From f75ab8d2716ce6c8413b80d200d7940911bf6139 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 29 Oct 2018 00:54:49 +0100 Subject: [PATCH] nixos-config: add live MMC system and extract commons --- nixos-configuration/common/keys.nix | 7 + nixos-configuration/common/lib/default.nix | 24 ++ .../common/passwords.crypt.nix | Bin 523 -> 283 bytes .../common/steveej-live-usb/boot.nix | 47 +++ .../common/steveej-live-usb/configuration.nix | 15 + .../common/steveej-live-usb/hw.nix | 6 + .../common/steveej-live-usb/pkg.nix | 296 ++++++++++++++++++ .../common/steveej-live-usb/system.nix | 214 +++++++++++++ .../common/steveej-live-usb/user.nix | 51 +++ nixos-configuration/common/user/root.nix | 14 +- nixos-configuration/common/user/steveej.nix | 20 ++ nixos-configuration/steveej-laptop/user.nix | 38 +-- .../configuration.nix | 20 ++ .../hw.nix | 51 +++ .../system.nix | 8 + 15 files changed, 771 insertions(+), 40 deletions(-) create mode 100644 nixos-configuration/common/keys.nix create mode 100644 nixos-configuration/common/lib/default.nix create mode 100644 nixos-configuration/common/steveej-live-usb/boot.nix create mode 100644 nixos-configuration/common/steveej-live-usb/configuration.nix create mode 100644 nixos-configuration/common/steveej-live-usb/hw.nix create mode 100644 nixos-configuration/common/steveej-live-usb/pkg.nix create mode 100644 nixos-configuration/common/steveej-live-usb/system.nix create mode 100644 nixos-configuration/common/steveej-live-usb/user.nix create mode 100644 nixos-configuration/common/user/steveej.nix create mode 100644 nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/configuration.nix create mode 100644 nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/hw.nix create mode 100644 nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/system.nix diff --git a/nixos-configuration/common/keys.nix b/nixos-configuration/common/keys.nix new file mode 100644 index 0000000..33ebf40 --- /dev/null +++ b/nixos-configuration/common/keys.nix @@ -0,0 +1,7 @@ +{ + openssh = { + steveej = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" + ]; + }; +} diff --git a/nixos-configuration/common/lib/default.nix b/nixos-configuration/common/lib/default.nix new file mode 100644 index 0000000..aa1aad3 --- /dev/null +++ b/nixos-configuration/common/lib/default.nix @@ -0,0 +1,24 @@ +let + keys = import ../keys.nix; + +in + +{ + mkUser = {uid, hashedPassword, ... } @ args: args // { + inherit uid hashedPassword; + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + ]; + }; +} + diff --git a/nixos-configuration/common/passwords.crypt.nix b/nixos-configuration/common/passwords.crypt.nix index 26cb48491b894f645f56dae596f5ad82025b7fb1..2ff89f73359171e1e0f5e91f79a8da423d56eaaf 100644 GIT binary patch literal 283 zcmZQ@_Y83kiVO&0n3Axr(@Z2lCHbBItZBM0O}W=<-RTbf8E~$IUB-67E6pE!Pwv&c zaqRx}??)ECJ$mqpW!&YMZTFZ?CZ7{cRDT`4wj{4>^Sm`#{SArfAI?sA6jYzuxE1zsy)xlWY_6_0Ru>a%#RJ203N-BZ`DyykJ5|v zOBQc;SuA%X-FoHc?Jsf_{><7Cki7SNbLE=lF8?=e_#!(Y|E&3TjV84?r8%;?-gP(F zoYqXay?NHj-c9xj8FQDtdofY+)OyXvg{-^G(<1DjW|T}+WuIdxr9JViRb9mYLdGTg uG9IdBGwJ)JE4OP^oxF84t*oI|;TfKG$Avz(^jfcwvDlp1+BAvNPhPfk|GpwmyX?ikQ$H?SyoPz*YGwva-ZqU( zOSZliO_n|@Baol`T72ozx>r^C;tj>|>o^U5IOdj5Q|%U8@|t7GMyIC=LiWbC>psrj z=q#Ba9diHv=MBEk-apM1S=mpp`erE}hgpZuc{c~ lAoe@&Kz)&F=R-lKw24=QRCpeH|5!P5XGuhW{d1-ePXKK({v-eZ diff --git a/nixos-configuration/common/steveej-live-usb/boot.nix b/nixos-configuration/common/steveej-live-usb/boot.nix new file mode 100644 index 0000000..ff9e4f0 --- /dev/null +++ b/nixos-configuration/common/steveej-live-usb/boot.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Bootloader, initrd and Kernel + boot.loader.grub = { + enable = true; + enableCryptodisk = true; + version = 2; + }; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + "aes_x86_64" + "aesni_intel" + "cryptd" + ]; + + boot.kernelModules = [ + "kvm-intel" + + # Workaround for nm-pptp to enforce module load + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; + + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; + boot.extraModulePackages = [ ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + + # workaround to disable CPU wining + # current CPU has 9 idle cstates. + + boot.tmpOnTmpfs = true; +} diff --git a/nixos-configuration/common/steveej-live-usb/configuration.nix b/nixos-configuration/common/steveej-live-usb/configuration.nix new file mode 100644 index 0000000..b49f937 --- /dev/null +++ b/nixos-configuration/common/steveej-live-usb/configuration.nix @@ -0,0 +1,15 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ./pkg.nix + ./hw.nix + ./system.nix + ./user.nix + ./boot.nix + ]; +} diff --git a/nixos-configuration/common/steveej-live-usb/hw.nix b/nixos-configuration/common/steveej-live-usb/hw.nix new file mode 100644 index 0000000..eb625e4 --- /dev/null +++ b/nixos-configuration/common/steveej-live-usb/hw.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.trackpoint.emulateWheel = true; +} diff --git a/nixos-configuration/common/steveej-live-usb/pkg.nix b/nixos-configuration/common/steveej-live-usb/pkg.nix new file mode 100644 index 0000000..46c1891 --- /dev/null +++ b/nixos-configuration/common/steveej-live-usb/pkg.nix @@ -0,0 +1,296 @@ +{ config, + pkgs, + ... }: + +let + environmentVariables = { + EDITOR = "nvim"; + }; + + dotfiles = builtins.fetchGit { + url = "https://gitlab.com/steveeJ/dotfiles.git"; + ref = "master"; + }; + + mkSimpleTrayService = { execStart }: { + Unit = { + Description = "pasystray applet"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + ExecStart = execStart; + }; + }; + + +in { + imports = [ + "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos" + ]; + + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + + packageOverrides = pkgs: with pkgs; { + busyboxStatic = busybox.override { + enableStatic = true; + extraConfig = '' + CONFIG_STATIC y + CONFIG_INSTALL_APPLET_DONT y + CONFIG_INSTALL_APPLET_SYMLINKS n + ''; + }; + }; + + }; + + environment.systemPackages = with pkgs; [ + ]; + + home-manager.users.steveej = { + + programs.firefox = { + enable = true; + enableAdobeFlash = false; + enableGoogleTalk = true; + enableIcedTea = true; + }; + + programs.command-not-found.enable = true; + + programs.zsh = { + enable = true; + + # will be called again by oh-my-zsh + enableCompletion = false; + enableAutosuggestions = true; + initExtra = '' + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f +%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" + + # Automatic rehash + zstyle ':completion:*' rehash true + + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi + + # source "$HOME/.homesick/repos/homeshick/homeshick.sh" + # fpath=($HOME/.homesick/repos/homeshick/completions $fpath) + + + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon + + # don't cd into directories when executed + unsetopt AUTO_CD + + # Load direnv + eval "$(direnv hook zsh)" + + source <(hcloud completion zsh) # zsh + ''; + sessionVariables = environmentVariables // { + # Add more envrionment variables here + }; + + plugins = [ + { + # will source zsh-autosuggestions.plugin.zsh + name = "zsh-autosuggestions"; + src = pkgs.fetchFromGitHub { + owner = "zsh-users"; + repo = "zsh-autosuggestions"; + rev = "v0.4.0"; + sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc"; + }; + } + { + name = "enhancd"; + file = "init.sh"; + src = pkgs.fetchFromGitHub { + owner = "b4b4r07"; + repo = "enhancd"; + rev = "v2.2.1"; + sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g"; + }; + } + { + name = "pass"; + src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass"; + } + { + name = "minikube"; + src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube"; + } + ]; + oh-my-zsh = { + enable = true; + theme = "tjkirch"; + plugins = [ + "git" + "sudo" + ]; + }; + }; + + programs.neovim = { + enable = true; + }; + + home.keyboard = { + layout = "us"; + variant = "altgr-intl"; + options = [ + "nodeadkeys" + # "caps:swapescape" + ]; + }; + + xsession = { + enable = true; + windowManager.command = "${pkgs.qtile}/bin/qtile"; + initExtra = '' + ${pkgs.autorandr}/bin/autorandr -c + ${pkgs.feh}/bin/feh --bg-scale ${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png + + # Workaround for Libreoffice to force gtk3 + export SAL_USE_VCLPLUGIN=gtk3 + ''; + }; + + home.file = { + ".config/qtile/config.py" = { + source = "${dotfiles}/home/.config/qtile/config.py"; + }; + ".config/roxterm.sourceforge.net" = { + source = "${dotfiles}/home/.config/roxterm.sourceforge.net"; + recursive = true; + }; + ".config/autorandr" = { + source = "${dotfiles}/home/.config/autorandr"; + recursive = true; + }; + }; + + services = { + gnome-keyring.enable = true; + blueman-applet.enable = true; + screen-locker = { + enable = true; + inactiveInterval = 7; + lockCmd = "${pkgs.xscreensaver}/bin/xscreensaver-command -lock"; + }; + xscreensaver.enable = true; + network-manager-applet.enable = true; + syncthing.enable = true; + gpg-agent = { + enable = true; + enableScDaemon = true; + enableSshSupport = true; + grabKeyboardAndMouse = true; + }; + flameshot.enable = true; + }; + + systemd.user = { + startServices = true; + services = { + redshift-gtk = mkSimpleTrayService { + execStart = "${pkgs.redshift}/bin/redshift-gtk -v -l 47.6691:9.1698 -t 7000:4500 -m randr"; + }; + + pasystray = mkSimpleTrayService { + execStart = "${pkgs.pasystray}/bin/pasystray"; + }; + + cbatticon = mkSimpleTrayService { + execStart = "${pkgs.cbatticon}/bin/cbatticon"; + }; + }; + }; + + home.packages = [] + ++ (with pkgs; [ + # Version Control Systems + git-crypt + gitFull + gitless + + # Filesystem Tools + ntfs3g + ddrescue + ncdu + unetbootin + pcmanfm + hdparm + testdisk + python27Packages.binwalk + gptfdisk + + # Password Management + gnupg + (hiPrio pass) + pass-otp + qtpass + rofi-pass + yubikey-neo-manager + yubikey-personalization + yubikey-personalization-gui + gnome3.gnome_keyring + gnome3.seahorse + + # Code Editors + xclip + xsel + + # Archive Managers + sshfsFuse + xarchive + p7zip + zip + unzip + gzip + lzop + + # X Tools/Libraries + lightdm + qtile + feh + xscreensaver + gnome3.networkmanagerapplet + autorandr + arandr + gnome3.gnome_themes_standard + gnome3.adwaita-icon-theme + lxappearance + xorg.xcursorthemes + + # Misc Desktop Tools + ltunify + solaar + dex + roxterm + busyboxStatic + xorg.xbacklight + coreutils + lsof + pavucontrol + x11_ssh_askpass + xdotool + xdg_utils + xdg-user-dirs + gnome3.dconf + picocom + glib.dev # contains gdbus tool + ]); + }; +} diff --git a/nixos-configuration/common/steveej-live-usb/system.nix b/nixos-configuration/common/steveej-live-usb/system.nix new file mode 100644 index 0000000..7e662a4 --- /dev/null +++ b/nixos-configuration/common/steveej-live-usb/system.nix @@ -0,0 +1,214 @@ +{ config, lib, pkgs, ... }: + + +let + +in { + nix.binaryCachePublicKeys = [ + # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + nix.binaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + + nix.daemonNiceLevel = 19; + nix.daemonIONiceLevel = 7; + nix.maxJobs = lib.mkDefault 3; + nix.buildCores = 3; + + nix.useSandbox = true; + + networking.firewall.enable = true; + networking.firewall.checkReversePath = false; + + networking.networkmanager = { + enable = true; + dns = "dnsmasq"; + unmanaged = [ + "interface-name:veth*" + "interface-name:virbr*" + "interface-name:br*" + "interface-name:*vbox*" + "interface-name:*cni*" + ]; + }; + + environment.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + + # Don't create .pyc files. + PYTHONDONTWRITEBYTECODE = "1"; + }; + + environment.etc."lvm/lvm.conf".text = '' + devices { + issue_discards = 1 + } + ''; + + environment.pathsToLink = [ "/share/zsh" ]; + + # Fonts, I18N, Date ... + fonts = { + enableCoreFonts = true; + }; + + i18n = { + consoleFont = "lat9w-16"; + defaultLocale = "en_US.UTF-8"; + }; + time.timeZone = "Europe/Berlin"; + #time.timeZone = "America/Los_Angeles"; + + # Services + services.gpm.enable = true; + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + + services.gnome3 = { + gnome-disks.enable = false; + gnome-documents.enable = false; + gnome-online-miners.enable = false; + gnome-user-share.enable = false; + gnome-terminal-server.enable = false; + gpaste.enable = false; + sushi.enable = false; + tracker.enable = false; + + # FIXME: gnome should be moved to user session + seahorse.enable = true; + gvfs.enable = true; + at-spi2-core.enable = true; + evolution-data-server.enable = true; + gnome-online-accounts.enable = true; + gnome-keyring.enable = true; + }; + + services.teamviewer.enable = false; + + services.printing = { + enable = false; + }; + + services.pcscd.enable = true; + services.xserver = { + enable = true; + libinput.enable = true; + libinput.naturalScrolling = true; + + videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ]; + xkbVariant = "altgr-intl"; + xkbOptions = "nodeadkeys"; + + desktopManager = { + # FIXME: gnome should be moved to user session + gnome3.enable = true; + + xterm.enable = true; + plasma5.enable = false; + }; + + displayManager = { + gdm.enable = false; + + lightdm = { + enable = true; + autoLogin = { + enable = true; + user = "steveej"; + }; + background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png"; + }; + + sessionCommands = '' + ''; + }; + }; + + # Package configuration + environment.systemPackages = with pkgs; [ + ]; + + # More Services + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; + services.udev.extraRules = '' + # OnePlusOne + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + + # Plantronics BackBeat PRO + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777" + '' + ; + + services.packagekit.enable = true; + + services.resolved.enable = false; + services.nix-serve.enable = false; + + services.samba.enable = true; + services.samba.extraConfig = '' + client max protocol = SMB3 + ''; + + # hardware related services + services.illum.enable = true; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + support32Bit = true; + }; + }; + + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; + + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ + blueman + ]; + + # virtualization + virtualisation = { + libvirtd.enable = false; + virtualbox.host.enable = false; + virtualbox.guest.enable = false; + docker.enable = true; + }; + + # Activation scripts for impure set up of paths in / + system.activationScripts.bin = '' + echo "setting up /bin..." + mkdir -p /bin + ln -sfT ${pkgs.bash}/bin/bash /bin/.bash + mv -Tf /bin/.bash /bin/bash + ''; + system.activationScripts.etcX11sessinos = '' + echo "setting up /etc/X11/sessions..." + mkdir -p /etc/X11 + ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions + mv -Tf /etc/X11/.sessions /etc/X11/sessions + ''; + system.activationScripts.lib64 = '' + echo "setting up /lib64..." + mkdir -p /lib64 + ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 + mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + ''; +} diff --git a/nixos-configuration/common/steveej-live-usb/user.nix b/nixos-configuration/common/steveej-live-usb/user.nix new file mode 100644 index 0000000..6d53acd --- /dev/null +++ b/nixos-configuration/common/steveej-live-usb/user.nix @@ -0,0 +1,51 @@ +{ config +, pkgs +, ... }: + +let + passwords = import ../common/passwords.crypt.nix; + mkUser = {uid, hashedPassword, ... } @ args: args // { + inherit uid hashedPassword; + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + ]; + }; + +in +{ + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.extraUsers.root = { + hashedPassword = passwords.users.root; + openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + }; + + users.extraUsers.steveej = mkUser { + uid = 1000; + hashedPassword = passwords.users.steveej; + }; + + users.extraUsers.steveej2 = mkUser { + uid = 1001; + hashedPassword = passwords.users.steveej2; + }; + + users.extraUsers.steveej3 = mkUser { + uid = 1002; + hashedPassword = passwords.users.steveej; + }; + + security.pam.enableU2F = true; + security.pam.services.steveej.u2fAuth = true; +} diff --git a/nixos-configuration/common/user/root.nix b/nixos-configuration/common/user/root.nix index f8d03de..58dd395 100644 --- a/nixos-configuration/common/user/root.nix +++ b/nixos-configuration/common/user/root.nix @@ -1,16 +1,14 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +{ config +, pkgs +, ... }: -{ config, pkgs, ... }: let passwords = import ../passwords.crypt.nix; -in -{ + keys = import ../keys.nix; +in { users.mutableUsers = false; - users.extraUsers.root = { hashedPassword = passwords.users.root; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + openssh.authorizedKeys.keys = keys.openssh.steveej; }; } diff --git a/nixos-configuration/common/user/steveej.nix b/nixos-configuration/common/user/steveej.nix new file mode 100644 index 0000000..dbea0b7 --- /dev/null +++ b/nixos-configuration/common/user/steveej.nix @@ -0,0 +1,20 @@ +{ config +, pkgs +, ... }: + +let + passwords = import ../passwords.crypt.nix; + keys = import ../keys.nix; + inherit (import ../lib) mkUser; +in { + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.extraUsers.steveej = mkUser { + uid = 1000; + hashedPassword = passwords.users.steveej; + }; + + security.pam.enableU2F = true; + security.pam.services.steveej.u2fAuth = true; +} diff --git a/nixos-configuration/steveej-laptop/user.nix b/nixos-configuration/steveej-laptop/user.nix index 82ef36e..bb04679 100644 --- a/nixos-configuration/steveej-laptop/user.nix +++ b/nixos-configuration/steveej-laptop/user.nix @@ -2,51 +2,25 @@ , pkgs , ... }: -let +let passwords = import ../common/passwords.crypt.nix; - mkUser = {uid, hashedPassword, ... } @ args: args // { - inherit uid hashedPassword; - isNormalUser = true; - extraGroups = [ - "docker" - "wheel" - "libvirtd" - "networkmanager" - "vboxusers" - "users" - "input" - "audio" - "video" - "cdrom" - ]; - }; + keys = import ../common/keys.nix; + inherit (import ../common/lib) mkUser; in { - users.mutableUsers = false; - users.defaultUserShell = pkgs.zsh; - users.extraUsers.root = { - hashedPassword = passwords.users.root; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; - }; - - users.extraUsers.steveej = mkUser { - uid = 1000; - hashedPassword = passwords.users.steveej; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + openssh.authorizedKeys.keys = keys.openssh.steveej; }; users.extraUsers.steveej2 = mkUser { uid = 1001; - hashedPassword = passwords.users.steveej2; + hashedPassword = passwords.users.steveej; }; users.extraUsers.steveej3 = mkUser { uid = 1002; hashedPassword = passwords.users.steveej; }; - - security.pam.enableU2F = true; - security.pam.services.steveej.u2fAuth = true; } + diff --git a/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/configuration.nix b/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/configuration.nix new file mode 100644 index 0000000..6830f65 --- /dev/null +++ b/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/configuration.nix @@ -0,0 +1,20 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, deviceid, ... }: + +{ + imports = [ + ../common/steveej-live-usb/boot.nix + ../common/steveej-live-usb/system.nix + ../common/steveej-live-usb/hw.nix + ../common/steveej-live-usb/pkg.nix + ../common/user/root.nix + ../common/user/steveej.nix + ../common/pkg/default.nix + + ./system.nix + ./hw.nix + ]; +} diff --git a/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/hw.nix b/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/hw.nix new file mode 100644 index 0000000..4c0cf5a --- /dev/null +++ b/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/hw.nix @@ -0,0 +1,51 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +let + deviceId = "mmc-SL32G_0x259093f6"; + volumeGroup = deviceId; + + bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" deviceId ]; + bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" deviceId "-part2" ]; + bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" deviceId "-part3" ]; + rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ]; + swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ]; + +in { + + fileSystems."/boot" = { + device = bootFsDevice; + fsType = "vfat"; + }; + + fileSystems."/" = { + device = rootFsDevice; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + + fileSystems."/home" = { + device = rootFsDevice; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + swapDevices = [ { device = swapFsDevice; } ]; + + boot.loader.grub = { + device = bootGrubDevice; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + boot.initrd.luks.devices = [ + { + name = "cryptliveusb"; + device = bootLuksDevice; + preLVM = true; + allowDiscards = true; + } + ]; +} diff --git a/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/system.nix b/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/system.nix new file mode 100644 index 0000000..c202de5 --- /dev/null +++ b/nixos-configuration/steveej-live-usb-mmc-SL32G_0x259093f6/system.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +let + +in { + + networking.hostName = "steveej-mmc-SL32G_0x259093f6"; # Define your hostname. +}