Get Biz.Dev setup again

Also correctly renamed the files (didn't work the first time thanks to the macOS filesystem) and moved the default build.os settings to a OsBase.nix file to be used via imports.
author: Ben Sima <ben@bsima.me> 2020-11-12 17:13:39 -0800
committer: Ben Sima <ben@bsima.me> 2020-11-12 17:21:13 -0800
commit: 890e44ebcc11c48f7347aa60748a84c48261aa5e (patch)
tree: 894e30ce7a0c81ef3968c04f82d068a65c15b0f5
parent: 19f5402bec9f6346463b83536cc22d7f4525bc18 (diff)
13 files changed, 121 insertions, 74 deletions
diff --git a/Biz/Bild/Rules.nix b/Biz/Bild/Rules.nix
index 9fea5df..e6a6979 100644
--- a/Biz/Bild/Rules.nix
+++ b/Biz/Bild/Rules.nix
@@ -128,27 +128,5 @@ in {
     shellHook = ". ${./ShellHook.sh}";
   };
 
-  os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg {
-    boot.cleanTmpDir = true;
-    networking.firewall.allowPing = true;
-    nix.binaryCaches = [ "https://cache.nixos.org" ];
-    nix.gc.automatic = true;
-    nix.gc.dates = "Sunday 02:15";
-    nix.optimise.automatic = true;
-    nix.optimise.dates = [ "Sunday 02:30" ];
-    nixpkgs.overlays = overlays;
-    programs.mosh.enable = true;
-    programs.mosh.withUtempter = true;
-    security.acme.email = "ben@bsima.me";
-    security.acme.acceptTerms = true;
-    security.sudo.wheelNeedsPassword = false;
-    services.clamav.daemon.enable = true; # security
-    services.clamav.updater.enable = true; # security
-    services.fail2ban.enable = true; # security
-    services.openssh.enable = true;
-    services.openssh.openFirewall = true;
-    services.openssh.forwardX11 = true;
-    services.openssh.passwordAuthentication = false;
-    system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
-  })).toplevel;
+  os = cfg: (nixos (args: cfg)).toplevel;
 }
diff --git a/Biz/Bild/Sources.json b/Biz/Bild/Sources.json
index d2565a7..da5e255 100644
--- a/Biz/Bild/Sources.json
+++ b/Biz/Bild/Sources.json
@@ -51,15 +51,15 @@
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
-        "branch": "nixos-19.09",
+        "branch": "nixos-20.09",
         "description": "Nix Packages collection",
         "homepage": "https://github.com/NixOS/nixpkgs",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b0c285807d6a9f1b7562ec417c24fa1a30ecc31a",
-        "sha256": "0waapr7aqz0h1fy1fqlx981ygllh91qx9sz1l2j2h59s46cdircl",
+        "rev": "d105075a1fd870b1d1617a6008cb38b443e65433",
+        "sha256": "1jcs44wn0s6mlf2jps25bvcai1rij9b2dil6zcj8zqwf2i8xmqjh",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/b0c285807d6a9f1b7562ec417c24fa1a30ecc31a.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/d105075a1fd870b1d1617a6008cb38b443e65433.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "regex-applicative": {
diff --git a/Biz/Dev/configuration.nix b/Biz/Dev/Configuration.nix
index 6664163..70c2d36 100644
--- a/Biz/Dev/configuration.nix
+++ b/Biz/Dev/Configuration.nix
@@ -5,6 +5,7 @@ let
   torrents = { from = 6000; to = 6999; };
 in {
   networking = {
+    hostName = "lithium";
     hosts = {
       "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
     };
@@ -29,6 +30,24 @@ in {
       checkReversePath = false;
     };
 
+    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+    # Per-interface useDHCP will be mandatory in the future, so this generated config
+    # replicates the default behaviour.
+    useDHCP = false;
+    interfaces.enp1s0.useDHCP = true;
+    interfaces.wlp0s20f0u4.useDHCP = true;
+
+    wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+    wireless.interfaces = [ "wlp0s20f0u4" ];
+    wireless.networks = {
+      Simanet = {
+        psk = "1123581321";
+      };
+      Simanet-5g = {
+        psk = "1123581321";
+        priority = 1;
+      };
+    };
   };
 
   # Use the systemd-boot EFI boot loader.
@@ -36,13 +55,6 @@ in {
   boot.loader.efi.canTouchEfiVariables = true;
   boot.enableContainers = true;
 
-  boot.initrd.luks.devices = {
-    root = {
-      device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
-      preLVM = true;
-    };
-  };
-
   powerManagement.enable = false;
 
   time.timeZone = "America/Los_Angeles";
@@ -52,7 +64,10 @@ in {
     fira fira-code fira-code-symbols
   ];
 
-  environment.systemPackages = [ pkgs.wemux pkgs.tmux ];
+  environment.systemPackages = [
+    #pkgs.wemux
+    pkgs.tmux
+  ];
 
   nixpkgs = {
     config = {
@@ -124,14 +139,34 @@ in {
 
     xserver = {
       enable = true;
+      autorun = true;
       layout = "us";
       xkbOptions = "caps:ctrl_modifier";
-      displayManager.sddm.enable = true;
+      displayManager = {
+        sddm = {
+          enable = true;
+          enableHidpi = true;
+        };
+        #startx.enable = true;
+        session = [
+          {
+            manage = "desktop";
+            name = "home-manager";
+            start = ''
+              ${pkgs.runtimeShell} $HOME/.hm-xsession &
+              waitPID=$!
+            '';
+          }
+        ];
+      };
       desktopManager = {
-        kodi.enable = true;
-        plasma5.enable = true;
+        #kodi.enable = false;
+        #plasma5.enable = false;
         xterm.enable = true;
       };
+      windowManager = {
+        xmonad.enable = true;
+      };
     };
 
