nixos-config: add live MMC system and extract commons

nixos-configuration/common/keys.nix

@@ -0,0 +1,7 @@
+{
+  openssh = {
+    steveej = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382"
+    ];
+  };
+}

nixos-configuration/common/lib/default.nix

@@ -0,0 +1,24 @@
+let 
+  keys = import ../keys.nix;
+
+in
+
+{
+  mkUser = {uid, hashedPassword, ... } @ args: args // {
+    inherit uid hashedPassword;
+    isNormalUser = true;
+    extraGroups = [
+      "docker"
+      "wheel"
+      "libvirtd"
+      "networkmanager"
+      "vboxusers"
+      "users"
+      "input"
+      "audio"
+      "video"
+      "cdrom"
+    ];
+  };
+}
+

nixos-configuration/common/steveej-live-usb/boot.nix

@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Bootloader, initrd and Kernel
+  boot.loader.grub = {
+    enable = true;
+    enableCryptodisk = true;
+    version = 2;
+  };
+
+  boot.initrd.availableKernelModules = [ 
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+    "aes_x86_64"
+    "aesni_intel"
+    "cryptd"
+  ];
+
+  boot.kernelModules = [ 
+    "kvm-intel"
+
+    # Workaround for nm-pptp to enforce module load
+    "nf_conntrack_proto_gre"
+    "nf_conntrack_pptp"
+  ];
+
+  boot.extraModprobeConfig = ''
+    options kvm-intel nested=1
+    options kvm-intel enable_shadow_vmcs=1
+    options kvm-intel enable_apicv=1
+    options kvm-intel ept=1
+  '';
+  boot.extraModulePackages = [ ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = false; 
+
+  # workaround to disable CPU wining
+  # current CPU has 9 idle cstates.
+
+  boot.tmpOnTmpfs = true;
+}

nixos-configuration/common/steveej-live-usb/configuration.nix

@@ -0,0 +1,15 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [ 
+    ./pkg.nix
+    ./hw.nix
+    ./system.nix
+    ./user.nix
+    ./boot.nix
+  ];
+}

nixos-configuration/common/steveej-live-usb/hw.nix

@@ -0,0 +1,6 @@
+{ config, lib, pkgs, ... }:
+
+{
+  hardware.enableAllFirmware = true;
+  hardware.trackpoint.emulateWheel = true;
+}

