From 78529ae2641e8645ee3459753819d0ecff655d86 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Sun, 7 Mar 2021 15:11:56 -0500 Subject: Refactor configs into modules --- config/common.nix | 62 --------------------------- config/desktop.nix | 102 -------------------------------------------- config/gaming.nix | 75 -------------------------------- config/thinkpad.nix | 32 -------------- config/users.nix | 100 ------------------------------------------- config/yubikey.nix | 51 ---------------------- flake.nix | 13 +++++- install.sh | 2 +- machines/firelink.nix | 4 +- machines/x1-pincer.nix | 14 +++--- machines/x220-aji.nix | 1 + modules/common.nix | 60 ++++++++++++++++++++++++++ modules/desktop.nix | 113 +++++++++++++++++++++++++++++++++++++++++++++++++ modules/gaming.nix | 85 +++++++++++++++++++++++++++++++++++++ modules/thinkpad.nix | 43 +++++++++++++++++++ modules/users.nix | 100 +++++++++++++++++++++++++++++++++++++++++++ modules/yubikey.nix | 60 ++++++++++++++++++++++++++ 17 files changed, 482 insertions(+), 435 deletions(-) delete mode 100644 config/common.nix delete mode 100644 config/desktop.nix delete mode 100644 config/gaming.nix delete mode 100644 config/thinkpad.nix delete mode 100644 config/users.nix delete mode 100644 config/yubikey.nix create mode 100644 modules/common.nix create mode 100644 modules/desktop.nix create mode 100644 modules/gaming.nix create mode 100644 modules/thinkpad.nix create mode 100644 modules/users.nix create mode 100644 modules/yubikey.nix diff --git a/config/common.nix b/config/common.nix deleted file mode 100644 index 09f04a7..0000000 --- a/config/common.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ ./auto-upgrade.nix ]; - programs.zsh.enable = true; - programs.tmux.enable = true; - - nixpkgs.config.packageOverrides = pkgs: { - libsignal-protocol-c = pkgs.callPackage ../pkgs/libsignal-c/default.nix { }; - keycloak = pkgs.callPackage ../pkgs/keycloak/default.nix { }; - }; - - environment.shellAliases = { - vim = "nvim"; - }; - environment.systemPackages = with pkgs; [ - dnsutils - git - gnupg - haskellPackages.hledger - htop - mosh - neovim - # nox # Broken as of 2017-06-12 - pass - silver-searcher - whois - unzip - p7zip - unrar - ]; - time.timeZone = "America/New_York"; - - system.stateVersion = "17.04"; - services = { - postgresql = { - dataDir = "/var/db/postgresql"; - package = pkgs.postgresql95; - }; - openssh.passwordAuthentication = false; - }; - - nix = rec { - useSandbox = lib.mkDefault true; - maxJobs = lib.mkOverride 110 16; - buildCores = lib.mkDefault 0; # auto configure - gc.automatic = lib.mkDefault true; - trustedBinaryCaches = [ - "https://cache.nixos.org" - ]; - binaryCaches = trustedBinaryCaches; - daemonNiceLevel = 10; - daemonIONiceLevel = 10; - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - boot.cleanTmpDir = true; - - nixpkgs.config.allowUnfree = true; -} diff --git a/config/desktop.nix b/config/desktop.nix deleted file mode 100644 index 4380537..0000000 --- a/config/desktop.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ ./common.nix ./users.nix ]; - - location.latitude = 40.0; - location.longitude = -74.0; - - sound.enable = true; - - hardware = { - opengl = { - enable = true; - driSupport32Bit = true; - extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - }; - - bluetooth.enable = true; - pulseaudio = { - enable = true; - support32Bit = true; - package = pkgs.pulseaudioFull; - zeroconf.discovery.enable = true; - zeroconf.publish.enable = true; - tcp.enable = true; - tcp.anonymousClients.allowAll = true; - }; - }; - - fonts = { - enableDefaultFonts = true; - fonts = with pkgs; [ fira-code dejavu_fonts steamPackages.steam-fonts wqy_microhei ]; - fontconfig = { - defaultFonts = { - sansSerif = [ "Noto Sans" "WenQuanYi Micro Hei" ]; - serif = [ "Noto Serif" "WenQuanYi Micro Hei-14" ]; - emoji = [ "Noto Color Emoji" ]; - monospace = [ "DejaVu Sans Mono" "WenQuanYi Micro Hei