infra/nixos-configuration/steveej-live-usb-transcend/system.nix

{ config, lib, pkgs, ... }:


let

in 

rec {
  nix.binaryCachePublicKeys = [
    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];
  nix.binaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];

  nix.daemonNiceLevel = 19;
  nix.daemonIONiceLevel = 7;

  nix.useSandbox = true;

  # The NixOS release to be compatible with for stateful data such as databases.
  # system.stateVersion = "unstable";
  networking.hostName = "steveej-liveusb"; # Define your hostname.

  networking.firewall.enable = true;
  networking.firewall.checkReversePath = false;

  # Provide a NAT/DHCP Router
  #
  # networking.nat.enable = true;
  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
  # networking.nat.externalInterface = "wlp1s0";
  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
  #     { address = "10.254.253.254"; prefixLength = 24; }
  # ];
  # services.dnsmasq = {
  #   enable = true;
  #   servers = [ "8.8.8.8" "8.8.4.4" ];
  #   extraConfig = ''
  #     domain=lan
  #     interface=enp0s20f0u4u1u3
  #     bind-interfaces
  #     dhcp-range=10.254.253.100,10.254.253.199,1h
  #   '';
  # };

  networking.networkmanager = {
    enable = true;
    dns = "dnsmasq";
    unmanaged = [
      "interface-name:veth*"
      "interface-name:virbr*"
      "interface-name:br*"
      "interface-name:*vbox*"
      "interface-name:*cni*"
    ];
  };

  programs.zsh = {
    enable = false;
  };

  environment.sessionVariables = {
    NIXPKGS_ALLOW_UNFREE = "1";

    # Don't create .pyc files.
    PYTHONDONTWRITEBYTECODE = "1";
  };

  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';

  environment.pathsToLink = [ "/share/zsh" ];

  # Fonts, I18N, Date ...
  fonts = {
    enableCoreFonts = true;
  };

  i18n = {
    consoleFont = "lat9w-16";
    defaultLocale = "en_US.UTF-8";
  };
  time.timeZone = "Europe/Berlin";
  #time.timeZone = "America/Los_Angeles";

  # Services
  services.gpm.enable = true;
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";

  services.gnome3 = {
    gnome-disks.enable = false;
    gnome-documents.enable = false;
    gnome-online-miners.enable = false;
    gnome-user-share.enable = false;
    gnome-terminal-server.enable = false;
    gpaste.enable = false;
    sushi.enable = false;
    tracker.enable = false;

    # FIXME: gnome should be moved to user session
    seahorse.enable = true;
    gvfs.enable = true;
    at-spi2-core.enable = true;
    evolution-data-server.enable = true;
    gnome-online-accounts.enable = true;
    gnome-keyring.enable = true;
  };

  services.teamviewer.enable = false;

  services.printing = {
    enable = false;
  };

  services.pcscd.enable = true;
  services.xserver = {
    enable = true;
    libinput.enable = true;
    libinput.naturalScrolling = true;

    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
    xkbVariant = "altgr-intl";
    xkbOptions = "nodeadkeys";

    desktopManager = {
      # FIXME: gnome should be moved to user session
      gnome3.enable = true;

      xterm.enable = true;
      plasma5.enable = false;
    };

    displayManager = {
      gdm.enable = false;

      lightdm = {
        enable = true;
        autoLogin = {
          enable = true;
          user = "steveej";
        };
        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
      };

      sessionCommands = ''
      '';
    };
  };

 # Package configuration
  environment.systemPackages = with pkgs; [
  ];

  # More Services
  services.udev.packages = [
    pkgs.libu2f-host
    pkgs.yubikey-personalization
  ];
  services.udev.extraRules = ''
    # OnePlusOne
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"

    # Plantronics BackBeat PRO
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
  ''
      ;

  services.packagekit.enable = true;

  services.resolved.enable = false;
  services.nix-serve.enable = false;

  services.samba.enable = true;
  services.samba.extraConfig = ''
  client max protocol = SMB3
  '';

