move all expressions to nix/; include modularized home-manager config

nix/os/profiles/common/boot.nix

@@ -0,0 +1,17 @@
+{ pkgs
+, ...
+}:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = false;
+    enable = true;
+    version = 2;
+  };
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.tmpOnTmpfs = true;
+}
+

nix/os/profiles/common/configuration.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  imports = [ 
+    ./boot.nix
+    ./pkg.nix
+    ./user.nix
+    ./system.nix
+  ];
+}

nix/os/profiles/common/pkg.nix

@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+{
+  # Package configuration
+  environment.systemPackages = with pkgs; [
+    elfutils
+    exfat
+    file
+    tree
+    pwgen
+    proot
+
+    parted
+    pv
+    tmux
+    wget
+    curl
+
+    git
+    pastebinit
+    gist
+
+    usbutils
+    pciutils
+  ];
+}

nix/os/profiles/common/system.nix

@@ -0,0 +1,88 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+{
+  nix.binaryCachePublicKeys = [
+    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+  ];
+  nix.binaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+  nix.trustedBinaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+
+  nix.daemonNiceLevel = lib.mkDefault 19;
+  nix.daemonIONiceLevel = lib.mkDefault 7;
+  nix.maxJobs = lib.mkDefault 3;
+  nix.buildCores = lib.mkDefault 3;
+  nix.useSandbox = true;
+
+  environment.etc."lvm/lvm.conf".text = ''
+    devices {
+      issue_discards = 1
+    }
+  '';
+
+  # Fonts, I18N, Date ...
+  fonts = {
+    enableCoreFonts = true;
+  };
+
+  i18n = {
+    consoleFont = "lat9w-16";
+    defaultLocale = "en_US.UTF-8";
+  };
+  time.timeZone = "Europe/Berlin";
+  services.gpm.enable = true;
+
+  services.packagekit.enable = true;
+  services.openssh.enable = true;
+  networking.firewall.enable = true;
+
+  # Activation scripts for impure set up of paths in /
+  system.activationScripts.bin = ''
+    echo "setting up /bin..."
+    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
+    mv -Tf /bin/.bash /bin/bash
+  '';
+  system.activationScripts.etcX11sessinos = ''
+    echo "setting up /etc/X11/sessions..."
+    mkdir -p /etc/X11
+    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
+    mv -Tf /etc/X11/.sessions /etc/X11/sessions
+  '';
+  system.activationScripts.lib64 = ''
+    echo "setting up /lib64..."
+    mkdir -p /lib64
+    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
+    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+  '';
+
+  programs.zsh = {
+    enable = false;
+# TODO: basic zsh config
+#    enableAutosuggestions = true; #    enableCompletion = true;
+#    syntaxHighlighting.enable = true;
+#    syntaxHighlighting.patterns = {};
+#    ohMyZsh = {
+#      enable = true;
+#      theme = "tjkirch";
+#    };
+#    promptInit = ''
+#      autoload -U promptinit
+#      promptinit
+#      ZSH_THEME_GIT_PROMPT_PREFIX='@ '
+#      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
+#%_%F{%(!.red.green)}$(prompt_char)%f '
+#      RPROMPT=""
+#    '';
+#    interactiveShellInit = ''
+#    '';
+  };
+}

nix/os/profiles/common/user.nix

@@ -0,0 +1,19 @@
+{ config
+, pkgs
+, ... }:
+
+let 
+  passwords = import ../../../variables/passwords.crypt.nix;
+  libinfraos = import ../../lib/default.nix { };
+  inherit (import ../../lib/default.nix { }) mkUser mkRoot;
+in {
+  users.mutableUsers = false;
+
+  users.extraUsers.root = mkRoot { };
+  users.extraUsers.steveej = mkUser {
+    uid = 1000;
+  };
+
+  security.pam.enableU2F = true;
+  security.pam.services.steveej.u2fAuth = true;
+}

nix/os/profiles/graphical/configuration.nix

@@ -0,0 +1,9 @@
+{ pkgs
+, ... 
+}:
+
+{
+  imports = [ 
+    ./system.nix
+  ];
+}

nix/os/profiles/graphical/system.nix

@@ -0,0 +1,112 @@
+{ pkgs
+, ... 
+}:
+
+{
+  networking.networkmanager = {
+    enable = true;
+    dns = "dnsmasq";
+    unmanaged = [
+      "interface-name:veth*"
+      "interface-name:virbr*"
+      "interface-name:br*"
+      "interface-name:*vbox*"
+      "interface-name:*cni*"
+    ];
+  };
+  services.resolved.enable = false;
+
+  users.defaultUserShell = pkgs.zsh;
+  environment.pathsToLink = [ "/share/zsh" ];
+
+  # hardware related services
+  services.illum.enable = true;
+  services.pcscd.enable = true;
+  hardware = {
+    bluetooth.enable = true;
+    pulseaudio = {
+      enable = true;
+      package = pkgs.pulseaudioFull;
+      support32Bit = true;
+    };
+  };
+  # required for running blueman-applet in user sessions
+  services.dbus.packages = with pkgs; [ 
+    blueman
+  ];
+
+  services.xserver = {
+    enable = true;
+    libinput.enable = true;
+    libinput.naturalScrolling = true;
+
+    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
+    xkbVariant = "altgr-intl";
+    xkbOptions = "nodeadkeys";
+
+    desktopManager = {
+      # FIXME: gnome should be moved to user session
+      gnome3.enable = true;
+
+      xterm.enable = true;
+      plasma5.enable = false;
+    };
+
+    displayManager = {
+      gdm.enable = false;
+
+      lightdm = {
+        enable = true;
+        autoLogin = {
+          enable = true;
+          user = "steveej";
+        };
+        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
+      };
+
+      sessionCommands = ''
+      '';
+    };
+  };
+
+  services.gnome3 = {
+    gnome-disks.enable = false;
+    gnome-documents.enable = false;
+    gnome-online-miners.enable = false;
+    gnome-user-share.enable = false;
+    gnome-terminal-server.enable = false;
+    gpaste.enable = false;
+    sushi.enable = false;
+    tracker.enable = false;
+
+    # FIXME: gnome should be moved to user session
+    seahorse.enable = true;
+    gvfs.enable = true;
+    at-spi2-core.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+    gnome-keyring.enable = true;
+  };
+
+  # More Services
+  services.udev.packages = [
+    pkgs.libu2f-host
+    pkgs.yubikey-personalization
+  ];
+  services.udev.extraRules = ''
+    # OnePlusOne
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+
+    # Plantronics BackBeat PRO
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
+  '';
+
+
+  services.samba.enable = true;
+  services.samba.extraConfig = ''
+    client max protocol = SMB3
+  '';
+}

