logLevel = "debug";
# hardware.pulseaudio.extraConfig = "load-module module-loopback";
services.udev.extraRules = ''
# allows xlock to read the yubikey for challenge-response when unlocking.
# you need to do 'udevadm control --reload && udevadm trigger' after
# changing this. 'ykinfo -v' without sudo should work.
ACTION!="add|change", GOTO="yubico_end", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", OWNER="ben", MODE="0600"
LABEL="yubico_end"
# when yubi is removed, activate yubilock
#ACTION=="remove", ENV{ID_BUS}=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", ENV{ID_SERIAL}="Yubico_Yubikey_4_OTP+U2F+CCID", RUN+="${pkgs.systemd}/bin/systemctl start xlock"
# coldcard https://github.com/Coldcard/ckcc-protocol/blob/6b6052b38c354c6edc0df79f753f455f286d7b4a/51-coinkite.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", GROUP="plugdev", MODE="0666"
KERNEL=="hidraw*", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", GROUP="plugdev", MODE="0666"
#Flipper Zero serial port
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess"
#Flipper Zero DFU
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", TAG+="uaccess"
''; # flipper is not in 21.11: + "${pkgs.qFlipper}/etc/udev/rules.d/42-flipperzero.rules";
services.xserver.enable = true;
services.xserver.autorun = true;
services.xserver.layout = "us";
services.xserver.libinput.enable = true;
services.xserver.libinput.mouse.additionalOptions = ''
Option "ScrollMethod" "Button"
Option "ScrollButton" "3"
'';
services.xserver.libinput.mouse.buttonMapping = "1 2 8 4 5 6 7 3 9";
services.xserver.dpi = 156;
services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.wallpaper.mode = "fill";
services.xserver.xautolock.enable = false;
services.xserver.xautolock.locker = "${pkgs.xlockmore}/bin/xlock -mode matrix";
services.xserver.xautolock.nowlocker = "${pkgs.xlockmore}/bin/xlock -mode matrix"; # xautolock -locknow
services.xserver.xautolock.time = 5; # minutes
services.xserver.xautolock.enableNotifier = true;
services.xserver.xautolock.notify = 30; # seconds
services.xserver.xautolock.notifier = ''${pkgs.libnotify}/bin/notify-send "Locking in 30 seconds"'';
systemd.services = {
"xlock" = {
enable = false;
script = "xlock";
path = [ pkgs.xlockmore ];
# nat sure about these targets
wantedBy = [ "sleep.target" "suspend.target" "hibernate.target" ];
after = [ "sleep.target" "suspend.target" "hibernate.target" ];
environment = { DISPLAY = ":0"; };
# i think i can get rid of user if I use this script:
# https://0day.work/locking-the-screen-when-removing-a-yubikey/
serviceConfig.User = "ben";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
powerManagement.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
nix.buildMachines = [
{
hostName = "dev.simatime.com";
sshUser = "ben";
sshKey = "/home/ben/.ssh/id_rsa";
system = "x86_64-linux";
supportedFeatures = [
"x86_64-linux"
"big-parallel"
];
}
];
nix.distributedBuilds = true;
nix.settings.trusted-users = [ "root" "ben" ];
nix.settings.substituters = [ "https://cache.nixos.org/" ];
nix.settings.max-jobs = lib.mkDefault 4;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
system.autoUpgrade.enable = true;
}
|