From 979956ff9e3cd5d08d7825d495876aea0dcb8074 Mon Sep 17 00:00:00 2001 From: Madeleine Date: Sat, 13 May 2023 21:48:48 +0100 Subject: [PATCH] fixes and added tau --- flake.lock | 36 ++++++---------------- flake.nix | 37 ++++++++++++++++++++--- maddie/common/lsp.nix | 2 +- maddie/common/yt-dlp/ytdlp-music.sh | 0 maddie/nixos/audio/volume.sh | 0 maddie/nixos/bosskey/bosskey.sh | 0 maddie/nixos/dmenu/dmenu-bluetooth | 0 maddie/nixos/dmenu/dmenu-kdeconnect | 0 maddie/nixos/dmenu/dmenu-mount | 0 maddie/nixos/dmenu/dmenu-mpc | 0 maddie/nixos/dmenu/dmenu-pass | 0 maddie/nixos/dmenu/dmenu-power | 0 maddie/nixos/dmenu/dmenu-unicode | 0 maddie/nixos/nsxiv/exec/key-handler | 0 maddie/nixos/screenshot/sss.sh | 0 maddie/nixos/statusbar/sb-clock | 0 maddie/nixos/statusbar/sb-cpu | 0 maddie/nixos/statusbar/sb-disk | 0 maddie/nixos/statusbar/sb-forecast | 0 maddie/nixos/statusbar/sb-iplocate | 0 maddie/nixos/statusbar/sb-kernel | 0 maddie/nixos/statusbar/sb-memory | 0 maddie/nixos/statusbar/sb-temp | 0 maddie/nixos/statusbar/sb-uptime | 0 maddie/nixos/statusbar/sb-volume | 0 maddie/nixos/steam/steam-killer.sh | 0 maddie/nixos/tabbed/tabbed-st | 0 maddie/nixos/xob/styles.cfg | 0 systems/mdesktop/gpg.nix | 5 +-- systems/mdesktop/nixos.nix | 2 +- systems/mdesktop/yubikey.nix | 8 ++--- systems/mmacbookpro/apps.nix | 3 +- systems/tau/android.nix | 5 +++ systems/tau/audio.nix | 14 +++++++++ systems/tau/bluetooth.nix | 6 ++++ systems/tau/boot.nix | 6 ++++ systems/tau/doas.nix | 13 ++++++++ systems/tau/firewall.nix | 6 ++++ systems/tau/fonts.nix | 11 +++++++ systems/tau/gpg.nix | 9 ++++++ systems/tau/locale.nix | 13 ++++++++ systems/tau/networking.nix | 17 +++++++++++ systems/tau/nix.nix | 16 ++++++++++ systems/tau/nixos.nix | 6 ++++ systems/tau/openrazer.nix | 9 ++++++ systems/tau/openrgb.nix | 8 +++++ systems/tau/packages.nix | 47 +++++++++++++++++++++++++++++ systems/tau/security.nix | 6 ++++ systems/tau/services.nix | 6 ++++ systems/tau/ssh.nix | 13 ++++++++ systems/tau/syncthing.nix | 42 ++++++++++++++++++++++++++ systems/tau/systemd.nix | 8 +++++ systems/tau/users.nix | 11 +++++++ systems/tau/virtualisation.nix | 6 ++++ systems/tau/xorg.nix | 17 +++++++++++ systems/tau/yubikey.nix | 22 ++++++++++++++ systems/tau/zsh.nix | 10 ++++++ 57 files changed, 380 insertions(+), 40 deletions(-) mode change 100644 => 100755 maddie/common/yt-dlp/ytdlp-music.sh mode change 100644 => 100755 maddie/nixos/audio/volume.sh mode change 100644 => 100755 maddie/nixos/bosskey/bosskey.sh mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-bluetooth mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-kdeconnect mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-mount mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-mpc mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-pass mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-power mode change 100644 => 100755 maddie/nixos/dmenu/dmenu-unicode mode change 100644 => 100755 maddie/nixos/nsxiv/exec/key-handler mode change 100644 => 100755 maddie/nixos/screenshot/sss.sh mode change 100644 => 100755 maddie/nixos/statusbar/sb-clock mode change 100644 => 100755 maddie/nixos/statusbar/sb-cpu mode change 100644 => 100755 maddie/nixos/statusbar/sb-disk mode change 100644 => 100755 