steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nixos-config: clean up live-usb dirs

Browse source
This commit is contained in:
steveej 2018-10-29 02:03:07 +01:00
parent ae5af420b0
commit 67a57ae948
12 changed files with 0 additions and 1118 deletions
Download patch file Download diff file Expand all files Collapse all files

23
nixos-configuration/steveej-live-usb-transcend/boot.nix
View file

@ -1,23 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_latest;
# Bootloader, initrd and Kernel
boot.loader.grub = {
enable = true;
enableCryptodisk = true;
version = 2;
};
# workaround to disable CPU wining
# current CPU has 9 idle cstates.
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
boot.tmpOnTmpfs = true;
}

15
nixos-configuration/steveej-live-usb-transcend/configuration.nix
View file

@ -1,15 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [
./pkg.nix
./hw.nix
./system.nix
./user.nix
./boot.nix
];
}

60
nixos-configuration/steveej-live-usb-transcend/hw.nix
View file

@ -1,60 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
nix.maxJobs = lib.mkDefault 3;
nix.buildCores = 3;
hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModprobeConfig = ''
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
'';
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
fileSystems."/boot" = {
device = "/dev/disk/by-id/usb-JetFlash_Transcend_8GB_199164062-0:0-part2";
fsType = "vfat";
};
fileSystems."/" = {
device = "/dev/live-usb-transcend/live-usb-swap";
fsType = "btrfs";
options = [ "subvol=nixos" ];
};
fileSystems."/home" = {
device = "/dev/live-usb-transcend/live-usb-root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices = [
{ device = "/dev/live-usb-transcend/live-usb-swap"; }
];
boot.loader.grub = {
device = "/dev/disk/by-id/usb-JetFlash_Transcend_8GB_199164062-0:0";
efiSupport = true;
efiInstallAsRemovable = true;
};
boot.initrd.luks.devices = [ {
name = "crypt-live-usb";
device = "/dev/disk/by-id/usb-JetFlash_Transcend_8GB_199164062-0:0-part3";
preLVM = true;
allowDiscards = true;
}
];
}

167
nixos-configuration/steveej-live-usb-transcend/pkg.nix
View file

@ -1,167 +0,0 @@
{ config,
pkgs,
... }:
let
environmentVariables = {
EDITOR = "nvim";
};
in
{
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: rec {
};
};
imports = [
../common/pkg/default.nix
"${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
];
environment.systemPackages = with pkgs; [
];
home-manager.users.steveej = {
/*
programs.firefox = {
enable = true;
enableAdobeFlash = false;
enableGoogleTalk = true;
enableIcedTea = true;
};
programs.command-not-found.enable = true;
programs.zsh = {
enable = true;
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra = ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
# Automatic rehash
zstyle ':completion:*' rehash true
if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases
fi
source "$HOME/.homesick/repos/homeshick/homeshick.sh"
fpath=($HOME/.homesick/repos/homeshick/completions $fpath)
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
# don't cd into directories when executed
unsetopt AUTO_CD
# Load direnv
eval "$(direnv hook zsh)"
source <(hcloud completion zsh) # zsh
'';
sessionVariables = environmentVariables // {
# Add more envrionment variables here
};
plugins = [
{
# will source zsh-autosuggestions.plugin.zsh
name = "zsh-autosuggestions";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-autosuggestions";
rev = "v0.4.0";
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
};
}
{
name = "enhancd";
file = "init.sh";
src = pkgs.fetchFromGitHub {
owner = "b4b4r07";
repo = "enhancd";
rev = "v2.2.1";
sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g";
};
}
{
name = "pass";
src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass";
}
{
name = "minikube";
src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube";
}
];
oh-my-zsh = {
enable = true;
theme = "tjkirch";
plugins = [
"git"
"sudo"
];
};
};
programs.neovim = {
enable = true;
};
home.keyboard = {
layout = "us";
variant = "altgr-intl";
options = [
"nodeadkeys"
# "caps:swapescape"
];
};
home.packages = []
++ (with pkgs; [
# Version Control Systems
git-crypt
unstablepkgs.pijul
gitFull
gitless
# Password Management
gnupg
(hiPrio pass)
pass-otp
qtpass
rofi-pass
yubikey-neo-manager
yubikey-personalization
yubikey-personalization-gui
gnome3.gnome_keyring
gnome3.seahorse
# Code Editors
xclip
xsel
# Archive Managers
sshfsFuse
xarchive
p7zip
zip
unzip
gzip
lzop
]);
*/
};
}

