5 files changed, 188 insertions, 14 deletions

diff --git a/hel.nix b/hel.nix
new file mode 100644
index 00000000..815d283a
--- /dev/null
+++ b/hel.nix
@@ -0,0 +1,126 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hel/hw.nix
+      ./hel/boot.nix
+      ./users.nix
+      ./custom/zsh.nix
+      ./custom/tinc/def.nix
+    ];
+
+  networking = {
+    hostName = "hel";
+    wireless = {
+      enable = true;
+      userControlled = {
+        enable = true;
+        group = "network";
+      };
+    };
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 # ssh
+                        ];
+    };
+  };
+
+  powerManagement.enable = true;
+
+  i18n = {
+    consoleFont = "lat9w-16";
+    consoleKeyMap = "dvp";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    slock
+  ];
+
+  services = {
+    logind.extraConfig = ''
+      HandleLidSwitch=suspend
+    '';
+
+    openssh.enable = true;
+
+    xserver = {
+      enable = true;
+      
+      layout = "us";
+      xkbVariant = "dvp";
+      xkbOptions = "compose:caps";
+      
+      displayManager.slim = {
+        enable = true;
+        defaultUser = "gkleen";
+      };
+
+      desktopManager = {
+        default = "none";
+        xterm.enable = false;
+      };
+
+      windowManager = {
+        default = "xmonad";
+        xmonad = {
+          enable = true;
+          enableContribAndExtras = true;
+          extraPackages = haskellPackages: (with haskellPackages; []);
+        };
+      };
+
+      synaptics.enable = false;
+    };
+
+    ntp.enable = false;
+    timesyncd.enable = true;
+
+    customTinc.networks = (pkgs.callPackage ./custom/tinc/yggdrasil.nix {
+      name = "hel";
+      ipConf = {
+        ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
+      };
+    });
+  };
+
+  users = {
+    extraUsers.root = let template = (import users/gkleen.nix);
+                      in { inherit (template) shell hashedPassword; }
+  };
+
+  users.extraUsers.gkleen = {
+    name = "gkleen";
+    extraGroups = [ "wheel" "wlan" "lp" "scanner" "dialout" "vboxusers" ];
+    group = "users";
+    uid = 1000;
+    createHome = true;
+    home = "/home/gkleen";
+    shell = "/run/current-system/sw/bin/zsh";
+  };
+
+  users.extraGroups = { network = {}; };
+
+  security = {
+    sudo.extraConfig = ''
+      Cmnd_Alias  SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl
+      %wheel ALL=(ALL) NOPASSWD: SYSCTRL
+    '';
+
+    setuidPrograms = ["slock" "mount" "mount.nfs" "umount"];
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  hardware.pulseaudio = {
+    enable = true;
+  };
+}
+
diff --git a/hel/boot.nix b/hel/boot.nix
new file mode 100644
index 00000000..66531e5d
--- /dev/null
+++ b/hel/boot.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot = {
+    initrd.luks.devices = [ { name = "ssd"; device = "/dev/disk/by-uuid/sH2z1p-XRak-v8eq-YLMb-XIk1-5j8o-psLUa5"; }
+                          ];
+    loader = {
+      gummiboot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+}
diff --git a/hel/hw.nix b/hel/hw.nix
new file mode 100644
index 00000000..9c5126ad
--- /dev/null
+++ b/hel/hw.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/hel-btrfs";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3ADC-E1CD";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-label/hel-swap"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 4;
+
+  hardware.trackpoint = {
+    enable = true;
+    emulateWheel = true;
+    sensitivity = 255;
+  };
+}
diff --git a/users.nix b/users.nix
index 1e5af593..8b849e8e 100644
--- a/users.nix
+++ b/users.nix
@@ -1,20 +1,23 @@
 {config, ...}:
 
 let
-  ymirUsers = {
-    "mherold" = import ./users/mherold.nix;
-    "llovisa" = import ./users/llovisa.nix;
-    "vkleen" = import ./users/vkleen.nix;
-    "tkleen" = import ./users/tkleen.nix;
-    "mkleen" = import ./users/mkleen.nix;
-    "lkellers" = import ./users/lkellers.nix;
-    "mwgnr" = import ./users/mwagner.nix;
-    "ineumann" = import ./users/ineumann.nix;
+  baseUsers = {
+    "gkleen" = import ./users/gkleen.nix;
+  };
+  extraUsers = {
+    ymir = {
+      "mherold" = import ./users/mherold.nix;
+      "llovisa" = import ./users/llovisa.nix;
+      "vkleen" = import ./users/vkleen.nix;
+      "tkleen" = import ./users/tkleen.nix;
+      "mkleen" = import ./users/mkleen.nix;
+      "lkellers" = import ./users/lkellers.nix;
+      "mwgnr" = import ./users/mwagner.nix;
+      "ineumann" = import ./users/ineumann.nix;
+    };
   };
+  host = config.networking.hostName;
 in {
   users.mutableUsers = false;
-  users.defaultUserShell = "/run/current-system/sw/bin/zsh";
-  users.extraUsers = {
-    "gkleen" = import ./users/gkleen.nix;
-  } // (if config.networking.hostName == "ymir" then ymirUsers else {});
+  users.extraUsers = baseUsers // (if extraUsers ? host then extraUsers."${host}" else {});
 }
diff --git a/users/gkleen.nix b/users/gkleen.nix
index c23821f8..f498e946 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
 {
   name = "gkleen";
   description = "Gregor Kleen";
-  extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ];
+  extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ];
   group = "users";
   uid = 1000;
   createHome = true;