nixos-configuration/common/steveej-live-usb/pkg.nix

@@ -0,0 +1,296 @@
+{ config,
+  pkgs,
+  ... }:
+
+let
+  environmentVariables = {
+    EDITOR = "nvim";
+  };
+
+  dotfiles = builtins.fetchGit {
+    url = "https://gitlab.com/steveeJ/dotfiles.git";
+    ref = "master";
+  };
+
+  mkSimpleTrayService = { execStart }: {
+    Unit = {
+      Description = "pasystray applet";
+      After = [ "graphical-session-pre.target" ];
+      PartOf = [ "graphical-session.target" ];
+    };
+
+    Install = {
+      WantedBy = [ "graphical-session.target" ];
+    };
+
+    Service = {
+      ExecStart = execStart;
+    };
+  };
+
+
+in {
+  imports = [
+    "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
+  ];
+  
+  nixpkgs.config = {
+    allowBroken = false;
+    allowUnfree = true;
+
+    packageOverrides = pkgs: with pkgs; {
+      busyboxStatic =  busybox.override {
+        enableStatic = true;
+        extraConfig = ''
+           CONFIG_STATIC y
+           CONFIG_INSTALL_APPLET_DONT y
+           CONFIG_INSTALL_APPLET_SYMLINKS n
+         '';
+      };
+    };
+
+  };
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  home-manager.users.steveej = {
+
+  programs.firefox = {
+    enable = true;
+    enableAdobeFlash = false;
+    enableGoogleTalk = true;
+    enableIcedTea = true;
+  };
+
+  programs.command-not-found.enable = true;
+
+  programs.zsh = {
+    enable = true;
+
+    # will be called again by oh-my-zsh
+    enableCompletion = false;
+    enableAutosuggestions = true;
+    initExtra = ''
+      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
+%_%F{%(!.red.green)}$(prompt_char)%f '
+      RPROMPT=""
+
+      # Automatic rehash
+      zstyle ':completion:*' rehash true
+
+      if [ -f $HOME/.shrc.d/sh_aliases ]; then
+        . $HOME/.shrc.d/sh_aliases
+      fi
+
+      # source "$HOME/.homesick/repos/homeshick/homeshick.sh"
+      # fpath=($HOME/.homesick/repos/homeshick/completions $fpath)
+
+
+      # Disable intercepting of ctrl-s and ctrl-q as flow control.
+      stty stop ''' -ixoff -ixon
+
+      # don't cd into directories when executed
+      unsetopt AUTO_CD
+
+      # Load direnv
+      eval "$(direnv hook zsh)"
+
+      source <(hcloud completion zsh)    # zsh
+    '';
+    sessionVariables = environmentVariables // {
+      # Add more envrionment variables here
+    };
+
+    plugins = [
+      {
+        # will source zsh-autosuggestions.plugin.zsh
+        name = "zsh-autosuggestions";
+        src = pkgs.fetchFromGitHub {
+          owner = "zsh-users";
+          repo = "zsh-autosuggestions";
+          rev = "v0.4.0";
+          sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
+        };
+      }
+      {
+        name = "enhancd";
+        file = "init.sh";
+        src = pkgs.fetchFromGitHub {
+          owner = "b4b4r07";
+          repo = "enhancd";
+          rev = "v2.2.1";
+          sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g";
+        };
+      }
+      {
+        name = "pass";
+        src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass";
+      }
+      {
+        name = "minikube";
+        src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube";
+      }
+    ];
+    oh-my-zsh = {
+      enable = true;
+      theme = "tjkirch";
+      plugins = [
+        "git"
+        "sudo"
+      ];
+    };
+  };
+
+  programs.neovim = {
+    enable = true;
+  };
+
+  home.keyboard = {
+    layout = "us";
+    variant = "altgr-intl";
+    options = [
+      "nodeadkeys"
+     # "caps:swapescape"
+    ];
+  };
+
+  xsession = {
+    enable = true;
+    windowManager.command = "${pkgs.qtile}/bin/qtile";
+    initExtra = ''
+      ${pkgs.autorandr}/bin/autorandr -c
+      ${pkgs.feh}/bin/feh --bg-scale ${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png
+
+      # Workaround for Libreoffice to force gtk3
+      export SAL_USE_VCLPLUGIN=gtk3
+    '';
+  };
+
+  home.file = {
+    ".config/qtile/config.py" = {
+      source = "${dotfiles}/home/.config/qtile/config.py";
+    };
+    ".config/roxterm.sourceforge.net" = {
+      source = "${dotfiles}/home/.config/roxterm.sourceforge.net";
+      recursive = true;
+    };
+    ".config/autorandr" = {
+      source = "${dotfiles}/home/.config/autorandr";
+      recursive = true;
+    };
+  };
+
+  services = {
+    gnome-keyring.enable = true;
+    blueman-applet.enable = true;
+    screen-locker = {
+      enable = true;
+      inactiveInterval = 7;
+      lockCmd = "${pkgs.xscreensaver}/bin/xscreensaver-command -lock";
+    };
+    xscreensaver.enable = true;
+    network-manager-applet.enable = true;
+    syncthing.enable = true;
+    gpg-agent = {
+      enable = true;
+      enableScDaemon = true;
+      enableSshSupport = true;
+      grabKeyboardAndMouse = true;
+    };
+    flameshot.enable = true;
+  };
+
+  systemd.user = {
+    startServices = true;
+    services = {
+      redshift-gtk = mkSimpleTrayService {
+        execStart = "${pkgs.redshift}/bin/redshift-gtk -v -l 47.6691:9.1698 -t 7000:4500 -m randr";
+      };
+
+      pasystray = mkSimpleTrayService {
+        execStart = "${pkgs.pasystray}/bin/pasystray"; 
+      };
+
+      cbatticon = mkSimpleTrayService {
+        execStart = "${pkgs.cbatticon}/bin/cbatticon";
+      };
+    };
+  };
+
+  home.packages = []
+    ++ (with pkgs; [
+      # Version Control Systems
+      git-crypt
+      gitFull
+      gitless
+
+      # Filesystem Tools
+      ntfs3g
+      ddrescue
+      ncdu
+      unetbootin
+      pcmanfm
+      hdparm
+      testdisk
+      python27Packages.binwalk
+      gptfdisk
+
+      # Password Management
+      gnupg
+      (hiPrio pass)
+      pass-otp
+      qtpass
+      rofi-pass
+      yubikey-neo-manager
+      yubikey-personalization
+      yubikey-personalization-gui
+      gnome3.gnome_keyring
+      gnome3.seahorse
+
+      # Code Editors
+      xclip
+      xsel
+
+      # Archive Managers
+      sshfsFuse
+      xarchive
+      p7zip
+      zip
+      unzip
+      gzip
+      lzop
+
+      # X Tools/Libraries
+      lightdm
+      qtile
+      feh
+      xscreensaver
+      gnome3.networkmanagerapplet
+      autorandr
+      arandr
+      gnome3.gnome_themes_standard
+      gnome3.adwaita-icon-theme
+      lxappearance
+      xorg.xcursorthemes
+
+      # Misc Desktop Tools
+      ltunify
+      solaar
+      dex
+      roxterm
+      busyboxStatic 
+      xorg.xbacklight
+      coreutils
+      lsof
+      pavucontrol
+      x11_ssh_askpass
+      xdotool
+      xdg_utils
+      xdg-user-dirs
+      gnome3.dconf
+      picocom
+      glib.dev # contains gdbus tool
+    ]);
+  };
+}

