# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hel/hw.nix ./hel/boot.nix ./users.nix ./custom/zsh.nix ./custom/tinc/def.nix ./custom/uucp.nix ]; system.stateVersion = "16.09"; networking = { hostName = "hel"; # wireless = { # enable = true; # userControlled = { # enable = true; # group = "network"; # }; # }; firewall = { enable = true; allowedTCPPorts = [ 22 # ssh ]; }; networkmanager = { enable = true; }; }; powerManagement.enable = true; i18n = { consoleFont = "lat9w-16"; consoleKeyMap = "dvp"; defaultLocale = "en_US.UTF-8"; }; boot.kernelPackages = pkgs.linuxPackages_latest; environment.systemPackages = with pkgs; [ git slock shadow (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; }) (callPackage ./utils/nix/rebuild-system.nix {}) libmbim libqmi ]; nixpkgs.config.packageOverrides = pkgs: rec { libmbim = pkgs.stdenv.lib.overrideDerivation pkgs.libmbim (attrs: { patches = [ ./patches/attachment-0003.patch ./patches/attachment.patch ]; buildInputs = attrs.buildInputs ++ [ pkgs.automake114x pkgs.autoconf ]; }); libqmi = pkgs.stdenv.lib.overrideDerivation pkgs.libqmi (attrs: { patches = [ ./patches/attachment-0004.patch ./patches/attachment-0005.patch ]; buildInputs = attrs.buildInputs ++ [ pkgs.automake pkgs.autoconf ]; }); }; services = { logind.extraConfig = '' HandleLidSwitch=suspend ''; openssh.enable = true; xserver = { enable = true; layout = "us"; xkbVariant = "dvp"; xkbOptions = "compose:caps"; displayManager.slim = { enable = true; defaultUser = "gkleen"; }; desktopManager = { default = "none"; xterm.enable = false; }; windowManager = { default = "xmonad"; xmonad = { enable = true; enableContribAndExtras = true; extraPackages = haskellPackages: (with haskellPackages; [ hostname ]); }; }; wacom.enable = true; multitouch.enable = true; dpi = 210; }; ntp.enable = false; timesyncd.enable = true; customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) { inherit (pkgs) stdenv nettools openresolv; connect = true; name = "hel"; ipConf = { ip4 = [ { address = "10.141.2.3"; prefixLength = 16; } ]; }; }); uucp = { enable = true; nodeName = "hel"; remoteNodes = ["isaac" "ymir"]; # legacy name for odin sshUser = { openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir'' ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin'' ]; }; sshConfig = '' Host isaac Hostname odin.asgard.yggdrasil IdentityFile ~/.ssh/odin Host ymir Hostname ymir.niflheim.yggdrasil IdentityFile ~/.ssh/ymir ''; commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" ]; defaultCommands = []; commands = { "isaac" = ["recv-media"]; }; }; postfix = { enable = true; enableSmtp = false; setSendmail = true; networksStyle = "host"; hostname = "hel.midgard.yggdrasil"; destination = []; relayHost = "uucp:ymir"; recipientDelimiter = "+"; transport = '' * uucp:ymir ''; extraMasterConf = '' uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) ''; }; }; users = { mutableUsers = false; extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; }; extraGroups = { network = {}; media = { members = [ "gkleen" "uucp" ]; }; networkmanager = { members = [ "gkleen" ]; }; }; }; security = { sudo.extraConfig = '' Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl %wheel ALL=(ALL) NOPASSWD: SYSCTRL ''; setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"]; }; time.timeZone = "Europe/Berlin"; hardware.pulseaudio = { enable = true; }; sound.enable = true; nix.gc = { automatic = true; dates = "daily"; options = "--delete-older-than 30d"; }; environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./hel/wacom.conf; }