     jupyter = {
@@ -209,5 +244,5 @@ in {
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
   # should.
-  system.stateVersion = "17.09"; # Did you read the comment?
+  system.stateVersion = "20.09"; # Did you read the comment?
 }
diff --git a/Biz/Dev/Hardware.nix b/Biz/Dev/Hardware.nix
new file mode 100644
index 0000000..7f87f74
--- /dev/null
+++ b/Biz/Dev/Hardware.nix
@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f08dd8f9-787c-4e2a-a0cc-7019edc2ce2b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/C67C-D7B5";
+      fsType = "vfat";
+    };
+
+  #fileSystems."/mnt/lake" =
+  #  { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7";
+  #    fsType = "ext4";
+  #  };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/Biz/Dev/hardware.nix b/Biz/Dev/hardware.nix
deleted file mode 100644
index fc0e7a0..0000000
--- a/Biz/Dev/hardware.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/9B89-85C7";
-      fsType = "vfat";
-    };
-
-  fileSystems."/mnt/lake" =
-    { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 4;
-  powerManagement.cpuFreqGovernor = "powersave";
-}
diff --git a/Biz/keys/ben.pub b/Biz/Keys/Ben.pub
index c661508..c661508 100644
--- a/Biz/keys/ben.pub
+++ b/Biz/Keys/Ben.pub
diff --git a/Biz/keys/deploy.pub b/Biz/Keys/Deploy.pub
index 664a2d9..664a2d9 100644
--- a/Biz/keys/deploy.pub
+++ b/Biz/Keys/Deploy.pub
diff --git a/Biz/keys/nick.pub b/Biz/Keys/Nick.pub
index 4dc08fb..4dc08fb 100644
--- a/Biz/keys/nick.pub
+++ b/Biz/Keys/Nick.pub
diff --git a/Biz/lint.py b/Biz/Lint.py
index fccda57..fccda57 100755
--- a/Biz/lint.py
+++ b/Biz/Lint.py
diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix
new file mode 100644
index 0000000..0ba3fca
--- /dev/null
+++ b/Biz/OsBase.nix
@@ -0,0 +1,24 @@
+{...}:
+{
+  boot.cleanTmpDir = true;
+  networking.firewall.allowPing = true;
+  nix.binaryCaches = [ "https://cache.nixos.org" ];
+  nix.gc.automatic = true;
+  nix.gc.dates = "Sunday 02:15";
+  nix.optimise.automatic = true;
+  nix.optimise.dates = [ "Sunday 02:30" ];
+  #nixpkgs.overlays = overlays;
+  programs.mosh.enable = true;
+  programs.mosh.withUtempter = true;
+  security.acme.email = "ben@bsima.me";
+  security.acme.acceptTerms = true;
+  security.sudo.wheelNeedsPassword = false;
+  services.clamav.daemon.enable = true; # security
+  services.clamav.updater.enable = true; # security
+  services.fail2ban.enable = true; # security
+  services.openssh.enable = true;
+  services.openssh.openFirewall = true;
+  services.openssh.forwardX11 = true;
+  services.openssh.passwordAuthentication = false;
+  system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
+}
diff --git a/Biz/packages.nix b/Biz/Packages.nix
index ea032fe..ea032fe 100644
--- a/Biz/packages.nix
+++ b/Biz/Packages.nix
diff --git a/Biz/users.nix b/Biz/Users.nix
index c7c4041..8a804ca 100644
--- a/Biz/users.nix
+++ b/Biz/Users.nix
@@ -21,12 +21,16 @@
     # humans
     #
     root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ];
+    root.password = "erewhon";
+
     ben = {
       description = "Ben Sima";
       isNormalUser = true;
       home = "/home/ben";
       openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ];
-      extraGroups = [ "wheel" "networkmanager" "docker" ];
+      extraGroups = [ "wheel" "docker" ];
+      hashedPassword =
+        "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY.";
     };
     nick = {
       description = "Nick Sima";
diff --git a/default.nix b/default.nix
index 8f2a382..882ffa5 100644
--- a/default.nix
+++ b/default.nix
@@ -11,6 +11,7 @@ in rec {
   #
   Biz.Cloud = build.os {
     imports = [
+      ./Biz/OsBase.nix
       ./Biz/Packages.nix
       ./Biz/Users.nix
       ./Biz/Cloud/Chat.nix
@@ -29,6 +30,7 @@ in rec {
   #
   Biz.Dev = build.os {
     imports = [
+      ./Biz/OsBase.nix
       ./Biz/Packages.nix
       ./Biz/Users.nix
       ./Biz/Dev/Configuration.nix
@@ -41,6 +43,7 @@ in rec {
   #
   Que.Prod = build.os {
     imports = [
+      ./Biz/OsBase.nix
       ./Biz/Packages.nix
       ./Biz/Users.nix
       ./Que/Host.nix
@@ -63,6 +66,7 @@ in rec {
   # Production server for herocomics.app
   Hero.Prod = build.os {
     imports = [
+      ./Biz/OsBase.nix
       ./Biz/Packages.nix
       ./Biz/Users.nix
       ./Hero/Service.nix
author	Ben Sima <ben@bsima.me>	2020-11-12 17:13:39 -0800
committer	Ben Sima <ben@bsima.me>	2020-11-12 17:21:13 -0800
commit	890e44ebcc11c48f7347aa60748a84c48261aa5e (patch)
tree	894e30ce7a0c81ef3968c04f82d068a65c15b0f5
parent	19f5402bec9f6346463b83536cc22d7f4525bc18 (diff)