5 files changed, 188 insertions, 14 deletions
diff --git a/hel.nix b/hel.nix
new file mode 100644
index 00000000..815d283a
--- /dev/null
+++ b/hel.nix
@@ -0,0 +1,126 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{ config, pkgs, ... }:
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hel/hw.nix
+      ./hel/boot.nix
+      ./users.nix
+      ./custom/zsh.nix
+      ./custom/tinc/def.nix
+    ];
+  networking = {
+    hostName = "hel";
+    wireless = {
+      enable = true;
+      userControlled = {
+        enable = true;
+        group = "network";
+      };
+    };
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 # ssh
+                        ];
+    };
+  };
+  powerManagement.enable = true;
+  i18n = {
+    consoleFont = "lat9w-16";
+    consoleKeyMap = "dvp";
+    defaultLocale = "en_US.UTF-8";
+  };
+  environment.systemPackages = with pkgs; [
+    git
+    slock
+  ];
+  services = {
+    logind.extraConfig = ''
+      HandleLidSwitch=suspend
+    '';
+    openssh.enable = true;
+    xserver = {
+      enable = true;
+      
+      layout = "us";
+      xkbVariant = "dvp";
+      xkbOptions = "compose:caps";
+      
+      displayManager.slim = {
+        enable = true;
+        defaultUser = "gkleen";
+      };
+      desktopManager = {
+        default = "none";
+        xterm.enable = false;
+      };
+      windowManager = {
+        default = "xmonad";
+        xmonad = {
+          enable = true;
+          enableContribAndExtras = true;
+          extraPackages = haskellPackages: (with haskellPackages; []);
+        };
+      };
+      synaptics.enable = false;
+    };
+    ntp.enable = false;
+    timesyncd.enable = true;
+    customTinc.networks = (pkgs.callPackage ./custom/tinc/yggdrasil.nix {
+      name = "hel";
+      ipConf = {
+        ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
+      };
+    });
+  };
+  users = {
+    extraUsers.root = let template = (import users/gkleen.nix);
+                      in { inherit (template) shell hashedPassword; }
+  };
+  users.extraUsers.gkleen = {
+    name = "gkleen";
+    extraGroups = [ "wheel" "wlan" "lp" "scanner" "dialout" "vboxusers" ];
+    group = "users";
+    uid = 1000;
+    createHome = true;
+    home = "/home/gkleen";
+    shell = "/run/current-system/sw/bin/zsh";
+  };
+  users.extraGroups = { network = {}; };
+  security = {
+    sudo.extraConfig = ''
+      Cmnd_Alias  SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl
+      %wheel ALL=(ALL) NOPASSWD: SYSCTRL
+    '';
+    setuidPrograms = ["slock" "mount" "mount.nfs" "umount"];
+  };
+  time.timeZone = "Europe/Berlin";
+  hardware.pulseaudio = {
+    enable = true;
+  };
+}
diff --git a/hel/boot.nix b/hel/boot.nix
new file mode 100644
index 00000000..66531e5d
--- /dev/null
+++ b/hel/boot.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+{
+  boot = {
+    initrd.luks.devices = [ { name = "ssd"; device = "/dev/disk/by-uuid/sH2z1p-XRak-v8eq-YLMb-XIk1-5j8o-psLUa5"; }
+                          ];
+    loader = {
+      gummiboot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+}
diff --git a/hel/hw.nix b/hel/hw.nix
new file mode 100644
index 00000000..9c5126ad
--- /dev/null
+++ b/hel/hw.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/hel-btrfs";
+      fsType = "btrfs";
+    };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3ADC-E1CD";
+      fsType = "vfat";
+    };
+  swapDevices =
+    [ { device = "/dev/disk/by-label/hel-swap"; }
+    ];
+  nix.maxJobs = lib.mkDefault 4;
+  hardware.trackpoint = {
+    enable = true;
+    emulateWheel = true;
+    sensitivity = 255;
+  };
+}
diff --git a/users.nix b/users.nix
index 1e5af593..8b849e8e 100644
--- a/users.nix
+++ b/users.nix
@@ -1,20 +1,23 @@
 {config, ...}:
 let
-  ymirUsers = {
+  baseUsers = {
-    "mherold" = import ./users/mherold.nix;
+    "gkleen" = import ./users/gkleen.nix;
-    "llovisa" = import ./users/llovisa.nix;
+  };
-    "vkleen" = import ./users/vkleen.nix;
+  extraUsers = {
-    "tkleen" = import ./users/tkleen.nix;
+    ymir = {
-    "mkleen" = import ./users/mkleen.nix;
+      "mherold" = import ./users/mherold.nix;
-    "lkellers" = import ./users/lkellers.nix;
+      "llovisa" = import ./users/llovisa.nix;
-    "mwgnr" = import ./users/mwagner.nix;
+      "vkleen" = import ./users/vkleen.nix;
-    "ineumann" = import ./users/ineumann.nix;
+      "tkleen" = import ./users/tkleen.nix;
+      "mkleen" = import ./users/mkleen.nix;
+      "lkellers" = import ./users/lkellers.nix;
+      "mwgnr" = import ./users/mwagner.nix;
+      "ineumann" = import ./users/ineumann.nix;
+    };
  };
+  host = config.networking.hostName;
 in {
  users.mutableUsers = false;
-  users.defaultUserShell = "/run/current-system/sw/bin/zsh";
+  users.extraUsers = baseUsers // (if extraUsers ? host then extraUsers."${host}" else {});
-  users.extraUsers = {
-    "gkleen" = import ./users/gkleen.nix;
-  } // (if config.networking.hostName == "ymir" then ymirUsers else {});
 }
diff --git a/users/gkleen.nix b/users/gkleen.nix
index c23821f8..f498e946 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
 {
  name = "gkleen";
  description = "Gregor Kleen";
-  extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ];
+  extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ];
  group = "users";
  uid = 1000;
  createHome = true;