  # hardware related services
  services.illum.enable = true;

  hardware = {
    bluetooth.enable = true;
    pulseaudio = {
      enable = true;
      package = pkgs.pulseaudioFull;
      support32Bit = true;
    };
  };

  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };

  # required for running blueman-applet in user sessions
  services.dbus.packages = with pkgs; [ 
    blueman
  ];

  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];

  # virtualization
  virtualisation = {
    libvirtd.enable = false;
    virtualbox.host.enable = false;
    virtualbox.guest.enable = false;
    docker.enable = true;
  };

  # Activation scripts for impure set up of paths in /
  system.activationScripts.bin = ''
    echo "setting up /bin..."
    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
    mv -Tf /bin/.bash /bin/bash
  '';
  system.activationScripts.etcX11sessinos = ''
    echo "setting up /etc/X11/sessions..."
    mkdir -p /etc/X11
    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
    mv -Tf /etc/X11/.sessions /etc/X11/sessions
  '';
  system.activationScripts.lib64 = ''
    echo "setting up /lib64..."
    mkdir -p /lib64
    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
  '';
}
nixos-config: add live-usb-transcend 2018-10-28 18:02:33 +01:00			`{ config, lib, pkgs, ... }:`


			`let`

			`in`

			`rec {`
			`nix.binaryCachePublicKeys = [`
			`# "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="`
			`];`
			`nix.binaryCaches = [`
			`"https://cache.nixos.org"`
			`# "https://hydra.nixos.org"`
			`];`
			`nix.trustedBinaryCaches = [`
			`"https://cache.nixos.org"`
			`# "https://hydra.nixos.org"`
			`];`

			`nix.daemonNiceLevel = 19;`
			`nix.daemonIONiceLevel = 7;`

			`nix.useSandbox = true;`

			`# The NixOS release to be compatible with for stateful data such as databases.`
			`# system.stateVersion = "unstable";`
			`networking.hostName = "steveej-liveusb"; # Define your hostname.`

			`networking.firewall.enable = true;`
			`networking.firewall.checkReversePath = false;`

			`# Provide a NAT/DHCP Router`
			`#`
			`# networking.nat.enable = true;`
			`# networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];`
			`# networking.nat.externalInterface = "wlp1s0";`
			`# networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [`
			`# { address = "10.254.253.254"; prefixLength = 24; }`
			`# ];`
			`# services.dnsmasq = {`
			`# enable = true;`
			`# servers = [ "8.8.8.8" "8.8.4.4" ];`
			`# extraConfig = ''`
			`# domain=lan`
			`# interface=enp0s20f0u4u1u3`
			`# bind-interfaces`
			`# dhcp-range=10.254.253.100,10.254.253.199,1h`
			`# '';`
			`# };`

			`networking.networkmanager = {`
			`enable = true;`
			`dns = "dnsmasq";`
			`unmanaged = [`
			`"interface-name:veth*"`
			`"interface-name:virbr*"`
			`"interface-name:br*"`
			`"interface-name:vbox"`
			`"interface-name:cni"`
			`];`
			`};`

			`programs.zsh = {`
			`enable = false;`
			`};`

			`environment.sessionVariables = {`
			`NIXPKGS_ALLOW_UNFREE = "1";`

			`# Don't create .pyc files.`
			`PYTHONDONTWRITEBYTECODE = "1";`
			`};`

			`environment.etc."lvm/lvm.conf".text = ''`
			`devices {`
			`issue_discards = 1`
			`}`
			`'';`

			`environment.pathsToLink = [ "/share/zsh" ];`

			`# Fonts, I18N, Date ...`
			`fonts = {`
			`enableCoreFonts = true;`
			`};`

			`i18n = {`
			`consoleFont = "lat9w-16";`
			`defaultLocale = "en_US.UTF-8";`
			`};`
			`time.timeZone = "Europe/Berlin";`
			`#time.timeZone = "America/Los_Angeles";`