maddie/nixos/statusbar/sb-forecast mode change 100644 => 100755 maddie/nixos/statusbar/sb-iplocate mode change 100644 => 100755 maddie/nixos/statusbar/sb-kernel mode change 100644 => 100755 maddie/nixos/statusbar/sb-memory mode change 100644 => 100755 maddie/nixos/statusbar/sb-temp mode change 100644 => 100755 maddie/nixos/statusbar/sb-uptime mode change 100644 => 100755 maddie/nixos/statusbar/sb-volume mode change 100644 => 100755 maddie/nixos/steam/steam-killer.sh mode change 100644 => 100755 maddie/nixos/tabbed/tabbed-st mode change 100644 => 100755 maddie/nixos/xob/styles.cfg create mode 100644 systems/tau/android.nix create mode 100644 systems/tau/audio.nix create mode 100644 systems/tau/bluetooth.nix create mode 100644 systems/tau/boot.nix create mode 100644 systems/tau/doas.nix create mode 100644 systems/tau/firewall.nix create mode 100644 systems/tau/fonts.nix create mode 100644 systems/tau/gpg.nix create mode 100644 systems/tau/locale.nix create mode 100644 systems/tau/networking.nix create mode 100644 systems/tau/nix.nix create mode 100644 systems/tau/nixos.nix create mode 100644 systems/tau/openrazer.nix create mode 100644 systems/tau/openrgb.nix create mode 100644 systems/tau/packages.nix create mode 100644 systems/tau/security.nix create mode 100644 systems/tau/services.nix create mode 100644 systems/tau/ssh.nix create mode 100644 systems/tau/syncthing.nix create mode 100644 systems/tau/systemd.nix create mode 100644 systems/tau/users.nix create mode 100644 systems/tau/virtualisation.nix create mode 100644 systems/tau/xorg.nix create mode 100644 systems/tau/yubikey.nix create mode 100644 systems/tau/zsh.nix diff --git a/flake.lock b/flake.lock index 1c74dd2..16b0149 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1680266963, - "narHash": "sha256-IW/lzbUCOcldLHWHjNSg1YoViDnZOmz0ZJL7EH9OkV8=", + "lastModified": 1683754942, + "narHash": "sha256-L+Bj8EL4XLmODRIuOkk9sI6FDECVzK+C8jeZFv7q6eY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "99d4187d11be86b49baa3a1aec0530004072374f", + "rev": "252541bd05a7f55f3704a3d014ad1badc1e3360d", "type": "github" }, "original": { @@ -24,15 +24,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1680389554, - "narHash": "sha256-+8FUmS4GbDMynQErZGXKg+wU76rq6mI5fprxFXFWKSM=", + "lastModified": 1683989410, + "narHash": "sha256-puF/QsIkp4ch0sf6M5mNzbdZtYcq2MJHcKre9wJ3ZYo=", "owner": "nix-community", "repo": "home-manager", - "rev": "ddd8866c0306c48f465e7f48432e6f1ecd1da7f8", + "rev": "6702b22b9805bc1879715d4111e3764cd4237aed", "type": "github" }, "original": { @@ -43,11 +42,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1680487167, - "narHash": "sha256-9FNIqrxDZgSliGGN2XJJSvcDYmQbgOANaZA4UWnTdg4=", + "lastModified": 1683777345, + "narHash": "sha256-V2p/A4RpEGqEZussOnHYMU6XglxBJGCODdzoyvcwig8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53dad94e874c9586e71decf82d972dfb640ef044", + "rev": "635a306fc8ede2e34cb3dd0d6d0a5d49362150ed", "type": "github" }, "original": { @@ -61,21 +60,6 @@ "home-manager": "home-manager", "nixpkgs": "nixpkgs" } - }, - "utils": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e5dbb4f..be25c24 100644 --- a/flake.nix +++ b/flake.nix @@ -19,20 +19,32 @@ config.allowUnfree = true; config.allowUnsupportedSystem = false; config.allowBroken = false; + config.permittedInsecurePackages = [ + "libgcrypt-1.8.10" + ]; overlays = import ./overlays.nix; system = "x86_64-linux"; }; - nixpkgs_aarch64 = import nixpkgs { + nixpkgs_aarch64_darwin = import nixpkgs { config.allowUnfree = true; config.allowUnsupportedSystem = false; config.allowBroken = false; overlays = import ./overlays.nix; system = "aarch64-darwin"; }; + + nixpkgs_aarch64_linux = import nixpkgs { + config.allowUnfree = true; + config.allowUnsupportedSystem = false; + config.allowBroken = false; + overlays = import ./overlays.nix; + system = "aarch64-linux"; + }; in { - nixosConfigurations."MDesktop" = nixpkgs.lib.nixosSystem { + nixosConfigurations."MDesktop" = nixpkgs.lib.nixosSystem + { specialArgs = { inherit username; }; pkgs = nixpkgs_x86_64; system = "x86_64-linux"; @@ -45,9 +57,23 @@ ] ++ utils.nixFilesIn ./systems/mdesktop; }; + nixosConfigurations."tau" = nixpkgs.lib.nixosSystem + { + specialArgs = { inherit username; }; + pkgs = nixpkgs_aarch64_linux; + system = "aarch64-linux"; + modules = [ + home-manager.nixosModules.home-manager + { + home-manager.users.${username}.imports = utils.nixFilesIn ./maddie/common ++ utils.nixFilesIn ./maddie/nixos; + home-manager.extraSpecialArgs = { inherit username; pkgs = nixpkgs_aarch64_linux; }; + } + ] ++ utils.nixFilesIn ./systems/tau; + }; + darwinConfigurations."MMacBookPro" = darwin.lib.darwinSystem { - pkgs = nixpkgs_aarch64; + pkgs = nixpkgs_aarch64_darwin; specialArgs = { inherit username; }; system = "aarch64-darwin"; modules = [ @@ -55,13 +81,14 @@ { home-manager.useUserPackages = true; home-manager.users.${username}.imports = utils.nixFilesIn ./maddie/common ++ utils.nixFilesIn ./maddie/macos; - home-manager.extraSpecialArgs = { inherit username; pkgs = nixpkgs_aarch64; }; + home-manager.extraSpecialArgs = { inherit username; pkgs = nixpkgs_aarch64_darwin; }; } ] ++ utils.nixFilesIn ./systems/mmacbookpro; }; formatter.x86_64-linux = nixpkgs_x86_64.legacyPackages.x86_64-linux.nixpkgs-fmt; - formatter.aarch64-darwin = nixpkgs_aarch64.legacyPackages.aarch64-darwin.nixpkgs-fmt; + formatter.aarch64-darwin = nixpkgs_aarch64_darwin.legacyPackages.aarch64-darwin.nixpkgs-fmt; + formatter.aarch64-linux = nixpkgs_aarch64_linux.legacyPackages.aarch64-linux.nixpkgs-fmt; }; } diff --git a/maddie/common/lsp.nix b/maddie/common/lsp.nix index ad5a437..303b745 100644 --- a/maddie/common/lsp.nix +++ b/maddie/common/lsp.nix @@ -7,7 +7,7 @@ nodePackages.bash-language-server nodePackages.vim-language-server nodePackages.pyright - rust-analyzer + /* rust-analyzer */ rnix-lsp universal-ctags ]; diff --git a/maddie/common/yt-dlp/ytdlp-music.sh b/maddie/common/yt-dlp/ytdlp-music.sh old mode 100644 new mode 100755 diff --git a/maddie/nixos/audio/volume.sh b/maddie/nixos/audio/volume.sh old mode 100644 new mode 100755 diff --git a/maddie/nixos/bosskey/bosskey.sh b/maddie/nixos/bosskey/bosskey.sh old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-bluetooth b/maddie/nixos/dmenu/dmenu-bluetooth old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-kdeconnect b/maddie/nixos/dmenu/dmenu-kdeconnect old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-mount b/maddie/nixos/dmenu/dmenu-mount old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-mpc