diff --git a/hel.nix b/hel.nix new file mode 100644 index 00000000..815d283a --- /dev/null +++ b/hel.nix
@@ -0,0 +1,126 @@
		1	# Edit this configuration file to define what should be installed on
		2	# your system. Help is available in the configuration.nix(5) man page
		3	# and in the NixOS manual (accessible by running ‘nixos-help’).
		4
		5	{ config, pkgs, ... }:
		6
		7	{
		8	imports =
		9	[ # Include the results of the hardware scan.
		10	./hel/hw.nix
		11	./hel/boot.nix
		12	./users.nix
		13	./custom/zsh.nix
		14	./custom/tinc/def.nix
		15	];
		16
		17	networking = {
		18	hostName = "hel";
		19	wireless = {
		20	enable = true;
		21	userControlled = {
		22	enable = true;
		23	group = "network";
		24	};
		25	};
		26
		27	firewall = {
		28	enable = true;
		29	allowedTCPPorts = [ 22 # ssh
		30	];
		31	};
		32	};
		33
		34	powerManagement.enable = true;
		35
		36	i18n = {
		37	consoleFont = "lat9w-16";
		38	consoleKeyMap = "dvp";
		39	defaultLocale = "en_US.UTF-8";
		40	};
		41
		42	environment.systemPackages = with pkgs; [
		43	git
		44	slock
		45	];
		46
		47	services = {
		48	logind.extraConfig = ''
		49	HandleLidSwitch=suspend
		50	'';
		51
		52	openssh.enable = true;
		53
		54	xserver = {
		55	enable = true;
		56
		57	layout = "us";
		58	xkbVariant = "dvp";
		59	xkbOptions = "compose:caps";
		60
		61	displayManager.slim = {
		62	enable = true;
		63	defaultUser = "gkleen";
		64	};
		65
		66	desktopManager = {
		67	default = "none";
		68	xterm.enable = false;
		69	};
		70
		71	windowManager = {
		72	default = "xmonad";
		73	xmonad = {
		74	enable = true;
		75	enableContribAndExtras = true;
		76	extraPackages = haskellPackages: (with haskellPackages; []);
		77	};
		78	};
		79
		80	synaptics.enable = false;
		81	};
		82
		83	ntp.enable = false;
		84	timesyncd.enable = true;
		85
		86	customTinc.networks = (pkgs.callPackage ./custom/tinc/yggdrasil.nix {
		87	name = "hel";
		88	ipConf = {
		89	ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
		90	};
		91	});
		92	};
		93
		94	users = {
		95	extraUsers.root = let template = (import users/gkleen.nix);
		96	in { inherit (template) shell hashedPassword; }
		97	};
		98
		99	users.extraUsers.gkleen = {
		100	name = "gkleen";
		101	extraGroups = [ "wheel" "wlan" "lp" "scanner" "dialout" "vboxusers" ];
		102	group = "users";
		103	uid = 1000;
		104	createHome = true;
		105	home = "/home/gkleen";
		106	shell = "/run/current-system/sw/bin/zsh";
		107	};
		108
		109	users.extraGroups = { network = {}; };
		110
		111	security = {
		112	sudo.extraConfig = ''
		113	Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl
		114	%wheel ALL=(ALL) NOPASSWD: SYSCTRL
		115	'';
		116
		117	setuidPrograms = ["slock" "mount" "mount.nfs" "umount"];
		118	};
		119
		120	time.timeZone = "Europe/Berlin";
		121
		122	hardware.pulseaudio = {
		123	enable = true;
		124	};
		125	}
		126