243
nixos-configuration/steveej-live-usb-transcend/system.nix
View file

@ -1,243 +0,0 @@
{ config, lib, pkgs, ... }:
let
in
rec {
nix.binaryCachePublicKeys = [
# "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
nix.binaryCaches = [
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
nix.trustedBinaryCaches = [
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
nix.daemonNiceLevel = 19;
nix.daemonIONiceLevel = 7;
nix.useSandbox = true;
# The NixOS release to be compatible with for stateful data such as databases.
# system.stateVersion = "unstable";
networking.hostName = "steveej-liveusb"; # Define your hostname.
networking.firewall.enable = true;
networking.firewall.checkReversePath = false;
# Provide a NAT/DHCP Router
#
# networking.nat.enable = true;
# networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
# networking.nat.externalInterface = "wlp1s0";
# networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
# { address = "10.254.253.254"; prefixLength = 24; }
# ];
# services.dnsmasq = {
# enable = true;
# servers = [ "8.8.8.8" "8.8.4.4" ];
# extraConfig = ''
# domain=lan
# interface=enp0s20f0u4u1u3
# bind-interfaces
# dhcp-range=10.254.253.100,10.254.253.199,1h
# '';
# };
networking.networkmanager = {
enable = true;
dns = "dnsmasq";
unmanaged = [
"interface-name:veth*"
"interface-name:virbr*"
"interface-name:br*"
"interface-name:*vbox*"
"interface-name:*cni*"
];
};
programs.zsh = {
enable = false;
};
environment.sessionVariables = {
NIXPKGS_ALLOW_UNFREE = "1";
# Don't create .pyc files.
PYTHONDONTWRITEBYTECODE = "1";
};
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
environment.pathsToLink = [ "/share/zsh" ];
# Fonts, I18N, Date ...
fonts = {
enableCoreFonts = true;
};
i18n = {
consoleFont = "lat9w-16";
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin";
#time.timeZone = "America/Los_Angeles";
# Services
services.gpm.enable = true;
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
services.gnome3 = {
gnome-disks.enable = false;
gnome-documents.enable = false;
gnome-online-miners.enable = false;
gnome-user-share.enable = false;
gnome-terminal-server.enable = false;
gpaste.enable = false;
sushi.enable = false;
tracker.enable = false;
# FIXME: gnome should be moved to user session
seahorse.enable = true;
gvfs.enable = true;
at-spi2-core.enable = true;
evolution-data-server.enable = true;
gnome-online-accounts.enable = true;
gnome-keyring.enable = true;
};
services.teamviewer.enable = false;
services.printing = {
enable = false;
};
services.pcscd.enable = true;
services.xserver = {
enable = true;
libinput.enable = true;
libinput.naturalScrolling = true;
videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
xkbVariant = "altgr-intl";
xkbOptions = "nodeadkeys";
desktopManager = {
# FIXME: gnome should be moved to user session
gnome3.enable = true;
xterm.enable = true;
plasma5.enable = false;
};
displayManager = {
gdm.enable = false;
lightdm = {
enable = true;
autoLogin = {
enable = true;
user = "steveej";
};
background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
};
sessionCommands = ''
'';
};
};
# Package configuration
environment.systemPackages = with pkgs; [
];
# More Services
services.udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
];
services.udev.extraRules = ''
# OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
# Plantronics BackBeat PRO
SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
''
;
services.packagekit.enable = true;
services.resolved.enable = false;
services.nix-serve.enable = false;
services.samba.enable = true;
services.samba.extraConfig = ''
client max protocol = SMB3
'';
# hardware related services
services.illum.enable = true;
hardware = {
bluetooth.enable = true;
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
support32Bit = true;
};
};
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [
blueman
];
# Kubernetes
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
libvirtd.enable = false;
virtualbox.host.enable = false;
virtualbox.guest.enable = false;
docker.enable = true;
};
# Activation scripts for impure set up of paths in /
system.activationScripts.bin = ''
echo "setting up /bin..."
ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
mv -Tf /bin/.bash /bin/bash
'';
system.activationScripts.etcX11sessinos = ''
echo "setting up /etc/X11/sessions..."
mkdir -p /etc/X11
ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
mv -Tf /etc/X11/.sessions /etc/X11/sessions
'';
system.activationScripts.lib64 = ''
echo "setting up /lib64..."
mkdir -p /lib64
ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
'';
}

51
nixos-configuration/steveej-live-usb-transcend/user.nix
View file

@ -1,51 +0,0 @@
{ config
, pkgs
, ... }:
let
passwords = import ../common/passwords.crypt.nix;
mkUser = {uid, hashedPassword, ... } @ args: args // {
inherit uid hashedPassword;
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
];
};
in
{
users.mutableUsers = false;
users.defaultUserShell = pkgs.zsh;
users.extraUsers.root = {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
users.extraUsers.steveej = mkUser {
uid = 1000;
hashedPassword = passwords.users.steveej;
};
users.extraUsers.steveej2 = mkUser {
uid = 1001;
hashedPassword = passwords.users.steveej2;
};
users.extraUsers.steveej3 = mkUser {
uid = 1002;
hashedPassword = passwords.users.steveej;
};
security.pam.enableU2F = true;
security.pam.services.steveej.u2fAuth = true;
}