Mono" ]; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - chromium - dmenu - emacs - firefox - haskellPackages.xmobar - pavucontrol - rxvt_unicode-with-plugins - sshfsFuse - trayer - (conky.override { pulseSupport = true; }) - xbindkeys - xorg.xbacklight - xorg.xev - xscreensaver - xsel # used by urxvt clipboard - xss-lock - networkmanagerapplet - imagemagick - dzen2 - rofi - autorandr - ]; - - i18n.inputMethod = { - enabled = "fcitx"; - fcitx.engines = with pkgs.fcitx-engines; [cloudpinyin]; - }; - - services = { - avahi.enable = true; - - xserver = { - enable = true; - layout = "us"; - # xkbVariant = "dvorak"; - xkbOptions = "caps:ctrl_modifier"; - - # desktopManager.plasma5 = { - # enable = true; - # }; - - windowManager.xmonad = { - enable = true; - enableContribAndExtras = true; - extraPackages = hpkgs: [ hpkgs.xmobar hpkgs.split ]; - }; - - displayManager.lightdm = { - enable = true; - }; - - libinput.enable = true; - }; - - redshift = { - enable = true; - extraOptions = ["-r"]; - }; - }; -} diff --git a/config/gaming.nix b/config/gaming.nix deleted file mode 100644 index 2cc57dc..0000000 --- a/config/gaming.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, lib, pkgs, ... }: -let - pkgs_unstable = pkgs.my-extras.nixpkgs-unstable.legacyPackages.${pkgs.system}; - my_steam = self: super: { - steam = super.steam.override { - # steam = pkgs_unstable.steam.override { - # nativeOnly = true; - withJava = true; - extraPkgs = p: with pkgs; - let xorgdeps = with xorg; [ - libX11 libXrender libXrandr libxcb libXmu libpthreadstubs libXext libXdmcp - libXxf86vm libXinerama libSM libXv libXaw libXi libXcursor libXcomposite - ]; - in [ - samba - tdb - glib-networking - libxkbcommon - fluidsynth hidapi mesa libdrm - perl which p7zip gnused gnugrep psmisc opencl-headers - cups lcms2 mpg123 cairo unixODBC samba4 sane-backends openldap ocl-icd utillinux - fribidi - libsndfile libtheora libogg libvorbis libopus libGLU libpcap libpulseaudio - libao libusb libevdev udev libgcrypt libxml2 libusb libpng libmpeg2 libv4l - libjpeg libxkbcommon libass libcdio libsamplerate libzip libmad libaio - libcap libtiff libva libgphoto2 libxslt libsndfile giflib zlib glib - alsaLib zziplib bash dbus keyutils zip cabextract freetype unzip coreutils - readline gcc SDL SDL2 curl graphite2 gtk2 gtk3 udev ncurses wayland libglvnd - vulkan-loader xdg_utils sqlite gnutls libbsd - libnghttp2 - openssl - openldap - xorg.xrandr - xorg.xinput - gnome3.gtk - zlib - dbus - freetype - glib - atk - cairo - gdk_pixbuf - pango - fontconfig - xorg.libxcb - libkrb5 - nss - qt4 - pkgs_unstable.qt514.full - libjack2 jack2 jack2Full jack_capture - libidn2 - rtmpdump - libpsl - ] ++ xorgdeps; - }; - }; -in -{ - nixpkgs.overlays = [ my_steam ]; - # nixpkgs.config.allowBroken = true; - nixpkgs.config.allowUnfree = true; - # nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # "steam" - # ]; - - programs.steam.enable = true; - hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - - environment.systemPackages = with pkgs; [ - wineWowPackages.staging - steam - steam.run - obs-studio - ]; -} diff --git a/config/thinkpad.nix b/config/thinkpad.nix deleted file mode 100644 index 5bd1707..0000000 --- a/config/thinkpad.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services = { - tlp = { - enable = true; - settings = { - "SATA_LINKPWR_ON_BAT" = "max_performance"; - }; - }; - xserver.xkbModel = "thinkpad60"; - }; - - boot = { - kernelModules = [ "tp_smapi" "thinkpad_acpi" "fbcon" "i915" "acpi_call" ]; - extraModulePackages = with config.boot.kernelPackages; [ tp_smapi acpi_call ]; - }; - - systemd.services = { - battery_threshold = { - description = "Set battery charging thresholds."; - path = [ pkgs.tpacpi-bat ]; - after = [ "basic.target" ]; - wantedBy = [ "multi-user.target" ]; - script = '' - tpacpi-bat -s ST 1 39 - tpacpi-bat -s ST 2 39 - tpacpi-bat -s SP 1 80 - tpacpi-bat -s SP 2 80 - ''; - }; - }; -} diff --git a/config/users.nix b/config/users.nix deleted file mode 100644 index b595754..0000000 --- a/config/users.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, lib, pkgs, ... }: -let aliases = import ../data/aliases.nix; -in { - users = { - defaultUserShell = pkgs.zsh; - extraUsers = { - orbekk = { - isNormalUser = true; - home = "/home/orbekk"; - uid = 1000; - description = "KJ"; - extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input" "vboxusers" "video" "sound" "tty" ]; - openssh.authorizedKeys.keyFiles = [ - ../data/pincer_rsa.pub - ../data/yubikey_rsa.pub - ]; - }; - guest = { - isNormalUser = true; - home = "/home/guest"; - uid = 1500; - description = "Guest"; - extraGroups = ["networkmanager" "audio" "input"]; - }; - fcgi = { - group = "fcgi"; - extraGroups = ["readonly"]; - uid = 500; - }; - systemhttpd = { - name = "systemhttpd"; - group = "systemhttpd"; - createHome = true; - uid = 502; - home = "/var/lib/systemhttpd"; - }; - linoquotes = { - name = "linoquotes"; - group = "linoquotes"; - createHome = true; - uid = 503; - home = "/var/lib/linoquotes"; - }; - minecraft = { - name = "minecraft"; - uid = config.ids.uids.minecraft; - extraGroups = ["readonly"]; - }; - stats = { - name = "stats"; - group = "stats"; - createHome = true; - uid = 504; - home = aliases.services.stats.home; - }; - terraria = { - name = "terraria"; - group = "terraria"; - createHome = true; - uid = 505; - home = "/var/lib/terraria"; - }; - readonly = { - group = "readonly"; - createHome = false; - uid = 506; - useDefaultShell = true; - home = "/storage"; - }; - pjournal = { - group = "pjournal"; - createHome = false; - uid = 507; - }; - pjournal_test = { - group = "pjournal_test"; - createHome = false; - uid = 508; - }; - mpd = lib.optionalAttrs config.services.mpd.enable { - extraGroups = ["readonly"]; - }; - nginx = lib.optionalAttrs config.services.nginx.enable { - extraGroups = ["readonly"]; - }; - }; - extraGroups = { - fcgi = { name = "fcgi"; gid = 500; }; - plugdev = { name = "plugdev"; gid = 501; }; - systemhttpd = { name = "systemhttpd"; gid = 502; }; - linoquotes = { name = "linoquotes"; gid = 503; }; - stats = { name = "stats"; gid = 504; }; - terraria = { name = "terraria"; gid = 505; }; - readonly = { gid = 506; }; - pjournal = { gid = 507; }; - pjournal_test = { gid = 508; }; - }; - }; -} - diff --git a/config/yubikey.nix b/config/yubikey.nix deleted file mode 100644 index d10bb57..0000000 --- a/config/yubikey.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: -let - yubikey-pkgs = with pkgs; [ - ccid - libu2f-host - libusb - rng_tools - yubikey-manager - yubikey-personalization - gnupg - pinentry - ]; -in -{ - services.pcscd.enable = true; - services.udev.packages = with pkgs; [ - libu2f-host - yubikey-personalization - ]; - services.gnome3.gnome-keyring.enable = lib.mkForce false; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - # Use GPG agent instead. - programs.ssh.startAgent = lib.mkDefault false; - - environment = { - systemPackages = yubikey-pkgs; - }; - - security.sudo.extraRules = [ - { - groups = [ "wheel" ]; - commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; - } - ]; - - systemd.user.services.restart-pcscd = { - description = "Redshift colour temperature adjuster"; - wantedBy = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = '' - sudo systemctl restart pcscd - ''; - Type = "oneshot"; - }; - }; -} diff --git a/flake.nix b/flake.nix index d94478d..978b184 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,16 @@ in { + nixosModules = [ + pkgs-module + ./modules/common.nix + ./modules/desktop.nix + ./modules/gaming.nix + ./modules/thinkpad.nix + ./modules/users.nix + ./modules/yubikey.nix + ]; + nixosConfigurations = let mkConfig = { hostName , module ? (./. + "/machines/${hostName}.nix") @@ -41,6 +51,7 @@ inherit system; modules = + self.nixosModules ++ [ pkgs-module module @@ -50,7 +61,7 @@ # of this flake. system.configurationRevision = let - lastModified = final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101"); + lastModified = pkgs.lib.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101"); in "${lastModified}.${self.shortRev or "dirty"}"; diff --git a/install.sh b/install.sh index 8550e67..b054698 100755 --- a/install.sh +++ b/install.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash set -euo pipefail -sudo nixos-rebuild switch --flake "$(dirname $0)" +sudo nixos-rebuild switch --flake "$(dirname $0)" "$@" diff --git a/machines/firelink.nix b/machines/firelink.nix index 22c42eb..9ccaa7c 100644 --- a/machines/firelink.nix +++ b/machines/firelink.nix @@ -23,13 +23,13 @@ let in { imports = [ - ../config/gaming.nix - # ../config/ap.nix ../config/common.nix ../config/desktop.nix ../config/yubikey.nix ]; + orbekk.gaming.enable = true; + environment.systemPackages = with pkgs; [ openmw kodi diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix index ec6fe50..35523d6 100644 --- a/machines/x1-pincer.nix +++ b/machines/x1-pincer.nix @@ -3,17 +3,12 @@ let ports = { minecraft = 25565; }; in { - networking.networkmanager.enable = true; + # orbekk.gaming.enable = true; + orbekk.desktop.enable = true; + orbekk.thinkpad.enable = true; + networking.networkmanager.enable = true; networking.firewall.allowedTCPPorts = [ ports.minecraft ]; # socks proxy - imports = [ - ../config/desktop.nix - #../config/laptop.nix - ../config/yubikey.nix - ../config/thinkpad.nix - # ../config/ap.nix - # ../config/pxe.nix - ]; networking = { hostName = "pincer"; @@ -82,4 +77,5 @@ let ports = { boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; nix.maxJobs = lib.mkDefault 4; hardware.enableRedistributableFirmware = lib.mkDefault true; + system.stateVersion = "17.04"; } diff --git a/machines/x220-aji.nix b/machines/x220-aji.nix index eb41e3c..b05f16a 100644 --- a/machines/x220-aji.nix +++ b/machines/x220-aji.nix @@ -75,4 +75,5 @@ swapDevices = [ { device = "/dev/mapper/cryptvg-swap"; } ]; + system.stateVersion = "17.04"; } diff --git a/modules/common.nix b/modules/common.nix new file mode 100644 index 0000000..161d376 --- /dev/null +++ b/modules/common.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +{ + programs.zsh.enable = true; + programs.tmux.enable = true; + + nixpkgs.config.packageOverrides = pkgs: { + libsignal-protocol-c = pkgs.callPackage ../pkgs/libsignal-c/default.nix { }; + keycloak = pkgs.callPackage ../pkgs/keycloak/default.nix { }; + }; + + environment.shellAliases = { + vim = "nvim"; + }; + environment.systemPackages = with pkgs; [ + dnsutils + git + gnupg + haskellPackages.hledger + htop + mosh + neovim + # nox # Broken as of 2017-06-12 + pass + silver-searcher + whois + unzip + p7zip + unrar + ]; + time.timeZone = "America/New_York"; + + services = { + postgresql = { + dataDir = "/var/db/postgresql"; + package = pkgs.postgresql95; + }; + openssh.passwordAuthentication = false; + }; + + nix = rec { + useSandbox = lib.mkDefault true; + maxJobs = lib.mkOverride 110 16; + buildCores = lib.mkDefault 0; # auto configure + gc.automatic = lib.mkDefault true; + trustedBinaryCaches = [ + "https://cache.nixos.org" + ]; + binaryCaches = trustedBinaryCaches; + daemonNiceLevel = 10; + daemonIONiceLevel = 10; + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + boot.cleanTmpDir = true; + + nixpkgs.config.allowUnfree = true; +} diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..e348d77 --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.desktop; +in +{ + options = { + orbekk.desktop = { + enable = lib.mkEnableOption "Enable standard desktop config"; + }; + }; + + config = lib.mkIf cfg.enable { + orbekk.yubikey.enable = lib.mkDefault true; + + location.latitude = 40.0; + location.longitude = -74.0; + + sound.enable = true; + + hardware = { + opengl = { + enable = true; + driSupport32Bit = true; + extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + }; + + bluetooth.enable = true; + pulseaudio = { + enable = true; + support32Bit = true; + package = pkgs.pulseaudioFull; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp.enable = true; + tcp.anonymousClients.allowAll = true; + }; + }; + + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [ fira-code dejavu_fonts steamPackages.steam-fonts wqy_microhei ]; + fontconfig = { + defaultFonts = { + sansSerif = [ "Noto Sans" "WenQuanYi Micro Hei" ]; + serif = [ "Noto Serif" "WenQuanYi Micro Hei-14" ]; + emoji = [ "Noto Color Emoji" ]; + monospace = [ "DejaVu Sans Mono" "WenQuanYi Micro Hei Mono" ]; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + chromium + dmenu + emacs + firefox + haskellPackages.xmobar + pavucontrol + rxvt_unicode-with-plugins + sshfsFuse + trayer + (conky.override { pulseSupport = true; }) + xbindkeys + xorg.xbacklight + xorg.xev + xscreensaver + xsel # used by urxvt clipboard + xss-lock + networkmanagerapplet + imagemagick + dzen2 + rofi + autorandr + ]; + + i18n.inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [cloudpinyin]; + }; + + services = { + avahi.enable = true; + + xserver = { + enable = true; + layout = "us"; + # xkbVariant = "dvorak"; + xkbOptions = "caps:ctrl_modifier"; + + # desktopManager.plasma5 = { + # enable = true; + # }; + + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + extraPackages = hpkgs: [ hpkgs.xmobar hpkgs.split ]; + }; + + displayManager.lightdm = { + enable = true; + }; + + libinput.enable = true; + }; + + redshift = { + enable = true; + extraOptions = ["-r"]; + }; + }; + }; +} diff --git a/modules/gaming.nix b/modules/gaming.nix new file mode 100644 index 0000000..431c1f5 --- /dev/null +++ b/modules/gaming.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.orbekk.gaming; + + pkgs' = pkgs.unstable; + + overlay = final: prev: { + steam = pkgs'.steam.override { + # nativeOnly = true; + withJava = true; + extraPkgs = p: with pkgs'; + let xorgdeps = with xorg; [ + libX11 libXrender libXrandr libxcb libXmu libpthreadstubs libXext libXdmcp + libXxf86vm libXinerama libSM libXv libXaw libXi libXcursor libXcomposite + ]; + in [ + samba + tdb + glib-networking + libxkbcommon + fluidsynth hidapi mesa libdrm + perl which p7zip gnused gnugrep psmisc opencl-headers + cups lcms2 mpg123 cairo unixODBC samba4 sane-backends openldap ocl-icd utillinux + fribidi + libsndfile libtheora libogg libvorbis libopus libGLU libpcap libpulseaudio + libao libusb libevdev udev libgcrypt libxml2 libusb libpng libmpeg2 libv4l + libjpeg libxkbcommon libass libcdio libsamplerate libzip libmad libaio + libcap libtiff libva libgphoto2 libxslt libsndfile giflib zlib glib + alsaLib zziplib bash dbus keyutils zip cabextract freetype unzip coreutils + readline gcc SDL SDL2 curl graphite2 gtk2 gtk3 udev ncurses wayland libglvnd + vulkan-loader xdg_utils sqlite gnutls libbsd + libnghttp2 + openssl + openldap + xorg.xrandr + xorg.xinput + gnome3.gtk + zlib + dbus + freetype + glib + atk + cairo + gdk_pixbuf + pango + fontconfig + xorg.libxcb + libkrb5 + nss + qt4 + qt514.full + libjack2 jack2 jack2Full jack_capture + libidn2 + rtmpdump + libpsl + ] ++ xorgdeps; + }; + }; + +in { + options = { + orbekk.gaming = { + enable = lib.mkEnableOption "Enable steam with overrides"; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [ overlay ]; + + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "steam" + ]; + + programs.steam.enable = true; + hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + + environment.systemPackages = with pkgs; [ + wineWowPackages.staging + steam + steam.run + obs-studio + ]; + }; +} diff --git a/modules/thinkpad.nix b/modules/thinkpad.nix new file mode 100644 index 0000000..df24573 --- /dev/null +++ b/modules/thinkpad.