nix/os/profiles/install-medium/iso/Justfile

@@ -0,0 +1,2 @@
+build:
+  nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

nix/os/profiles/install-medium/iso/iso.nix

@@ -0,0 +1,92 @@
+# This module defines a small NixOS installation CD.  It does not
+# contain any graphical stuff.
+{config, pkgs, lib, ...}:
+
+let nixos-init-script = ''
+  #!${pkgs.stdenv.shell}
+
+  export HOME=/root
+  export PATH=${pkgs.lib.makeBinPath [ 
+    config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild
+    config.system.build.nixos-install pkgs.utillinux pkgs.e2fsprogs pkgs.coreutils pkgs.hdparm
+  ]}:$PATH
+  export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
+
+  set -xe
+
+  fdisk -w always -W always /dev/vda <<EOF
+g
+n
+1
+
++8M
+n
+2
+
++1G
+n
+3
+
+
+t
+1
+4
+w
+EOF
+  lsblk
+
+  mkfs.ext4 -m0 -L nixos /dev/vda3
+  mount -L nixos /mnt
+  mkswap -L swap /dev/vda2
+  swapon -L swap
+
+  mkdir /mnt/etc/nixos -p
+  cp /dev/vdb /mnt/etc/nixos/configuration.nix
+
+  nix-channel --update
+  nixos-install
+  reboot
+  '';
+in {
+  imports = [
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix>
+
+    # Provide an initial copy of the NixOS channel so that the user
+    # doesn't need to run "nix-channel --update" first.
+    # <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+  ];
+
+  isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
+  boot.loader.timeout = lib.mkForce 0;
+  boot.postBootCommands = ''
+  '';
+
+  environment.systemPackages = [];
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" ];
+  };
+
+  services.gpm.enable = true;
+  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+
+  systemd.services.nixos-init = {
+    script = nixos-init-script;
+    path = with pkgs; [ ];
+
+    description = "Initialize /dev/vda from configuration.nix found at /dev/vdb";
+    enable = true;
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "multi-user.target" ];
+    requires = [ "network-online.target" ];
+ 
+    restartIfChanged = false;
+    unitConfig.X-StopOnRemoval = false;
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+  };
+}

nix/os/profiles/removable-medium/boot.nix

@@ -0,0 +1,37 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false; 
+
+  boot.initrd.availableKernelModules = [ 
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+    "aes_x86_64"
+    "aesni_intel"
+    "cryptd"
+  ];
+
+  boot.kernelModules = [ 
+    "kvm-intel"
+
+    # Workaround for nm-pptp to enforce module load
+    "nf_conntrack_proto_gre"
+    "nf_conntrack_pptp"
+  ];
+
+  boot.extraModprobeConfig = ''
+    options kvm-intel nested=1
+    options kvm-intel enable_shadow_vmcs=1
+    options kvm-intel enable_apicv=1
+    options kvm-intel ept=1
+  '';
+  boot.extraModulePackages = [ ];
+
+  boot.loader.systemd-boot.enable = true;
+}

nix/os/profiles/removable-medium/configuration.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  imports = [ 
+    ../../modules/encryptedDisk.nix
+
+    ./pkg.nix
+    ./hw.nix
+    ./system.nix
+    ./boot.nix
+  ];
+}

nix/os/profiles/removable-medium/hw.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  hardware.encryptedDisk.enable = true;
+  hardware.enableAllFirmware = true;
+  hardware.trackpoint.emulateWheel = true;
+}

nix/os/profiles/removable-medium/pkg.nix

@@ -0,0 +1,27 @@
+{ 
+...
+}:
+
+{
+  imports = [
+    "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
+  ];
+  
+  nixpkgs.config = {
+    allowBroken = false;
+    allowUnfree = true;
+
+    packageOverrides = pkgs: with pkgs; {
+      busyboxStatic =  busybox.override {
+        enableStatic = true;
+        extraConfig = ''
+           CONFIG_STATIC y
+           CONFIG_INSTALL_APPLET_DONT y
+           CONFIG_INSTALL_APPLET_SYMLINKS n
+         '';
+      };
+    };
+  };
+
+  home-manager.users.steveej = import ../../../home-manager/configuration/removable-desktop.nix;
+}

nix/os/profiles/removable-medium/system.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+
+let
+
+in {
+  services.printing = {
+    enable = false;
+  };
+
+  virtualisation = {
+    libvirtd.enable = false;
+    virtualbox.host.enable = false;
+    docker.enable = true;
+  };
+}