23
nixos-configuration/steveej-live-usb/boot.nix
View file

@ -1,23 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_latest;
# Bootloader, initrd and Kernel
boot.loader.grub = {
enable = true;
enableCryptodisk = true;
version = 2;
};
# workaround to disable CPU wining
# current CPU has 9 idle cstates.
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
boot.tmpOnTmpfs = true;
}

15
nixos-configuration/steveej-live-usb/configuration.nix
View file

@ -1,15 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [
./pkg.nix
./hw.nix
./system.nix
./user.nix
./boot.nix
];
}

60
nixos-configuration/steveej-live-usb/hw.nix
View file

@ -1,60 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
nix.maxJobs = lib.mkDefault 3;
nix.buildCores = 3;
hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModprobeConfig = ''
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
'';
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
fileSystems."/boot" = {
device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part2";
fsType = "vfat";
};
fileSystems."/" = {
device = "/dev/mapper/live--usb-live--usb--root";
fsType = "btrfs";
options = [ "subvol=nixos" ];
};
fileSystems."/home" = {
device = "/dev/mapper/live--usb-live--usb--root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices = [
{ device = "/dev/mapper/live--usb-live--usb--root"; }
];
boot.loader.grub = {
device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0";
efiSupport = true;
efiInstallAsRemovable = true;
};
boot.initrd.luks.devices = [ {
name = "crypt-live-usb";
device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part3";
preLVM = true;
allowDiscards = true;
}
];
}

167
nixos-configuration/steveej-live-usb/pkg.nix
View file

@ -1,167 +0,0 @@
{ config,
pkgs,
... }:
let
environmentVariables = {
EDITOR = "nvim";
};
in
{
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: rec {
};
};
imports = [
../common/pkg/default.nix
"${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
];
environment.systemPackages = with pkgs; [
];
home-manager.users.steveej = {
/*
programs.firefox = {
enable = true;
enableAdobeFlash = false;
enableGoogleTalk = true;
enableIcedTea = true;
};
programs.command-not-found.enable = true;
programs.zsh = {
enable = true;
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra = ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
# Automatic rehash
zstyle ':completion:*' rehash true
if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases
fi
source "$HOME/.homesick/repos/homeshick/homeshick.sh"
fpath=($HOME/.homesick/repos/homeshick/completions $fpath)
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
# don't cd into directories when executed
unsetopt AUTO_CD
# Load direnv
eval "$(direnv hook zsh)"
source <(hcloud completion zsh) # zsh
'';
sessionVariables = environmentVariables // {
# Add more envrionment variables here
};
plugins = [
{
# will source zsh-autosuggestions.plugin.zsh
name = "zsh-autosuggestions";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-autosuggestions";
rev = "v0.4.0";
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
};
}
{
name = "enhancd";
file = "init.sh";
src = pkgs.fetchFromGitHub {
owner = "b4b4r07";
repo = "enhancd";
rev = "v2.2.1";
sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g";
};
}
{
name = "pass";
src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass";
}
{
name = "minikube";
src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube";
}
];
oh-my-zsh = {
enable = true;
theme = "tjkirch";
plugins = [
"git"
"sudo"
];
};
};
programs.neovim = {
enable = true;
};
home.keyboard = {
layout = "us";
variant = "altgr-intl";
options = [
"nodeadkeys"
# "caps:swapescape"
];
};
home.packages = []
++ (with pkgs; [
# Version Control Systems
git-crypt
unstablepkgs.pijul
gitFull
gitless
# Password Management
gnupg
(hiPrio pass)
pass-otp
qtpass
rofi-pass
yubikey-neo-manager
yubikey-personalization
yubikey-personalization-gui
gnome3.gnome_keyring
gnome3.seahorse
# Code Editors
xclip
xsel
# Archive Managers
sshfsFuse
xarchive
p7zip
zip
unzip
gzip
lzop
]);
*/
};
}