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.desktop; +in +{ + options = { + orbekk.thinkpad = { + enable = lib.mkEnableOption "Enable standard desktop config"; + }; + }; + + config = { + services = { + tlp = { + enable = true; + settings = { + "SATA_LINKPWR_ON_BAT" = "max_performance"; + }; + }; + xserver.xkbModel = "thinkpad60"; + }; + + boot = { + kernelModules = [ "tp_smapi" "thinkpad_acpi" "fbcon" "i915" "acpi_call" ]; + extraModulePackages = with config.boot.kernelPackages; [ tp_smapi acpi_call ]; + }; + + systemd.services = { + battery_threshold = { + description = "Set battery charging thresholds."; + path = [ pkgs.tpacpi-bat ]; + after = [ "basic.target" ]; + wantedBy = [ "multi-user.target" ]; + script = '' + tpacpi-bat -s ST 1 39 + tpacpi-bat -s ST 2 39 + tpacpi-bat -s SP 1 80 + tpacpi-bat -s SP 2 80 + ''; + }; + }; + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..b595754 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,100 @@ +{ config, lib, pkgs, ... }: +let aliases = import ../data/aliases.nix; +in { + users = { + defaultUserShell = pkgs.zsh; + extraUsers = { + orbekk = { + isNormalUser = true; + home = "/home/orbekk"; + uid = 1000; + description = "KJ"; + extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input" "vboxusers" "video" "sound" "tty" ]; + openssh.authorizedKeys.keyFiles = [ + ../data/pincer_rsa.pub + ../data/yubikey_rsa.pub + ]; + }; + guest = { + isNormalUser = true; + home = "/home/guest"; + uid = 1500; + description = "Guest"; + extraGroups = ["networkmanager" "audio" "input"]; + }; + fcgi = { + group = "fcgi"; + extraGroups = ["readonly"]; + uid = 500; + }; + systemhttpd = { + name = "systemhttpd"; + group = "systemhttpd"; + createHome = true; + uid = 502; + home = "/var/lib/systemhttpd"; + }; + linoquotes = { + name = "linoquotes"; + group = "linoquotes"; + createHome = true; + uid = 503; + home = "/var/lib/linoquotes"; + }; + minecraft = { + name = "minecraft"; + uid = config.ids.uids.minecraft; + extraGroups = ["readonly"]; + }; + stats = { + name = "stats"; + group = "stats"; + createHome = true; + uid = 504; + home = aliases.services.stats.home; + }; + terraria = { + name = "terraria"; + group = "terraria"; + createHome = true; + uid = 505; + home = "/var/lib/terraria"; + }; + readonly = { + group = "readonly"; + createHome = false; + uid = 506; + useDefaultShell = true; + home = "/storage"; + }; + pjournal = { + group = "pjournal"; + createHome = false; + uid = 507; + }; + pjournal_test = { + group = "pjournal_test"; + createHome = false; + uid = 508; + }; + mpd = lib.optionalAttrs config.services.mpd.enable { + extraGroups = ["readonly"]; + }; + nginx = lib.optionalAttrs config.services.nginx.enable { + extraGroups = ["readonly"]; + }; + }; + extraGroups = { + fcgi = { name = "fcgi"; gid = 500; }; + plugdev = { name = "plugdev"; gid = 501; }; + systemhttpd = { name = "systemhttpd"; gid = 502; }; + linoquotes = { name = "linoquotes"; gid = 503; }; + stats = { name = "stats"; gid = 504; }; + terraria = { name = "terraria"; gid = 505; }; + readonly = { gid = 506; }; + pjournal = { gid = 507; }; + pjournal_test = { gid = 508; }; + }; + }; +} + diff --git a/modules/yubikey.nix b/modules/yubikey.nix new file mode 100644 index 0000000..971ac1f --- /dev/null +++ b/modules/yubikey.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.yubikey; + + yubikey-pkgs = with pkgs; [ + ccid + libu2f-host + libusb + rng_tools + yubikey-manager + yubikey-personalization + gnupg + pinentry + ]; +in +{ + options = { + orbekk.yubikey = { + enable = lib.mkEnableOption "Enable yubikey config"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pcscd.enable = true; + services.udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + # Use GPG agent instead. + programs.ssh.startAgent = lib.mkDefault false; + + environment = { + systemPackages = yubikey-pkgs; + }; + + security.sudo.extraRules = [ + { + groups = [ "wheel" ]; + commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; + } + ]; + + systemd.user.services.restart-pcscd = { + description = "Restart pcscd on startup"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = '' + sudo systemctl restart pcscd + ''; + Type = "oneshot"; + }; + }; + }; +} -- cgit v1.2.3