			`# Services`
			`services.gpm.enable = true;`
			`services.openssh.enable = true;`
			`services.openssh.permitRootLogin = "yes";`

			`services.gnome3 = {`
			`gnome-disks.enable = false;`
			`gnome-documents.enable = false;`
			`gnome-online-miners.enable = false;`
			`gnome-user-share.enable = false;`
			`gnome-terminal-server.enable = false;`
			`gpaste.enable = false;`
			`sushi.enable = false;`
			`tracker.enable = false;`

			`# FIXME: gnome should be moved to user session`
			`seahorse.enable = true;`
			`gvfs.enable = true;`
			`at-spi2-core.enable = true;`
			`evolution-data-server.enable = true;`
			`gnome-online-accounts.enable = true;`
			`gnome-keyring.enable = true;`
			`};`

			`services.teamviewer.enable = false;`

			`services.printing = {`
			`enable = false;`
			`};`

			`services.pcscd.enable = true;`
			`services.xserver = {`
			`enable = true;`
			`libinput.enable = true;`
			`libinput.naturalScrolling = true;`

			`videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];`
			`xkbVariant = "altgr-intl";`
			`xkbOptions = "nodeadkeys";`

			`desktopManager = {`
			`# FIXME: gnome should be moved to user session`
			`gnome3.enable = true;`

			`xterm.enable = true;`
			`plasma5.enable = false;`
			`};`

			`displayManager = {`
			`gdm.enable = false;`

			`lightdm = {`
			`enable = true;`
			`autoLogin = {`
			`enable = true;`
			`user = "steveej";`
			`};`
			`background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";`
			`};`

			`sessionCommands = ''`
			`'';`
			`};`
			`};`

			`# Package configuration`
			`environment.systemPackages = with pkgs; [`
			`];`

			`# More Services`
			`services.udev.packages = [`
			`pkgs.libu2f-host`
			`pkgs.yubikey-personalization`
			`];`
			`services.udev.extraRules = ''`
			`# OnePlusOne`
			`ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"`
			`ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"`

			`# Plantronics BackBeat PRO`
			`SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"`
			`SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"`
			`SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"`
			`''`
			`;`

			`services.packagekit.enable = true;`

			`services.resolved.enable = false;`
			`services.nix-serve.enable = false;`

			`services.samba.enable = true;`
			`services.samba.extraConfig = ''`
			`client max protocol = SMB3`
			`'';`

			`# hardware related services`
			`services.illum.enable = true;`

			`hardware = {`
			`bluetooth.enable = true;`
			`pulseaudio = {`
			`enable = true;`
			`package = pkgs.pulseaudioFull;`
			`support32Bit = true;`
			`};`
			`};`

			`services.fprintd.enable = true;`
			`security.pam.services = {`
			`login.fprintAuth = true;`
			`sudo.fprintAuth = true;`
			`};`

			`# required for running blueman-applet in user sessions`
			`services.dbus.packages = with pkgs; [`
			`blueman`
			`];`

			`# Kubernetes`
			`# services.kubernetes.roles = ["master" "node"];`

			`# virtualization`
			`virtualisation = {`
			`libvirtd.enable = false;`
			`virtualbox.host.enable = false;`
			`virtualbox.guest.enable = false;`
			`docker.enable = true;`
			`};`

			`# Activation scripts for impure set up of paths in /`
			`system.activationScripts.bin = ''`
			`echo "setting up /bin..."`
			`ln -sfT ${pkgs.bash}/bin/bash /bin/.bash`
			`mv -Tf /bin/.bash /bin/bash`
			`'';`
			`system.activationScripts.etcX11sessinos = ''`
			`echo "setting up /etc/X11/sessions..."`
			`mkdir -p /etc/X11`
			`ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions`
			`mv -Tf /etc/X11/.sessions /etc/X11/sessions`
			`'';`
			`system.activationScripts.lib64 = ''`
			`echo "setting up /lib64..."`
			`mkdir -p /lib64`
			`ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2`
			`mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2`
			`'';`
			`}`