blob: be38f18dbeea5132e835f85984de466b5e5e0439 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hel/hw.nix
./hel/boot.nix
./users.nix
./custom/zsh.nix
./custom/tinc/def.nix
];
system.stateVersion = "16.09";
networking = {
hostName = "hel";
wireless = {
enable = true;
userControlled = {
enable = true;
group = "network";
};
};
firewall = {
enable = true;
allowedTCPPorts = [ 22 # ssh
];
};
};
powerManagement.enable = true;
i18n = {
consoleFont = "lat9w-16";
consoleKeyMap = "dvp";
defaultLocale = "en_US.UTF-8";
};
environment.systemPackages = with pkgs; [
git
slock
];
services = {
logind.extraConfig = ''
HandleLidSwitch=suspend
'';
openssh.enable = true;
xserver = {
enable = true;
layout = "us";
xkbVariant = "dvp";
xkbOptions = "compose:caps";
displayManager.slim = {
enable = true;
defaultUser = "gkleen";
};
desktopManager = {
default = "none";
xterm.enable = false;
};
windowManager = {
default = "xmonad";
xmonad = {
enable = true;
enableContribAndExtras = true;
extraPackages = haskellPackages: (with haskellPackages; []);
};
};
synaptics.enable = false;
};
ntp.enable = false;
timesyncd.enable = true;
customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) {
inherit (pkgs) stdenv nettools openresolv;
name = "hel";
ipConf = {
ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
};
});
};
users = {
extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; };
};
users.extraGroups = { network = {}; };
security = {
sudo.extraConfig = ''
Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl
%wheel ALL=(ALL) NOPASSWD: SYSCTRL
'';
setuidPrograms = ["slock" "mount" "mount.nfs" "umount"];
};
time.timeZone = "Europe/Berlin";
hardware.pulseaudio = {
enable = true;
};
sound.enable = true;
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 30d";
};
}
|