nixos-configuration/common/steveej-live-usb/system.nix

@@ -0,0 +1,214 @@
+{ config, lib, pkgs, ... }:
+
+
+let
+
+in {
+  nix.binaryCachePublicKeys = [
+    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+  ];
+  nix.binaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+  nix.trustedBinaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+
+  nix.daemonNiceLevel = 19;
+  nix.daemonIONiceLevel = 7;
+  nix.maxJobs = lib.mkDefault 3;
+  nix.buildCores = 3;
+
+  nix.useSandbox = true;
+
+  networking.firewall.enable = true;
+  networking.firewall.checkReversePath = false;
+
+  networking.networkmanager = {
+    enable = true;
+    dns = "dnsmasq";
+    unmanaged = [
+      "interface-name:veth*"
+      "interface-name:virbr*"
+      "interface-name:br*"
+      "interface-name:*vbox*"
+      "interface-name:*cni*"
+    ];
+  };
+
+  environment.sessionVariables = {
+    NIXPKGS_ALLOW_UNFREE = "1";
+
+    # Don't create .pyc files.
+    PYTHONDONTWRITEBYTECODE = "1";
+  };
+
+  environment.etc."lvm/lvm.conf".text = ''
+    devices {
+      issue_discards = 1
+    }
+  '';
+
+  environment.pathsToLink = [ "/share/zsh" ];
+
+  # Fonts, I18N, Date ...
+  fonts = {
+    enableCoreFonts = true;
+  };
+
+  i18n = {
+    consoleFont = "lat9w-16";
+    defaultLocale = "en_US.UTF-8";
+  };
+  time.timeZone = "Europe/Berlin";
+  #time.timeZone = "America/Los_Angeles";
+
+  # Services
+  services.gpm.enable = true;
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+
+  services.gnome3 = {
+    gnome-disks.enable = false;
+    gnome-documents.enable = false;
+    gnome-online-miners.enable = false;
+    gnome-user-share.enable = false;
+    gnome-terminal-server.enable = false;
+    gpaste.enable = false;
+    sushi.enable = false;
+    tracker.enable = false;
+
+    # FIXME: gnome should be moved to user session
+    seahorse.enable = true;
+    gvfs.enable = true;
+    at-spi2-core.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+    gnome-keyring.enable = true;
+  };
+
+  services.teamviewer.enable = false;
+
+  services.printing = {
+    enable = false;
+  };
+
+  services.pcscd.enable = true;
+  services.xserver = {
+    enable = true;
+    libinput.enable = true;
+    libinput.naturalScrolling = true;
+
+    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
+    xkbVariant = "altgr-intl";
+    xkbOptions = "nodeadkeys";
+
+    desktopManager = {
+      # FIXME: gnome should be moved to user session
+      gnome3.enable = true;
+
+      xterm.enable = true;
+      plasma5.enable = false;
+    };
+
+    displayManager = {
+      gdm.enable = false;
+
+      lightdm = {
+        enable = true;
+        autoLogin = {
+          enable = true;
+          user = "steveej";
+        };
+        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
+      };
+
+      sessionCommands = ''
+      '';
+    };
+  };
+
+ # Package configuration
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # More Services
+  services.udev.packages = [
+    pkgs.libu2f-host
+    pkgs.yubikey-personalization
+  ];
+  services.udev.extraRules = ''
+    # OnePlusOne
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+
+    # Plantronics BackBeat PRO
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
+  ''
+      ;
+
+  services.packagekit.enable = true;
+
+  services.resolved.enable = false;
+  services.nix-serve.enable = false;
+
+  services.samba.enable = true;
+  services.samba.extraConfig = ''
+    client max protocol = SMB3
+  '';
+
+  # hardware related services
+  services.illum.enable = true;
+
+  hardware = {
+    bluetooth.enable = true;
+    pulseaudio = {
+      enable = true;
+      package = pkgs.pulseaudioFull;
+      support32Bit = true;
+    };
+  };
+
+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  # required for running blueman-applet in user sessions
+  services.dbus.packages = with pkgs; [ 
+    blueman
+  ];
+
+  # virtualization
+  virtualisation = {
+    libvirtd.enable = false;
+    virtualbox.host.enable = false;
+    virtualbox.guest.enable = false;
+    docker.enable = true;
+  };
+
+  # Activation scripts for impure set up of paths in /
+  system.activationScripts.bin = ''
+    echo "setting up /bin..."
+    mkdir -p /bin
+    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
+    mv -Tf /bin/.bash /bin/bash
+  '';
+  system.activationScripts.etcX11sessinos = ''
+    echo "setting up /etc/X11/sessions..."
+    mkdir -p /etc/X11
+    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
+    mv -Tf /etc/X11/.sessions /etc/X11/sessions
+  '';
+  system.activationScripts.lib64 = ''
+    echo "setting up /lib64..."
+    mkdir -p /lib64
+    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
+    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+  '';
+}

