better hardware/logical separation
parent
fbb3463bd4
commit
258d0d6253
|
@ -10,7 +10,7 @@ in
|
|||
imports =
|
||||
[ ./hardware-configuration.nix
|
||||
../roles/common.nix
|
||||
../roles/graphical.nix
|
||||
../roles/workstation.nix
|
||||
../modules/tor-hidden-service.nix
|
||||
];
|
||||
|
||||
|
@ -22,7 +22,6 @@ in
|
|||
systemd.services.scsi-link-pm.enable = false;
|
||||
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
packageOverrides = pkgs : {
|
||||
bluez = pkgs.bluez5;
|
||||
# https://github.com/NixOS/nixpkgs/issues/22099
|
||||
|
@ -30,22 +29,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
btrfs-progs ghostscript
|
||||
];
|
||||
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
|
||||
users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword;
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
gpg-connect-agent /bye
|
||||
unset SSH_AGENT_PID
|
||||
export SSH_AUTH_SOCK="''${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
|
||||
'';
|
||||
|
||||
services.tor.hiddenServices = [
|
||||
{ name = "ssh";
|
||||
|
|
|
@ -59,13 +59,12 @@
|
|||
fsType = "ext2";
|
||||
};
|
||||
|
||||
|
||||
|
||||
swapDevices = [ ];
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.gutenprint ];
|
||||
};
|
||||
|
||||
nix.maxJobs = 8;
|
||||
|
||||
services.tcsd.enable = true; # it has a TPM. maybe use this?
|
||||
environment.systemPackages = with pkgs; [tpm-tools];
|
||||
environment.systemPackages = with pkgs; [btrfs-progs tpm-tools];
|
||||
}
|
||||
|
|
|
@ -23,9 +23,6 @@ in
|
|||
|
||||
networking.hostName = secrets.hostnames.frumar;
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "15.09";
|
||||
|
||||
|
|
|
@ -4,48 +4,22 @@
|
|||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let secrets = import <secrets>;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../roles/common.nix
|
||||
../roles/graphical.nix
|
||||
../roles/workstation.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "jarvis"; # Define your hostname.
|
||||
# Select internationalisation properties.
|
||||
i18n.consoleFont = "latarcyrheb-sun32";
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
# services.openssh.enable = true; # temp
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "17.03";
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
btrfs-progs
|
||||
];
|
||||
|
||||
#virtualisation.virtualbox.host.enable = true;
|
||||
|
||||
users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword;
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
gpg-connect-agent /bye
|
||||
unset SSH_AGENT_PID
|
||||
export SSH_AUTH_SOCK="''${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
|
||||
${pkgs.xorg.xrandr}/bin/xrandr --dpi 192
|
||||
'';
|
||||
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||
|
|
|
@ -13,6 +13,12 @@
|
|||
boot.extraModulePackages = [ ];
|
||||
boot.blacklistedKernelModules = ["psmouse"];
|
||||
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
|
||||
|
@ -44,6 +50,8 @@
|
|||
];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
|
||||
environment.systemPackages = [pkgs.btrfs-progs];
