From b79e59b6a89b5053460a2c72fdf05fe475a50f37 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 12 May 2016 23:04:51 +0200 Subject: Hel --- hel.nix | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ hel/boot.nix | 12 ++++++ hel/hw.nix | 33 +++++++++++++++ users.nix | 29 +++++++------ users/gkleen.nix | 2 +- 5 files changed, 188 insertions(+), 14 deletions(-) create mode 100644 hel.nix create mode 100644 hel/boot.nix create mode 100644 hel/hw.nix diff --git a/hel.nix b/hel.nix new file mode 100644 index 00000000..815d283a --- /dev/null +++ b/hel.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hel/hw.nix + ./hel/boot.nix + ./users.nix + ./custom/zsh.nix + ./custom/tinc/def.nix + ]; + + networking = { + hostName = "hel"; + wireless = { + enable = true; + userControlled = { + enable = true; + group = "network"; + }; + }; + + firewall = { + enable = true; + allowedTCPPorts = [ 22 # ssh + ]; + }; + }; + + powerManagement.enable = true; + + i18n = { + consoleFont = "lat9w-16"; + consoleKeyMap = "dvp"; + defaultLocale = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + git + slock + ]; + + services = { + logind.extraConfig = '' + HandleLidSwitch=suspend + ''; + + openssh.enable = true; + + xserver = { + enable = true; + + layout = "us"; + xkbVariant = "dvp"; + xkbOptions = "compose:caps"; + + displayManager.slim = { + enable = true; + defaultUser = "gkleen"; + }; + + desktopManager = { + default = "none"; + xterm.enable = false; + }; + + windowManager = { + default = "xmonad"; + xmonad = { + enable = true; + enableContribAndExtras = true; + extraPackages = haskellPackages: (with haskellPackages; []); + }; + }; + + synaptics.enable = false; + }; + + ntp.enable = false; + timesyncd.enable = true; + + customTinc.networks = (pkgs.callPackage ./custom/tinc/yggdrasil.nix { + name = "hel"; + ipConf = { + ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ]; + }; + }); + }; + + users = { + extraUsers.root = let template = (import users/gkleen.nix); + in { inherit (template) shell hashedPassword; } + }; + + users.extraUsers.gkleen = { + name = "gkleen"; + extraGroups = [ "wheel" "wlan" "lp" "scanner" "dialout" "vboxusers" ]; + group = "users"; + uid = 1000; + createHome = true; + home = "/home/gkleen"; + shell = "/run/current-system/sw/bin/zsh"; + }; + + users.extraGroups = { network = {}; }; + + security = { + sudo.extraConfig = '' + Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl + %wheel ALL=(ALL) NOPASSWD: SYSCTRL + ''; + + setuidPrograms = ["slock" "mount" "mount.nfs" "umount"]; + }; + + time.timeZone = "Europe/Berlin"; + + hardware.pulseaudio = { + enable = true; + }; +} + diff --git a/hel/boot.nix b/hel/boot.nix new file mode 100644 index 00000000..66531e5d --- /dev/null +++ b/hel/boot.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { + initrd.luks.devices = [ { name = "ssd"; device = "/dev/disk/by-uuid/sH2z1p-XRak-v8eq-YLMb-XIk1-5j8o-psLUa5"; } + ]; + loader = { + gummiboot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; +} diff --git a/hel/hw.nix b/hel/hw.nix new file mode 100644 index 00000000..9c5126ad --- /dev/null +++ b/hel/hw.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-label/hel-btrfs"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3ADC-E1CD"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/hel-swap"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + + hardware.trackpoint = { + enable = true; + emulateWheel = true; + sensitivity = 255; + }; +} diff --git a/users.nix b/users.nix index 1e5af593..8b849e8e 100644 --- a/users.nix +++ b/users.nix @@ -1,20 +1,23 @@ {config, ...}: let - ymirUsers = { - "mherold" = import ./users/mherold.nix; - "llovisa" = import ./users/llovisa.nix; - "vkleen" = import ./users/vkleen.nix; - "tkleen" = import ./users/tkleen.nix; - "mkleen" = import ./users/mkleen.nix; - "lkellers" = import ./users/lkellers.nix; - "mwgnr" = import ./users/mwagner.nix; - "ineumann" = import ./users/ineumann.nix; + baseUsers = { + "gkleen" = import ./users/gkleen.nix; + }; + extraUsers = { + ymir = { + "mherold" = import ./users/mherold.nix; + "llovisa" = import ./users/llovisa.nix; + "vkleen" = import ./users/vkleen.nix; + "tkleen" = import ./users/tkleen.nix; + "mkleen" = import ./users/mkleen.nix; + "lkellers" = import ./users/lkellers.nix; + "mwgnr" = import ./users/mwagner.nix; + "ineumann" = import ./users/ineumann.nix; + }; }; + host = config.networking.hostName; in { users.mutableUsers = false; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; - users.extraUsers = { - "gkleen" = import ./users/gkleen.nix; - } // (if config.networking.hostName == "ymir" then ymirUsers else {}); + users.extraUsers = baseUsers // (if extraUsers ? host then extraUsers."${host}" else {}); } diff --git a/users/gkleen.nix b/users/gkleen.nix index c23821f8..f498e946 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix @@ -1,7 +1,7 @@ { name = "gkleen"; description = "Gregor Kleen"; - extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ]; + extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" ]; group = "users"; uid = 1000; createHome = true; -- cgit v1.2.3