summaryrefslogtreecommitdiff
path: root/hel.nix
blob: 84b2c50c8fc6bd07be0bdf0656bacc232f4ff14c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hel/hw.nix
      ./hel/boot.nix
      ./users.nix
      ./custom/zsh.nix
      ./custom/tinc/def.nix
    ];

  networking = {
    hostName = "hel";
    wireless = {
      enable = true;
      userControlled = {
        enable = true;
        group = "network";
      };
    };

    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 # ssh
                        ];
    };
  };

  powerManagement.enable = true;

  i18n = {
    consoleFont = "lat9w-16";
    consoleKeyMap = "dvp";
    defaultLocale = "en_US.UTF-8";
  };

  environment.systemPackages = with pkgs; [
    git
    slock
  ];

  services = {
    logind.extraConfig = ''
      HandleLidSwitch=suspend
    '';

    openssh.enable = true;

    xserver = {
      enable = true;
      
      layout = "us";
      xkbVariant = "dvp";
      xkbOptions = "compose:caps";
      
      displayManager.slim = {
        enable = true;
        defaultUser = "gkleen";
      };

      desktopManager = {
        default = "none";
        xterm.enable = false;
      };

      windowManager = {
        default = "xmonad";
        xmonad = {
          enable = true;
          enableContribAndExtras = true;
          extraPackages = haskellPackages: (with haskellPackages; []);
        };
      };

      synaptics.enable = false;
    };

    ntp.enable = false;
    timesyncd.enable = true;

    customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) {
      inherit (pkgs) stdenv nettools openresolv;
      name = "hel";
      ipConf = {
        ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
      };
    });
  };

  users = {
    extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; };
  };

  users.extraGroups = { network = {}; };

  security = {
    sudo.extraConfig = ''
      Cmnd_Alias  SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl
      %wheel ALL=(ALL) NOPASSWD: SYSCTRL
    '';

    setuidPrograms = ["slock" "mount" "mount.nfs" "umount"];
  };

  time.timeZone = "Europe/Berlin";

  hardware.pulseaudio = {
    enable = true;
  };
}