b/maddie/nixos/dmenu/dmenu-mpc old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-pass b/maddie/nixos/dmenu/dmenu-pass old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-power b/maddie/nixos/dmenu/dmenu-power old mode 100644 new mode 100755 diff --git a/maddie/nixos/dmenu/dmenu-unicode b/maddie/nixos/dmenu/dmenu-unicode old mode 100644 new mode 100755 diff --git a/maddie/nixos/nsxiv/exec/key-handler b/maddie/nixos/nsxiv/exec/key-handler old mode 100644 new mode 100755 diff --git a/maddie/nixos/screenshot/sss.sh b/maddie/nixos/screenshot/sss.sh old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-clock b/maddie/nixos/statusbar/sb-clock old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-cpu b/maddie/nixos/statusbar/sb-cpu old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-disk b/maddie/nixos/statusbar/sb-disk old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-forecast b/maddie/nixos/statusbar/sb-forecast old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-iplocate b/maddie/nixos/statusbar/sb-iplocate old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-kernel b/maddie/nixos/statusbar/sb-kernel old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-memory b/maddie/nixos/statusbar/sb-memory old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-temp b/maddie/nixos/statusbar/sb-temp old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-uptime b/maddie/nixos/statusbar/sb-uptime old mode 100644 new mode 100755 diff --git a/maddie/nixos/statusbar/sb-volume b/maddie/nixos/statusbar/sb-volume old mode 100644 new mode 100755 diff --git a/maddie/nixos/steam/steam-killer.sh b/maddie/nixos/steam/steam-killer.sh old mode 100644 new mode 100755 diff --git a/maddie/nixos/tabbed/tabbed-st b/maddie/nixos/tabbed/tabbed-st old mode 100644 new mode 100755 diff --git a/maddie/nixos/xob/styles.cfg b/maddie/nixos/xob/styles.cfg old mode 100644 new mode 100755 diff --git a/systems/mdesktop/gpg.nix b/systems/mdesktop/gpg.nix index 8ce0a92..dd75311 100644 --- a/systems/mdesktop/gpg.nix +++ b/systems/mdesktop/gpg.nix @@ -1,9 +1,10 @@ -{ config, ... }: +{ config, pkgs, ... }: { + # programs.gnupg.package = pkgs.gnupg22; programs.gnupg.agent = { enable = true; - enableSSHSupport = true; + enableSSHSupport = false; pinentryFlavor = "gtk2"; }; } diff --git a/systems/mdesktop/nixos.nix b/systems/mdesktop/nixos.nix index 5a803d6..f9a9339 100644 --- a/systems/mdesktop/nixos.nix +++ b/systems/mdesktop/nixos.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - system.stateVersion = "22.05"; + system.stateVersion = "23.05"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/systems/mdesktop/yubikey.nix b/systems/mdesktop/yubikey.nix index 9c128a3..32d847a 100644 --- a/systems/mdesktop/yubikey.nix +++ b/systems/mdesktop/yubikey.nix @@ -15,8 +15,8 @@ }; }; - environment.systemPackages = with pkgs; [ - yubioath-flutter - yubikey-personalization - ]; + /* environment.systemPackages = with pkgs; [ */ + /* yubioath-flutter */ + /* yubikey-personalization */ + /* ]; */ } diff --git a/systems/mmacbookpro/apps.nix b/systems/mmacbookpro/apps.nix index 6750a8c..1b21426 100644 --- a/systems/mmacbookpro/apps.nix +++ b/systems/mmacbookpro/apps.nix @@ -40,13 +40,14 @@ "sketch" # Development - "lapce" + "zed" "neovide" "pycharm" "webstorm" "clion" "goland" "appcode" + "datagrip" "android-studio" "fleet" "tower" diff --git a/systems/tau/android.nix b/systems/tau/android.nix new file mode 100644 index 0000000..b9fd5f2 --- /dev/null +++ b/systems/tau/android.nix @@ -0,0 +1,5 @@ +{ config, ... }: + +{ + programs.adb.enable = true; +} diff --git a/systems/tau/audio.nix b/systems/tau/audio.nix new file mode 100644 index 0000000..329fa97 --- /dev/null +++ b/systems/tau/audio.nix @@ -0,0 +1,14 @@ +{ config, ... }: + +{ + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/systems/tau/bluetooth.nix b/systems/tau/bluetooth.nix new file mode 100644 index 0000000..fae0e1d --- /dev/null +++ b/systems/tau/bluetooth.nix @@ -0,0 +1,6 @@ +{ config, ... }: + +{ + hardware.bluetooth.enable = true; + services.blueman.enable = true; +} diff --git a/systems/tau/boot.nix b/systems/tau/boot.nix new file mode 100644 index 0000000..5bb22a9 --- /dev/null +++ b/systems/tau/boot.nix @@ -0,0 +1,6 @@ +{ config, ... }: + +{ + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; +} diff --git a/systems/tau/doas.nix b/systems/tau/doas.nix new file mode 100644 index 0000000..6aa5f72 --- /dev/null +++ b/systems/tau/doas.nix @@ -0,0 +1,13 @@ +{ config, username, ... }: + +{ + security.sudo.enable = false; + security.doas = { + enable = true; + extraRules = [{ + users = [ "${username}" ]; + keepEnv = true; + persist = true; + }]; + }; +} diff --git a/systems/tau/firewall.nix b/systems/tau/firewall.nix new file mode 100644 index 0000000..1abda33 --- /dev/null +++ b/systems/tau/firewall.nix @@ -0,0 +1,6 @@ +{ config, ... }: + +{ + # Disable the firewall altogether + networking.firewall.enable = false; +} diff --git a/systems/tau/fonts.nix b/systems/tau/fonts.nix new file mode 100644 index 0000000..692832b --- /dev/null +++ b/systems/tau/fonts.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + fonts.fonts = with pkgs; [ + nerdfonts + font-awesome + source-han-sans + source-han-serif + source-han-code-jp + ]; +} diff --git a/systems/tau/gpg.nix b/systems/tau/gpg.nix new file mode 100644 index 0000000..8ce0a92 --- /dev/null +++ b/systems/tau/gpg.nix @@ -0,0 +1,9 @@ +{ config, ... }: + +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryFlavor = "gtk2"; + }; +} diff --git a/systems/tau/locale.nix b/systems/tau/locale.nix new file mode 100644 index 0000000..1c7fd22 --- /dev/null +++ b/systems/tau/locale.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +{ + # Time zone + time.timeZone = "Europe/London"; + + # Internationalisation properties + i18n.defaultLocale = "en_GB.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "uk"; + }; +} diff --git a/systems/tau/networking.nix b/systems/tau/networking.nix new file mode 100644 index 0000000..85b594d --- /dev/null +++ b/systems/tau/networking.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +{ + # DHCP + networking.useDHCP = lib.mkDefault true; + + # Hostname + networking.hostName = "tau"; + + # Enable wireless support & configuration + networking.wireless.enable = true; + networking.wireless.networks = { + "BT-C5CPMR_5GEXT" = { + psk = "hN3LtFrkp36bXc"; + }; + }; +} diff --git a/systems/tau/nix.nix b/systems/tau/nix.nix new file mode 100644 index 0000000..533f7e9 --- /dev/null +++ b/systems/tau/nix.