243
nixos-configuration/steveej-live-usb/system.nix
View file

@ -1,243 +0,0 @@
{ config, lib, pkgs, ... }:
let
in
rec {
nix.binaryCachePublicKeys = [
# "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
nix.binaryCaches = [
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
nix.trustedBinaryCaches = [
"https://cache.nixos.org"
# "https://hydra.nixos.org"
];
nix.daemonNiceLevel = 19;
nix.daemonIONiceLevel = 7;
nix.useSandbox = true;
# The NixOS release to be compatible with for stateful data such as databases.
# system.stateVersion = "unstable";
networking.hostName = "steveej-liveusb"; # Define your hostname.
networking.firewall.enable = true;
networking.firewall.checkReversePath = false;
# Provide a NAT/DHCP Router
#
# networking.nat.enable = true;
# networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
# networking.nat.externalInterface = "wlp1s0";
# networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
# { address = "10.254.253.254"; prefixLength = 24; }
# ];
# services.dnsmasq = {
# enable = true;
# servers = [ "8.8.8.8" "8.8.4.4" ];
# extraConfig = ''
# domain=lan
# interface=enp0s20f0u4u1u3
# bind-interfaces
# dhcp-range=10.254.253.100,10.254.253.199,1h
# '';
# };
networking.networkmanager = {
enable = true;
dns = "dnsmasq";
unmanaged = [
"interface-name:veth*"
"interface-name:virbr*"
"interface-name:br*"
"interface-name:*vbox*"
"interface-name:*cni*"
];
};
programs.zsh = {
enable = false;
};
environment.sessionVariables = {
NIXPKGS_ALLOW_UNFREE = "1";
# Don't create .pyc files.
PYTHONDONTWRITEBYTECODE = "1";
};
environment.etc."lvm/lvm.conf".text = ''
devices {
issue_discards = 1
}
'';
environment.pathsToLink = [ "/share/zsh" ];
# Fonts, I18N, Date ...
fonts = {
enableCoreFonts = true;
};
i18n = {
consoleFont = "lat9w-16";
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin";
#time.timeZone = "America/Los_Angeles";
# Services
services.gpm.enable = true;
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
services.gnome3 = {
gnome-disks.enable = false;
gnome-documents.enable = false;
gnome-online-miners.enable = false;
gnome-user-share.enable = false;
gnome-terminal-server.enable = false;
gpaste.enable = false;
sushi.enable = false;
tracker.enable = false;
# FIXME: gnome should be moved to user session
seahorse.enable = true;
gvfs.enable = true;
at-spi2-core.enable = true;
evolution-data-server.enable = true;
gnome-online-accounts.enable = true;
gnome-keyring.enable = true;
};
services.teamviewer.enable = false;
services.printing = {
enable = false;
};
services.pcscd.enable = true;
services.xserver = {
enable = true;
libinput.enable = true;
libinput.naturalScrolling = true;
videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
xkbVariant = "altgr-intl";
xkbOptions = "nodeadkeys";
desktopManager = {
# FIXME: gnome should be moved to user session
gnome3.enable = true;
xterm.enable = true;
plasma5.enable = false;
};
displayManager = {
gdm.enable = false;
lightdm = {
enable = true;
autoLogin = {
enable = true;
user = "steveej";
};
background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
};
sessionCommands = ''
'';
};
};
# Package configuration
environment.systemPackages = with pkgs; [
];
# More Services
services.udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
];
services.udev.extraRules = ''
# OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
# Plantronics BackBeat PRO
SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
''
;
services.packagekit.enable = true;
services.resolved.enable = false;
services.nix-serve.enable = false;
services.samba.enable = true;
services.samba.extraConfig = ''
client max protocol = SMB3
'';
# hardware related services
services.illum.enable = true;
hardware = {
bluetooth.enable = true;
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
support32Bit = true;
};
};
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [
blueman
];
# Kubernetes
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
libvirtd.enable = false;
virtualbox.host.enable = false;
virtualbox.guest.enable = false;
docker.enable = true;
};
# Activation scripts for impure set up of paths in /
system.activationScripts.bin = ''
echo "setting up /bin..."
ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
mv -Tf /bin/.bash /bin/bash
'';
system.activationScripts.etcX11sessinos = ''
echo "setting up /etc/X11/sessions..."
mkdir -p /etc/X11
ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
mv -Tf /etc/X11/.sessions /etc/X11/sessions
'';
system.activationScripts.lib64 = ''
echo "setting up /lib64..."
mkdir -p /lib64
ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
'';
}

51
nixos-configuration/steveej-live-usb/user.nix
View file

@ -1,51 +0,0 @@
{ config
, pkgs
, ... }:
let
passwords = import ../common/passwords.crypt.nix;
mkUser = {uid, hashedPassword, ... } @ args: args // {
inherit uid hashedPassword;
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
];
};
in
{
users.mutableUsers = false;
users.defaultUserShell = pkgs.zsh;
users.extraUsers.root = {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
users.extraUsers.steveej = mkUser {
uid = 1000;
hashedPassword = passwords.users.steveej;
};
users.extraUsers.steveej2 = mkUser {
uid = 1001;
hashedPassword = passwords.users.steveej2;
};
users.extraUsers.steveej3 = mkUser {
uid = 1002;
hashedPassword = passwords.users.steveej;
};
security.pam.enableU2F = true;
security.pam.services.steveej.u2fAuth = true;
}