From a89e6a711bd370398f6a8f2d9b8c99adfa831029 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Fri, 18 Feb 2022 12:20:26 -0500
Subject: updates

---
 machines/helium.nix | 22 ++++++++++++----------
 machines/oxygen.nix |  9 +++++----
 machines/users.nix  |  2 +-
 3 files changed, 18 insertions(+), 15 deletions(-)

(limited to 'machines')

diff --git a/machines/helium.nix b/machines/helium.nix
index 383cbe1..44c317d 100644
--- a/machines/helium.nix
+++ b/machines/helium.nix
@@ -63,15 +63,12 @@ in {
   # hardware.acpilight.enable = true;
   hardware.brillo.enable = true;
   hardware.opengl.enable = true;
-  hardware.pulseaudio = {
-      enable = true;
-      extraConfig = ''
-        load-module module-loopback
-      '';
-    };
 
   sound.enable = true;
   sound.mediaKeys.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.daemon.logLevel = "debug";
+  # hardware.pulseaudio.extraConfig = "load-module module-loopback";
 
   programs = {
     bash.enableCompletion = true;
@@ -89,6 +86,7 @@ in {
     pcscd.enable = true;
 
     logind.lidSwitch = "suspend";
+    logind.lidSwitchDocked = "lock";
     logind.extraConfig = "IdleAction=lock";
 
     clight.enable = true;
@@ -111,6 +109,8 @@ in {
     xserver.xautolock.locker = "${pkgs.xlockmore}/bin/xlock";
     xserver.xautolock.nowlocker = "${pkgs.xlockmore}/bin/xlock"; # xautolock -locknow
     xserver.xautolock.time = 5; # minutes
+    xserver.xautolock.killer = "${pkgs.systemd}/bin/systemctl suspend";
+    xserver.xautolock.killtime = 120; # minutes
     xserver.xautolock.enableNotifier = true;
     xserver.xautolock.notify = 30; # seconds
     xserver.xautolock.notifier = ''${pkgs.libnotify}/bin/notify-send "Locking in 30 seconds"'';
@@ -130,15 +130,17 @@ in {
       LABEL="yubico_end"
 
       # when yubi is removed, activate yubilock
-      ACTION=="remove", ENV{ID_BUS}=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", ENV{ID_SERIAL}="Yubico_Yubikey_4_OTP+U2F+CCID", RUN+="${pkgs.systemd}/bin/systemctl start yubilock"
+      #ACTION=="remove", ENV{ID_BUS}=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", ENV{ID_SERIAL}="Yubico_Yubikey_4_OTP+U2F+CCID", RUN+="${pkgs.systemd}/bin/systemctl start xlock"
     '';
   };
   systemd.services = {
-    "yubilock" = {
-      enable = false;
+    "xlock" = {
+      enable = true;
       script = "xlock";
       path = [ pkgs.xlockmore  ];
-      wantedBy = ["dummy.device"]; # i have to provide a WantedBy
+      # nat sure about these targets
+      wantedBy = [ "sleep.target" "suspend.target" "hibernate.target" ];
+      after = [ "sleep.target" "suspend.target" "hibernate.target" ];
       environment = { DISPLAY = ":0"; };
       # i think i can get rid of user if I use this script:
       # https://0day.work/locking-the-screen-when-removing-a-yubikey/
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
index 4aa933e..7630436 100644
--- a/machines/oxygen.nix
+++ b/machines/oxygen.nix
@@ -13,7 +13,7 @@ let
       owner = "drduh";
       repo = "YubiKey-Guide";
       rev = "fe6434577bce964aefd33d5e085d6ac0008e17ce";
-      sha256 = lib.fakeSha256;
+      sha256 = "1f4sqj2nspv6939p3gj2ma4fnbz12l95kcr3bjzphjdgxkdx42hx";
     };
     buildInputs = [ pkgs.pandoc ];
     installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
@@ -32,7 +32,6 @@ in {
   isoImage.makeUsbBootable = true;
 
   users.users.root.initialHashedPassword = "";
-  services.getty.autologinUser = "root";
   documentation.enable = true;
   documentation.nixos.enable = true;
 
@@ -119,6 +118,7 @@ in {
 
   services.xserver.displayManager.sddm.enable = true;
   services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "root";
   services.xserver.displayManager.defaultSession = "xfce";
   services.xserver.displayManager.sessionCommands = ''
     ${pkgs.midori}/bin/midori ${guide} &
@@ -134,13 +134,14 @@ in {
 
   powerManagement.enable = false;
 
-  nix.useSandbox = true;
   nix.nixPath = [
     "nixpkgs=${nixpkgs}"
     "nixos-config=/etc/nixos/configuration.nix"
     "/nix/var/nix/profiles/per-user/root/channels"
   ];
-  nix.binaryCaches =  [ ];
+  nix.useSandbox = true;
+  nix.buildMachines =  [ ];
+
   system.extraSystemBuilderCmds = "ln -sv ${pkgs.path} $out/nixpkgs";
   environment.etc.host-nix-channel.source = pkgs.path;
 
diff --git a/machines/users.nix b/machines/users.nix
index c716dcc..e64e61a 100644
--- a/machines/users.nix
+++ b/machines/users.nix
@@ -10,7 +10,7 @@ in
         isNormalUser = true;
         home = "/home/ben";
         openssh.authorizedKeys.keys = [ "${benKey}" ];
-        extraGroups = [ "wheel" "networkmanager" "docker" "video"];
+        extraGroups = [ "wheel" "networkmanager" "docker" "audio" "video"];
       };
     };
   };
-- 
cgit v1.2.3