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + # Enable flakes and nix-command + nix = { + package = pkgs.nixVersions.stable; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + gc = { + automatic = true; + options = "--delete-older-than 7d"; + }; + }; +} diff --git a/systems/tau/nixos.nix b/systems/tau/nixos.nix new file mode 100644 index 0000000..8488a9a --- /dev/null +++ b/systems/tau/nixos.nix @@ -0,0 +1,6 @@ +{ config, lib, ... }: + +{ + system.stateVersion = "23.05"; + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/systems/tau/openrazer.nix b/systems/tau/openrazer.nix new file mode 100644 index 0000000..4175987 --- /dev/null +++ b/systems/tau/openrazer.nix @@ -0,0 +1,9 @@ +{ config, username, ... }: + +{ + hardware.openrazer = { + enable = true; + users = [ "${username}" ]; + devicesOffOnScreensaver = false; + }; +} diff --git a/systems/tau/openrgb.nix b/systems/tau/openrgb.nix new file mode 100644 index 0000000..d112498 --- /dev/null +++ b/systems/tau/openrgb.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + services.hardware.openrgb = { + enable = true; + package = pkgs.openrgb-with-all-plugins; + }; +} diff --git a/systems/tau/packages.nix b/systems/tau/packages.nix new file mode 100644 index 0000000..23c9665 --- /dev/null +++ b/systems/tau/packages.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: + +{ + # System-wide packages + # I want these available for all users at all times + environment.systemPackages = with pkgs; [ + # Xorg packages + xorg.xinit + xorg.xkill + xorg.xprop + xorg.xwininfo + xorg.xrandr + xdotool + xclip + + # Processes + killall + appimage-run + + # Filesystems + dosfstools + btrfs-progs + ntfs3g + exfatprogs + libimobiledevice + ifuse + + # Archives + zip + unrar + unzip + p7zip + + # Cli tools + ripgrep + wget + fzf + bat + + # XDG + xdg-utils + xdg-user-dirs + + # Git + git + ]; +} diff --git a/systems/tau/security.nix b/systems/tau/security.nix new file mode 100644 index 0000000..65a4e9a --- /dev/null +++ b/systems/tau/security.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + programs.slock.enable = true; + security.wrappers.slock.source = "${pkgs.slock.out}/bin/slock"; +} diff --git a/systems/tau/services.nix b/systems/tau/services.nix new file mode 100644 index 0000000..291c999 --- /dev/null +++ b/systems/tau/services.nix @@ -0,0 +1,6 @@ +{ config, ... }: + +{ + # Misc services + services.usbmuxd.enable = true; +} diff --git a/systems/tau/ssh.nix b/systems/tau/ssh.nix new file mode 100644 index 0000000..613102e --- /dev/null +++ b/systems/tau/ssh.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +{ + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + programs.ssh.hostKeyAlgorithms = [ "sk-ssh-ed25519@openssh.com" "ssh-ed25519" ]; +} diff --git a/systems/tau/syncthing.nix b/systems/tau/syncthing.nix new file mode 100644 index 0000000..fdeaccb --- /dev/null +++ b/systems/tau/syncthing.nix @@ -0,0 +1,42 @@ +{ config, username, ... }: + +{ + services.syncthing = { + enable = true; + user = "${username}"; + group = "users"; + dataDir = "/home/${username}"; + configDir = "/home/${username}/.config/syncthing"; + guiAddress = "0.0.0.0:8384"; + overrideFolders = true; + overrideDevices = true; + devices = { + "M.Phone.Pixel" = { id = "WMGWVOU-DFZQSZO-46XQJQA-Q5XD5ZB-NDXK5SP-LXNAADH-Z2KJN4P-4P4UXA5"; }; + "M.MacBookPro" = { id = "A5HRCSI-RWYZ6GG-SCBZ2OJ-PG6T7VP-WKDN2VP-CNXIQ3B-VCJ7ZHO-MTV63QP"; }; + "Lambda" = { id = "ZYNSFWR-F3ZNDDT-66TSJWB-PRP3KQK-IWTTABU-GGWT5DL-RWC7VAE-LI5AXQQ"; }; + }; + folders = { + "Documents" = { + path = "/home/${username}/Documents"; + devices = [ "M.Phone.Pixel" "M.MacBookPro" ]; + }; + "Pictures" = { + path = "/home/${username}/Pictures"; + devices = [ "M.Phone.Pixel" "M.MacBookPro" ]; + }; + "Videos" = { + path = "/home/${username}/Videos"; + devices = [ "M.Phone.Pixel" "M.MacBookPro" ]; + }; + "Music" = { + path = "/home/${username}/Music"; + devices = [ "M.Phone.Pixel" "M.MacBookPro" ]; + }; + "Android Camera" = { + id = "pixel_7_pro_2qyx-photos"; + path = "/home/${username}/Pictures/DCIM"; + devices = [ "M.Phone.Pixel" "M.MacBookPro" ]; + }; + }; + }; +} diff --git a/systems/tau/systemd.nix b/systems/tau/systemd.nix new file mode 100644 index 0000000..93db17e --- /dev/null +++ b/systems/tau/systemd.nix @@ -0,0 +1,8 @@ +{ config, ... }: + +{ + # Stop systemd from hanging for ages + systemd.extraConfig = '' + DefaultTimeoutStopSec=10s + ''; +} diff --git a/systems/tau/users.nix b/systems/tau/users.nix new file mode 100644 index 0000000..2e29887 --- /dev/null +++ b/systems/tau/users.nix @@ -0,0 +1,11 @@ +{ config, pkgs, username, ... }: + +{ + users.users.${username} = { + isNormalUser = true; + shell = pkgs.zsh; + description = "Madeleine"; + extraGroups = [ "adbusers" "dialout" "libvirtd" "plugdev" ]; + openssh.authorizedKeys.keyFiles = [ ../../maddie/common/ssh/id_ed25519_sk.pub ]; + }; +} diff --git a/systems/tau/virtualisation.nix b/systems/tau/virtualisation.nix new file mode 100644 index 0000000..dad25d2 --- /dev/null +++ b/systems/tau/virtualisation.nix @@ -0,0 +1,6 @@ +{ config, ... }: + +{ + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; +} diff --git a/systems/tau/xorg.nix b/systems/tau/xorg.nix new file mode 100644 index 0000000..f8389c2 --- /dev/null +++ b/systems/tau/xorg.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + services.xserver = { + # Enable X11 windowing system + enable = true; + + # Set gb X11 keymap + layout = "gb"; + xkbOptions = "eurosign:e"; + + # Use startx for starting window managers + displayManager = { + startx.enable = true; + }; + }; +} diff --git a/systems/tau/yubikey.nix b/systems/tau/yubikey.nix new file mode 100644 index 0000000..32d847a --- /dev/null +++ b/systems/tau/yubikey.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + services.pcscd.enable = true; + services.udev.packages = [ pkgs.yubikey-personalization pkgs.android-udev-rules ]; + security.pam = { + services = { + login.u2fAuth = true; + doas.u2fAuth = true; + }; + yubico = { + enable = true; + mode = "challenge-response"; + control = "optional"; + }; + }; + + /* environment.systemPackages = with pkgs; [ */ + /* yubioath-flutter */ + /* yubikey-personalization */ + /* ]; */ +} diff --git a/systems/tau/zsh.nix b/systems/tau/zsh.nix new file mode 100644 index 0000000..3aab6fb --- /dev/null +++ b/systems/tau/zsh.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + programs.zsh = { + enable = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + }; + users.defaultUserShell = pkgs.zsh; +}