From 68ca11e4db2db108e7bde4da0ab90c9a6141c93f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Oct 2018 18:02:33 +0100 Subject: [PATCH] nixos-config: add live-usb-transcend --- .../steveej-live-usb-transcend/boot.nix | 23 ++ .../configuration.nix | 15 ++ .../steveej-live-usb-transcend/hw.nix | 60 +++++ .../steveej-live-usb-transcend/pkg.nix | 167 ++++++++++++ .../steveej-live-usb-transcend/system.nix | 243 ++++++++++++++++++ .../steveej-live-usb-transcend/user.nix | 51 ++++ 6 files changed, 559 insertions(+) create mode 100644 nixos-configuration/steveej-live-usb-transcend/boot.nix create mode 100644 nixos-configuration/steveej-live-usb-transcend/configuration.nix create mode 100644 nixos-configuration/steveej-live-usb-transcend/hw.nix create mode 100644 nixos-configuration/steveej-live-usb-transcend/pkg.nix create mode 100644 nixos-configuration/steveej-live-usb-transcend/system.nix create mode 100644 nixos-configuration/steveej-live-usb-transcend/user.nix diff --git a/nixos-configuration/steveej-live-usb-transcend/boot.nix b/nixos-configuration/steveej-live-usb-transcend/boot.nix new file mode 100644 index 0000000..f8ad805 --- /dev/null +++ b/nixos-configuration/steveej-live-usb-transcend/boot.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Bootloader, initrd and Kernel + boot.loader.grub = { + enable = true; + enableCryptodisk = true; + version = 2; + }; + + # workaround to disable CPU wining + # current CPU has 9 idle cstates. + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; + + boot.tmpOnTmpfs = true; +} diff --git a/nixos-configuration/steveej-live-usb-transcend/configuration.nix b/nixos-configuration/steveej-live-usb-transcend/configuration.nix new file mode 100644 index 0000000..b49f937 --- /dev/null +++ b/nixos-configuration/steveej-live-usb-transcend/configuration.nix @@ -0,0 +1,15 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ./pkg.nix + ./hw.nix + ./system.nix + ./user.nix + ./boot.nix + ]; +} diff --git a/nixos-configuration/steveej-live-usb-transcend/hw.nix b/nixos-configuration/steveej-live-usb-transcend/hw.nix new file mode 100644 index 0000000..4a8d6a8 --- /dev/null +++ b/nixos-configuration/steveej-live-usb-transcend/hw.nix @@ -0,0 +1,60 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + nix.maxJobs = lib.mkDefault 3; + nix.buildCores = 3; + + hardware.enableAllFirmware = true; + hardware.trackpoint.emulateWheel = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; + boot.extraModulePackages = [ ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + + fileSystems."/boot" = { + device = "/dev/disk/by-id/usb-JetFlash_Transcend_8GB_199164062-0:0-part2"; + fsType = "vfat"; + }; + + fileSystems."/" = { + device = "/dev/live-usb-transcend/live-usb-swap"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + + fileSystems."/home" = { + device = "/dev/live-usb-transcend/live-usb-root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + swapDevices = [ + { device = "/dev/live-usb-transcend/live-usb-swap"; } + ]; + + boot.loader.grub = { + device = "/dev/disk/by-id/usb-JetFlash_Transcend_8GB_199164062-0:0"; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + boot.initrd.luks.devices = [ { + name = "crypt-live-usb"; + device = "/dev/disk/by-id/usb-JetFlash_Transcend_8GB_199164062-0:0-part3"; + preLVM = true; + allowDiscards = true; + } + ]; +} diff --git a/nixos-configuration/steveej-live-usb-transcend/pkg.nix b/nixos-configuration/steveej-live-usb-transcend/pkg.nix new file mode 100644 index 0000000..eed0765 --- /dev/null +++ b/nixos-configuration/steveej-live-usb-transcend/pkg.nix @@ -0,0 +1,167 @@ +{ config, + pkgs, + ... }: + +let + environmentVariables = { + EDITOR = "nvim"; + }; + +in +{ + + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + + packageOverrides = pkgs: rec { + + }; + }; + + imports = [ + ../common/pkg/default.nix + "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" + ]; + + environment.systemPackages = with pkgs; [ + ]; + + + home-manager.users.steveej = { + /* + programs.firefox = { + enable = true; + enableAdobeFlash = false; + enableGoogleTalk = true; + enableIcedTea = true; + }; + + programs.command-not-found.enable = true; + + programs.zsh = { + enable = true; + + # will be called again by oh-my-zsh + enableCompletion = false; + enableAutosuggestions = true; + initExtra = '' + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f +%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" + + # Automatic rehash + zstyle ':completion:*' rehash true + + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi + + source "$HOME/.homesick/repos/homeshick/homeshick.sh" + fpath=($HOME/.homesick/repos/homeshick/completions $fpath) + + + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon + + # don't cd into directories when executed + unsetopt AUTO_CD + + # Load direnv + eval "$(direnv hook zsh)" + + source <(hcloud completion zsh) # zsh + ''; + sessionVariables = environmentVariables // { + # Add more envrionment variables here + }; + + plugins = [ + { + # will source zsh-autosuggestions.plugin.zsh + name = "zsh-autosuggestions"; + src = pkgs.fetchFromGitHub { + owner = "zsh-users"; + repo = "zsh-autosuggestions"; + rev = "v0.4.0"; + sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc"; + }; + } + { + name = "enhancd"; + file = "init.sh"; + src = pkgs.fetchFromGitHub { + owner = "b4b4r07"; + repo = "enhancd"; + rev = "v2.2.1"; + sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g"; + }; + } + { + name = "pass"; + src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass"; + } + { + name = "minikube"; + src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube"; + } + ]; + oh-my-zsh = { + enable = true; + theme = "tjkirch"; + plugins = [ + "git" + "sudo" + ]; + }; + }; + + programs.neovim = { + enable = true; + }; + + home.keyboard = { + layout = "us"; + variant = "altgr-intl"; + options = [ + "nodeadkeys" + # "caps:swapescape" + ]; + }; + + home.packages = [] + ++ (with pkgs; [ + # Version Control Systems + git-crypt + unstablepkgs.pijul + gitFull + gitless + + # Password Management + gnupg + (hiPrio pass) + pass-otp + qtpass + rofi-pass + yubikey-neo-manager + yubikey-personalization + yubikey-personalization-gui + gnome3.gnome_keyring + gnome3.seahorse + + # Code Editors + xclip + xsel + + # Archive Managers + sshfsFuse + xarchive + p7zip + zip + unzip + gzip + lzop + ]); + */ + }; +} diff --git a/nixos-configuration/steveej-live-usb-transcend/system.nix b/nixos-configuration/steveej-live-usb-transcend/system.nix new file mode 100644 index 0000000..8a5df9f --- /dev/null +++ b/nixos-configuration/steveej-live-usb-transcend/system.nix @@ -0,0 +1,243 @@ +{ config, lib, pkgs, ... }: + + +let + +in + +rec { + nix.binaryCachePublicKeys = [ + # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + nix.binaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + + nix.daemonNiceLevel = 19; + nix.daemonIONiceLevel = 7; + + nix.useSandbox = true; + + # The NixOS release to be compatible with for stateful data such as databases. + # system.stateVersion = "unstable"; + networking.hostName = "steveej-liveusb"; # Define your hostname. + + networking.firewall.enable = true; + networking.firewall.checkReversePath = false; + + # Provide a NAT/DHCP Router + # + # networking.nat.enable = true; + # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ]; + # networking.nat.externalInterface = "wlp1s0"; + # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [ + # { address = "10.254.253.254"; prefixLength = 24; } + # ]; + # services.dnsmasq = { + # enable = true; + # servers = [ "8.8.8.8" "8.8.4.4" ]; + # extraConfig = '' + # domain=lan + # interface=enp0s20f0u4u1u3 + # bind-interfaces + # dhcp-range=10.254.253.100,10.254.253.199,1h + # ''; + # }; + + networking.networkmanager = { + enable = true; + dns = "dnsmasq"; + unmanaged = [ + "interface-name:veth*" + "interface-name:virbr*" + "interface-name:br*" + "interface-name:*vbox*" + "interface-name:*cni*" + ]; + }; + + programs.zsh = { + enable = false; + }; + + environment.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + + # Don't create .pyc files. + PYTHONDONTWRITEBYTECODE = "1"; + }; + + environment.etc."lvm/lvm.conf".text = '' + devices { + issue_discards = 1 + } + ''; + + environment.pathsToLink = [ "/share/zsh" ]; + + # Fonts, I18N, Date ... + fonts = { + enableCoreFonts = true; + }; + + i18n = { + consoleFont = "lat9w-16"; + defaultLocale = "en_US.UTF-8"; + }; + time.timeZone = "Europe/Berlin"; + #time.timeZone = "America/Los_Angeles"; + + # Services + services.gpm.enable = true; + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + + services.gnome3 = { + gnome-disks.enable = false; + gnome-documents.enable = false; + gnome-online-miners.enable = false; + gnome-user-share.enable = false; + gnome-terminal-server.enable = false; + gpaste.enable = false; + sushi.enable = false; + tracker.enable = false; + + # FIXME: gnome should be moved to user session + seahorse.enable = true; + gvfs.enable = true; + at-spi2-core.enable = true; + evolution-data-server.enable = true; + gnome-online-accounts.enable = true; + gnome-keyring.enable = true; + }; + + services.teamviewer.enable = false; + + services.printing = { + enable = false; + }; + + services.pcscd.enable = true; + services.xserver = { + enable = true; + libinput.enable = true; + libinput.naturalScrolling = true; + + videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ]; + xkbVariant = "altgr-intl"; + xkbOptions = "nodeadkeys"; + + desktopManager = { + # FIXME: gnome should be moved to user session + gnome3.enable = true; + + xterm.enable = true; + plasma5.enable = false; + }; + + displayManager = { + gdm.enable = false; + + lightdm = { + enable = true; + autoLogin = { + enable = true; + user = "steveej"; + }; + background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png"; + }; + + sessionCommands = '' + ''; + }; + }; + + # Package configuration + environment.systemPackages = with pkgs; [ + ]; + + # More Services + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; + services.udev.extraRules = '' + # OnePlusOne + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + + # Plantronics BackBeat PRO + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777" + '' + ; + + services.packagekit.enable = true; + + services.resolved.enable = false; + services.nix-serve.enable = false; + + services.samba.enable = true; + services.samba.extraConfig = '' + client max protocol = SMB3 + ''; + + # hardware related services + services.illum.enable = true; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + support32Bit = true; + }; + }; + + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; + + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ + blueman + ]; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + libvirtd.enable = false; + virtualbox.host.enable = false; + virtualbox.guest.enable = false; + docker.enable = true; + }; + + # Activation scripts for impure set up of paths in / + system.activationScripts.bin = '' + echo "setting up /bin..." + ln -sfT ${pkgs.bash}/bin/bash /bin/.bash + mv -Tf /bin/.bash /bin/bash + ''; + system.activationScripts.etcX11sessinos = '' + echo "setting up /etc/X11/sessions..." + mkdir -p /etc/X11 + ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions + mv -Tf /etc/X11/.sessions /etc/X11/sessions + ''; + system.activationScripts.lib64 = '' + echo "setting up /lib64..." + mkdir -p /lib64 + ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 + mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + ''; +} diff --git a/nixos-configuration/steveej-live-usb-transcend/user.nix b/nixos-configuration/steveej-live-usb-transcend/user.nix new file mode 100644 index 0000000..6d53acd --- /dev/null +++ b/nixos-configuration/steveej-live-usb-transcend/user.nix @@ -0,0 +1,51 @@ +{ config +, pkgs +, ... }: + +let + passwords = import ../common/passwords.crypt.nix; + mkUser = {uid, hashedPassword, ... } @ args: args // { + inherit uid hashedPassword; + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + ]; + }; + +in +{ + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.extraUsers.root = { + hashedPassword = passwords.users.root; + openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + }; + + users.extraUsers.steveej = mkUser { + uid = 1000; + hashedPassword = passwords.users.steveej; + }; + + users.extraUsers.steveej2 = mkUser { + uid = 1001; + hashedPassword = passwords.users.steveej2; + }; + + users.extraUsers.steveej3 = mkUser { + uid = 1002; + hashedPassword = passwords.users.steveej; + }; + + security.pam.enableU2F = true; + security.pam.services.steveej.u2fAuth = true; +}