nixos-configuration/common/steveej-live-usb/user.nix

@@ -0,0 +1,51 @@
+{ config
+, pkgs
+, ... }:
+
+let 
+  passwords = import ../common/passwords.crypt.nix;
+  mkUser = {uid, hashedPassword, ... } @ args: args // {
+    inherit uid hashedPassword;
+    isNormalUser = true;
+    extraGroups = [
+      "docker"
+      "wheel"
+      "libvirtd"
+      "networkmanager"
+      "vboxusers"
+      "users"
+      "input"
+      "audio"
+      "video"
+      "cdrom"
+    ];
+  };
+
+in
+{
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.zsh;
+
+  users.extraUsers.root = {
+    hashedPassword = passwords.users.root;
+    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
+  };
+
+  users.extraUsers.steveej = mkUser {
+    uid = 1000;
+    hashedPassword = passwords.users.steveej;
+  };
+
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+    hashedPassword = passwords.users.steveej2;
+  };
+
+  users.extraUsers.steveej3 = mkUser {
+    uid = 1002;
+    hashedPassword = passwords.users.steveej;
+  };
+
+  security.pam.enableU2F = true;
+  security.pam.services.steveej.u2fAuth = true;
+}

nixos-configuration/common/user/root.nix

@@ -1,16 +1,14 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+{ config
+, pkgs
+, ... }:
 
-{ config, pkgs, ... }:
 let 
   passwords = import ../passwords.crypt.nix;
-in
-{
+  keys = import ../keys.nix;
+in {
   users.mutableUsers = false;
-
   users.extraUsers.root = {
     hashedPassword = passwords.users.root;
-    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
+    openssh.authorizedKeys.keys = keys.openssh.steveej;
   };
 }

nixos-configuration/common/user/steveej.nix

@@ -0,0 +1,20 @@
+{ config
+, pkgs
+, ... }:
+
+let 
+  passwords = import ../passwords.crypt.nix;
+  keys = import ../keys.nix;
+  inherit (import ../lib) mkUser;
+in {
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.zsh;
+
+  users.extraUsers.steveej = mkUser {
+    uid = 1000;
+    hashedPassword = passwords.users.steveej;
+  };
+
+  security.pam.enableU2F = true;
+  security.pam.services.steveej.u2fAuth = true;
+}