diff --git a/hel/boot.nix b/hel/boot.nix new file mode 100644 index 00000000..66531e5d --- /dev/null +++ b/hel/boot.nix
@@ -0,0 +1,12 @@
		1	{ config, lib, pkgs, ... }:
		2
		3	{
		4	boot = {
		5	initrd.luks.devices = [ { name = "ssd"; device = "/dev/disk/by-uuid/sH2z1p-XRak-v8eq-YLMb-XIk1-5j8o-psLUa5"; }
		6	];
		7	loader = {
		8	gummiboot.enable = true;
		9	efi.canTouchEfiVariables = true;
		10	};
		11	};
		12	}


diff --git a/hel/hw.nix b/hel/hw.nix new file mode 100644 index 00000000..9c5126ad --- /dev/null +++ b/hel/hw.nix
@@ -0,0 +1,33 @@
		1	{ config, lib, pkgs, ... }:
		2
		3	{
		4	imports =
		5	[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
		6	];
		7
		8	boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
		9	boot.kernelModules = [ "kvm-intel" ];
		10	boot.extraModulePackages = [ ];
		11
		12	fileSystems."/" =
		13	{ device = "/dev/disk/by-label/hel-btrfs";
		14	fsType = "btrfs";
		15	};
		16
		17	fileSystems."/boot" =
		18	{ device = "/dev/disk/by-uuid/3ADC-E1CD";
		19	fsType = "vfat";
		20	};
		21
		22	swapDevices =
		23	[ { device = "/dev/disk/by-label/hel-swap"; }
		24	];
		25
		26	nix.maxJobs = lib.mkDefault 4;
		27
		28	hardware.trackpoint = {
		29	enable = true;
		30	emulateWheel = true;
		31	sensitivity = 255;
		32	};
		33	}


diff --git a/users.nix b/users.nix index 1e5af593..8b849e8e 100644 --- a/users.nix +++ b/users.nix
@@ -1,20 +1,23 @@
1	{config, ...}:	1	{config, ...}:
2		2
3	let	3	let
4	ymirUsers = {	4	baseUsers = {
5	"mherold" = import ./users/mherold.nix;	5	"gkleen" = import ./users/gkleen.nix;
6	"llovisa" = import ./users/llovisa.nix;	6	};
7	"vkleen" = import ./users/vkleen.nix;	7	extraUsers = {
8	"tkleen" = import ./users/tkleen.nix;	8	ymir = {
9	"mkleen" = import ./users/mkleen.nix;	9	"mherold" = import ./users/mherold.nix;
10	"lkellers" = import ./users/lkellers.nix;	10	"llovisa" = import ./users/llovisa.nix;
11	"mwgnr" = import ./users/mwagner.nix;	11	"vkleen" = import ./users/vkleen.nix;
12	"ineumann" = import ./users/ineumann.nix;	12	"tkleen" = import ./users/tkleen.nix;
		13	"mkleen" = import ./users/mkleen.nix;
		14	"lkellers" = import ./users/lkellers.nix;
		15	"mwgnr" = import ./users/mwagner.nix;
		16	"ineumann" = import ./users/ineumann.nix;
		17	};
13	};	18	};
		19	host = config.networking.hostName;
14	in {	20	in {
15	users.mutableUsers = false;	21	users.mutableUsers = false;
16	users.defaultUserShell = "/run/current-system/sw/bin/zsh";	22	users.extraUsers = baseUsers // (if extraUsers ? host then extraUsers."${host}" else {});
17	users.extraUsers = {
18	"gkleen" = import ./users/gkleen.nix;
19	} // (if config.networking.hostName == "ymir" then ymirUsers else {});
20	}	23	}


diff --git a/users/gkleen.nix b/users/gkleen.nix index c23821f8..f498e946 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
1	{	1	{
2	name = "gkleen";	2	name = "gkleen";
3	description = "Gregor Kleen";	3	description = "Gregor Kleen";
4	extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ];	4	extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ];
5	group = "users";	5	group = "users";
6	uid = 1000;	6	uid = 1000;
7	createHome = true;	7	createHome = true;