|
||||
|
||||
# ideal... doesn't work.
|
||||
#services.udev.extraRules = ''
|
||||
|
@ -60,5 +68,6 @@
|
|||
|
||||
services.xserver.videoDrivers = ["modesetting"];
|
||||
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
|
||||
|
||||
# bigger console font
|
||||
i18n.consoleFont = "latarcyrheb-sun32";
|
||||
}
|
||||
|
|
|
@ -31,14 +31,10 @@ in
|
|||
|
||||
environment.noXlibs = true;
|
||||
|
||||
services.openssh.enable = true;
|
||||
networking.enableIPv6 = lib.mkOverride 30 true;
|
||||
|
||||
system.stateVersion = "16.03";
|
||||
|
||||
# root password is useful from console, ssh has password logins disabled
|
||||
users.extraUsers.root.hashedPassword = secrets.pennyworth_hashedPassword;
|
||||
|
||||
# email
|
||||
services.mailz = {
|
||||
domain = config.networking.hostName;
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
let secrets = import <secrets>;
|
||||
in
|
||||
{ config, pkgs, lib, ...}:
|
||||
{
|
||||
imports = [];
|
||||
|
@ -5,6 +7,9 @@
|
|||
users.mutableUsers = false;
|
||||
users.extraUsers.root = {
|
||||
openssh.authorizedKeys.keys = config.users.extraUsers.yorick.openssh.authorizedKeys.keys;
|
||||
# root password is useful from console, ssh has password logins disabled
|
||||
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
||||
|
||||
};
|
||||
services.timesyncd.enable = true;
|
||||
users.extraUsers.yorick = {
|
||||
|
@ -36,6 +41,7 @@
|
|||
networking.enableIPv6 = false;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
challengeResponseAuthentication = false;
|
||||
};
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
let secrets = import <secrets>;
|
||||
in
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
options.yorick.support32bit = with lib;
|
||||
mkOption { type = types.bool; default = false; };
|
||||
config = {
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
@ -23,10 +28,10 @@
|
|||
};
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
driSupport32Bit = config.yorick.support32bit;
|
||||
};
|
||||
hardware.pulseaudio.enable = true;
|
||||
hardware.pulseaudio.support32Bit = true;
|
||||
hardware.pulseaudio.support32Bit = config.yorick.support32bit;
|
||||
|
||||
fonts = {
|
||||
enableFontDir = true;
|
||||
|
@ -39,16 +44,10 @@
|
|||
source-han-sans-japanese
|
||||
];
|
||||
};
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
latitude = "51.8";
|
||||
longitude = "5.8";
|
||||
temperature = {
|
||||
day = 6500;
|
||||
night = 5500;
|
||||
};
|
||||
};
|
||||
# spotify
|
||||
networking.firewall.allowedTCPPorts = [57621];
|
||||
networking.firewall.allowedUDPPorts = [57621];
|
||||
|
||||
users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../roles/graphical.nix
|
||||
];
|
||||
users.extraUsers.yorick.extraGroups = ["input"];
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
latitude = "51.8";
|
||||
longitude = "5.8";
|
||||
temperature = {
|
||||
day = 6500;
|
||||
night = 5500;
|
||||
};
|
||||
};
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.gutenprint ];
|
||||
};
|
||||
environment.systemPackages = [pkgs.ghostscript];
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
gpg-connect-agent /bye
|
||||
unset SSH_AGENT_PID
|
||||
export SSH_AUTH_SOCK="''${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"
|
||||
'';
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
yorick.support32bit = true;
|
||||
}
|
|
@ -16,59 +16,18 @@ in
|
|||
../roles/graphical.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = secrets.hostnames.woodhouse;
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
# consoleFont = "Lat2-Terminus16";
|
||||
# consoleKeyMap = "us";
|
||||
# defaultLocale = "en_US.UTF-8";
|
||||
# };
|
||||
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
hardware.opengl.driSupport32Bit = lib.mkOverride 30 false;
|
||||
hardware.pulseaudio.support32Bit = lib.mkOverride 30 false;
|
||||
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
|
||||
# root password is useful from console, ssh has password logins disabled
|
||||
users.extraUsers.root.hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
||||
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
# services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
# services.xserver.displayManager.kdm.enable = true;
|
||||
# services.xserver.desktopManager.kde4.enable = true;
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "16.09";
|
||||
|
||||
|
||||
services.redshift.enable = lib.mkOverride 30 false;
|
||||
services.xserver = {
|
||||
# displayManager.slim.autoLogin = true; # TODO: debug this
|
||||
};
|
||||
|
||||
users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
btrfs-progs
|
||||
];
|
||||
|
||||
services.tor.hiddenServices = [
|
||||
{ name = "ssh";
|
||||
port = 22;
|
||||
|
|
|
@ -13,6 +13,9 @@
|
|||
boot.extraModulePackages = [ ];
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/fa5026b1-0f73-4233-a417-780c65f3f038";
|
||||
|
@ -30,4 +33,8 @@
|
|||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
services.xserver.videoDrivers = ["intel"];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
btrfs-progs
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue