From 3745e5c19acb77cbf287cc1d6ba0d0a08703e7f3 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Tue, 7 May 2019 14:13:46 -0700
Subject: add helium and refactor lithium
---
machines/helium.nix | 118 +++++++++++++++++++++++++++++++++++++++++++++++++++
machines/lithium.nix | 31 --------------
machines/users.nix | 31 ++++++++++++++
3 files changed, 149 insertions(+), 31 deletions(-)
create mode 100644 machines/helium.nix
create mode 100644 machines/users.nix
(limited to 'machines')
diff --git a/machines/helium.nix b/machines/helium.nix
new file mode 100644
index 0000000..8bbeebc
--- /dev/null
+++ b/machines/helium.nix
@@ -0,0 +1,118 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+ networking = {
+ hostName = "helium";
+ networkmanager.enable = true;
+ };
+
+ time.timeZone = "America/Los_Angeles";
+
+ environment.systemPackages = with pkgs; [
+ wget
+ vnstat
+ ];
+
+ fonts.fonts = with pkgs; [
+ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+ fira fira-code fira-code-symbols
+ ];
+
+ nixpkgs = {
+ config = {
+ allowUnfree = true;
+ allowBroken = true;
+ };
+ };
+
+ hardware = {
+ opengl.enable = true;
+ pulseaudio = {
+ enable = true;
+ extraConfig = ''
+ load-module module-loopback
+ '';
+ };
+ };
+
+ programs = {
+ bash.enableCompletion = true;
+ command-not-found.enable = true;
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ mosh.enable = true;
+ };
+
+ services = {
+ pcscd = {
+ enable = true;
+ };
+
+ fractalart = {
+ enable = true;
+ };
+
+ logind = {
+ lidSwitch = "suspend";
+ extraConfig = "IdleAction=lock";
+ };
+
+ printing.enable = true;
+
+ xserver = {
+ enable = true;
+ layout = "us";
+ libinput.enable = true;
+
+ displayManager.sddm.enable = true;
+
+ desktopManager = {
+ plasma5.enable = true;
+ xterm.enable = true;
+ };
+ };
+
+ vnstat.enable = true;
+
+ # security stuff
+ fail2ban.enable = false;
+ clamav = {
+ daemon.enable = false;
+ updater.enable = false;
+ };
+ };
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ powerManagement.enable = true;
+
+ nix = {
+ gc = {
+ automatic = true;
+ dates = "03:15";
+ };
+ binaryCaches = [ "https://cache.nixos.org/" ];
+ nixPath = [
+ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+ "nixos-config=/etc/nixos/configuration.nix"
+ "/nix/var/nix/profiles/per-user/root/channels"
+ ];
+ extraOptions = ''
+ gc-keep-outputs = true
+ gc-keep-derivations = true
+ '';
+ };
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "19.03"; # Did you read the comment?
+ system.autoUpgrade.enable = true;
+
+}
diff --git a/machines/lithium.nix b/machines/lithium.nix
index 7ccc93c..9d2db53 100644
--- a/machines/lithium.nix
+++ b/machines/lithium.nix
@@ -3,9 +3,6 @@
let
myIp = "68.107.97.20"; # hiddor-kahih
gitDir = "/srv/git";
- benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb";
- nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com";
- dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL";
in
{
@@ -97,11 +94,6 @@ in
forwardX11 = true;
};
- offlineimap = {
- enable = true;
- install = true;
- };
-
deluge = {
enable = true;
openFilesLimit = 10240;
@@ -282,29 +274,6 @@ in
};
};
- users = {
- users = {
- ben = {
- isNormalUser = true;
- home = "/home/ben";
- openssh.authorizedKeys.keys = [ "${benKey}" ];
- extraGroups = [ "wheel" "networkmanager" "docker" ];
- };
- nick = {
- isNormalUser = true;
- home = "/home/nick";
- openssh.authorizedKeys.keys = [ "${nickKey}" ];
- extraGroups = [ "docker" ];
- };
- dre = {
- isNormalUser = true;
- home = "/home/dre";
- openssh.authorizedKeys.keys = [ "${dreKey}" ];
- extraGroups = [ "docker" ];
- };
- };
- };
-
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
diff --git a/machines/users.nix b/machines/users.nix
new file mode 100644
index 0000000..5d20b58
--- /dev/null
+++ b/machines/users.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+let
+ benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb";
+ nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com";
+ dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL";
+in
+{
+ users = {
+ users = {
+ ben = {
+ isNormalUser = true;
+ home = "/home/ben";
+ openssh.authorizedKeys.keys = [ "${benKey}" ];
+ extraGroups = [ "wheel" "networkmanager" "docker" ];
+ };
+ nick = {
+ isNormalUser = true;
+ home = "/home/nick";
+ openssh.authorizedKeys.keys = [ "${nickKey}" ];
+ extraGroups = [ "docker" ];
+ };
+ dre = {
+ isNormalUser = true;
+ home = "/home/dre";
+ openssh.authorizedKeys.keys = [ "${dreKey}" ];
+ extraGroups = [ "docker" ];
+ };
+ };
+ };
+}
--
cgit v1.2.3