steveej-laptop: commit current config

* disable CPU wining * migrate system packages away to out-of-tree home-manger * vim: disable deoplete * enable the firewall * upgrade syntax for release 18.03 * enable gnome services (again)
2018-05-04 09:13:54 +02:00 · 2018-05-04 09:13:54 +02:00 · f3683fcda9
commit f3683fcda9
parent 81f953baee
7 changed files with 113 additions and 266 deletions
--- a/nixos-configuration/steveej-laptop/system.nix
+++ b/nixos-configuration/steveej-laptop/system.nix
@ -1,26 +1,62 @@
 { config, lib, pkgs, ... }:

+
+let
+  gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
+
+in 
+
 rec {
  nix.binaryCachePublicKeys = [
-    "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];
  nix.binaryCaches = [
    "https://cache.nixos.org"
-    "https://hydra.nixos.org"
+    # "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
-    "https://hydra.nixos.org"
+    # "https://hydra.nixos.org"
  ];

  nix.daemonNiceLevel = 19;
  nix.daemonIONiceLevel = 7;

+  nix.package = pkgs.nixUnstable;
+
+  nix.useSandbox = true;
+
  # The NixOS release to be compatible with for stateful data such as databases.
  # system.stateVersion = "unstable";
  networking.hostName = "steveej-laptop"; # Define your hostname.

-  networking.firewall.enable = false;
+  networking.hosts = {
+    "160.85.37.177" = [ "splabchat" ];
+  };
+
+  networking.firewall.enable = true;
+  networking.firewall.checkReversePath = false;
+
+  # Provide a NAT/DHCP Router
+  #
+  # networking.nat.enable = true;
+  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
+  # networking.nat.externalInterface = "wlp1s0";
+  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
+  #     { address = "10.254.253.254"; prefixLength = 24; }
+  # ];
+  # services.dnsmasq = {
+  #   enable = true;
+  #   servers = [ "8.8.8.8" "8.8.4.4" ];
+  #   extraConfig = ''
+  #     domain=lan
+  #     interface=enp0s20f0u4u1u3
+  #     bind-interfaces
+  #     dhcp-range=10.254.253.100,10.254.253.199,1h
+  #   '';
+  # };
+
+
  networking.networkmanager = {
    enable = true;
    unmanaged = [
@ -33,7 +69,7 @@ rec {
  };

  networking.bridges."virbr1".interfaces = [];
-  networking.interfaces."virbr1".ip4 = [
+  networking.interfaces."virbr1".ipv4.addresses = [
      { address = "10.254.254.254"; prefixLength = 24; }
  ];

@ -94,9 +130,6 @@ rec {
    '';
  };

-   # Package configuration
-   environment.systemPackages = with pkgs; [
-   ];

  environment.sessionVariables = {
    EDITOR = "vim";
@ -129,11 +162,33 @@ rec {
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";

+  services.gnome3 = {
+    gnome-disks.enable = false;
+    gnome-documents.enable = false;
+    gnome-online-miners.enable = false;
+    gnome-user-share.enable = false;
+    gnome-terminal-server.enable = false;
+    gpaste.enable = false;
+    sushi.enable = false;
+    tracker.enable = false;
+
+    # FIXME: gnome should be moved to user session
+    seahorse.enable = true;
+    gvfs.enable = true;
+    at-spi2-core.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+    gnome-keyring.enable = true;
+  };
+
  services.teamviewer.enable = false;

  services.printing = {
    enable = true;
-    drivers = [ pkgs.hplip ];
+    drivers = [ 
+      pkgs.hplip
+      gitpkgs.cups-kyodialog3
+    ];
  };

  services.pcscd.enable = true;
@ -146,31 +201,38 @@ rec {
    xkbVariant = "altgr-intl";
    xkbOptions = "nodeadkeys,caps:swapescape";

-    windowManager.qtile.enable = true;
-    windowManager.default = "qtile";
    desktopManager = {
+      # FIXME: gnome should be moved to user session
      gnome3.enable = true;
+
      xterm.enable = true;
      plasma5.enable = false;
    };

    displayManager = {
-      gdm.enable = true;
-      gdm.wayland = false;
-        # ${pkgs.xautolock}/bin/xautolock -time 10 -locker slimlock &
-        # ${pkgs.redshift}/bin/redshift-gtk -v -b 1.0:1.0 -l 47.6691:9.1698 -t 7000:4500 -m randr &
+      lightdm = {
+        enable = true;
+        autoLogin = {
+          enable = true;
+          user = "steveej";
+        };
+        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
+      };
+
      sessionCommands = ''
-        ${pkgs.redshift}/bin/redshift-gtk -v -l 47.6691:9.1698 -t 7000:4500 -m randr &
-        ${pkgs.networkmanagerapplet}/bin/nm-applet &
-        ${pkgs.xorg.xsetroot}/bin/xsetroot -solid darkblue &
-        ${pkgs.autorandr}/bin/autorandr -l common &
      '';
    };
  };
+
+ # Package configuration
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # More Services
  services.udev.packages = [
-      pkgs.libu2f-host
-      pkgs.yubikey-personalization
-    ];
+    pkgs.libu2f-host
+    pkgs.yubikey-personalization
+  ];
  services.udev.extraRules = ''
    # OnePlusOne
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
@ -205,9 +267,24 @@ rec {
    };
  };

+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  # required for running blueman-applet in user sessions
+  services.dbus.packages = with pkgs; [ 
+    blueman
+  ];
+
+  # Kubernetes
+  # services.kubernetes.roles = ["master" "node"];
+
  # virtualization
  virtualisation = {
    libvirtd.enable = true;
+    libvirtd.qemuPackage = pkgs.qemu;
    virtualbox.host.enable = true;
    virtualbox.host.addNetworkInterface = true;
    docker.enable = true;