aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--users/glittershark/system/home/modules/common.nix19
-rw-r--r--users/glittershark/system/system/default.nix8
-rw-r--r--users/glittershark/system/system/machines/chupacabra.nix12
-rw-r--r--users/glittershark/system/system/machines/mugwump.nix74
-rw-r--r--users/glittershark/system/system/modules/common.nix67
-rw-r--r--users/glittershark/system/system/modules/desktop.nix25
6 files changed, 144 insertions, 61 deletions
diff --git a/users/glittershark/system/home/modules/common.nix b/users/glittershark/system/home/modules/common.nix
index 5d3d485bc..b28b2dbca 100644
--- a/users/glittershark/system/home/modules/common.nix
+++ b/users/glittershark/system/home/modules/common.nix
@@ -45,4 +45,23 @@
nix-review
cachix
];
+
+ programs.ssh = {
+ enable = true;
+
+ matchBlocks = {
+ "dobharchu" = {
+ host = "dobharchu";
+ hostname = "172.16.0.4";
+ forwardAgent = true;
+ user = "griffin";
+ };
+
+ "mugwump" = {
+ host = "mugwump";
+ hostname = "172.16.0.5";
+ forwardAgent = true;
+ };
+ };
+ };
}
diff --git a/users/glittershark/system/system/default.nix b/users/glittershark/system/system/default.nix
index 12cde445f..2223f33ce 100644
--- a/users/glittershark/system/system/default.nix
+++ b/users/glittershark/system/system/default.nix
@@ -7,11 +7,19 @@ rec {
configuration = chupacabra;
}).system;
+ mugwump = import ./machines/mugwump.nix;
+
+ mugwumpSystem = (pkgs.nixos {
+ configuration = mugwump;
+ }).system;
+
iso = import ./iso.nix args;
# Build chupacabra in CI
meta.targets = [
"chupacabraSystem"
+ "mugwumpSystem"
+
"iso"
];
diff --git a/users/glittershark/system/system/machines/chupacabra.nix b/users/glittershark/system/system/machines/chupacabra.nix
index 5d9414309..242c28656 100644
--- a/users/glittershark/system/system/machines/chupacabra.nix
+++ b/users/glittershark/system/system/machines/chupacabra.nix
@@ -7,6 +7,7 @@
../modules/tvl.nix
../modules/urbint.nix
../modules/fcitx.nix
+ ../modules/rtlsdr.nix
../../../../../ops/nixos/v4l2loopback.nix
];
@@ -101,4 +102,15 @@
libvdpau-va-gl
intel-media-driver
];
+
+ services.udev.extraRules = ''
+ # UDEV rules for Teensy USB devices
+ ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
+ ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
+ KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
+ '';
+
+ # Necessary to get steam working
+ hardware.opengl.driSupport32Bit = true;
}
diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
new file mode 100644
index 000000000..9521f5788
--- /dev/null
+++ b/users/glittershark/system/system/machines/mugwump.nix
@@ -0,0 +1,74 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [
+ ../modules/common.nix
+ ../modules/tvl.nix
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ networking.hostName = "mugwump";
+
+ boot = {
+ loader.systemd-boot.enable = true;
+
+ kernelModules = [ "kvm-intel" ];
+ extraModulePackages = [ ];
+
+ initrd = {
+ availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+ kernelModules = [
+ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"
+ ];
+
+ postDeviceCommands = pkgs.lib.mkBefore ''
+ mkdir -m 0755 -p /key
+ sleep 2
+ mount -n -t vfat -o ro `findfs UUID=9048-A9D5` /key
+ '';
+
+ luks.devices."cryptroot" = {
+ device = "/dev/disk/by-uuid/803a9028-339c-4617-a213-4fe138161f6d";
+ keyFile = "/key/keyfile";
+ preLVM = false;
+ };
+ };
+ };
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/cryptroot";
+ fsType = "btrfs";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-uuid/7D74-0E4B";
+ fsType = "vfat";
+ };
+ };
+
+ networking.interfaces = {
+ enp0s25.useDHCP = false;
+ wlp2s0.useDHCP = false;
+ };
+
+ networking.firewall.enable = true;
+ networking.firewall.allowedTCPPorts = [ 22 ];
+
+ security.sudo.extraRules = [{
+ groups = ["wheel"];
+ commands = [{ command = "ALL"; options = ["NOPASSWD"]; }];
+ }];
+
+ services.fail2ban = {
+ enable = true;
+ ignoreIP = [
+ "172.16.0.0/16"
+ ];
+ };
+
+ services.openssh = {
+ allowSFTP = false;
+ passwordAuthentication = false;
+ permitRootLogin = "no";
+ };
+}
diff --git a/users/glittershark/system/system/modules/common.nix b/users/glittershark/system/system/modules/common.nix
index 884f0a9a7..a3f2a06d3 100644
--- a/users/glittershark/system/system/modules/common.nix
+++ b/users/glittershark/system/system/modules/common.nix
@@ -6,30 +6,19 @@ let
in
-{
- imports =
- [
- ./xserver.nix
- ./fonts.nix
- ./sound.nix
- ./kernel.nix
- ./rtlsdr.nix
- ];
+with lib;
+{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.useDHCP = false;
networking.networkmanager.enable = true;
- # Select internationalisation properties.
- # i18n = {
- # consoleFont = "Lat2-Terminus16";
- # consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- # };
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ };
- # Set your time zone.
time.timeZone = "America/New_York";
environment.systemPackages = with pkgs; [
@@ -44,30 +33,11 @@ in
depot.users.glittershark.system.system.rebuilder
];
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # pinentryFlavor = "gnome3";
- # };
-
- programs.nm-applet.enable = true;
-
-
services.openssh.enable = true;
programs.ssh.startAgent = true;
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- networking.firewall.enable = false;
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
+ networking.firewall.enable = mkDefault false;
users.mutableUsers = true;
programs.zsh.enable = true;
@@ -94,20 +64,6 @@ in
nixpkgs.config.allowUnfree = true;
- services.geoclue2.enable = true;
-
- powerManagement = {
- enable = true;
- cpuFreqGovernor = lib.mkDefault "powersave";
- powertop.enable = true;
- };
- # Hibernate on low battery
- laptop.onLowBattery = {
- enable = true;
- action = "hibernate";
- thresholdPercentage = 5;
- };
-
nix = {
trustedUsers = [ "grfn" ];
autoOptimiseStore = true;
@@ -139,15 +95,4 @@ in
options = "--delete-older-than 30d";
};
};
-
- services.udev.extraRules = ''
- # UDEV rules for Teensy USB devices
- ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
- ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
- KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
- '';
-
- # Necessary to get steam working
- hardware.opengl.driSupport32Bit = true;
}
diff --git a/users/glittershark/system/system/modules/desktop.nix b/users/glittershark/system/system/modules/desktop.nix
new file mode 100644
index 000000000..dc2847a77
--- /dev/null
+++ b/users/glittershark/system/system/modules/desktop.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ./xserver.nix
+ ./fonts.nix
+ ./sound.nix
+ ./kernel.nix
+ ];
+
+ programs.nm-applet.enable = true;
+
+ users.users.grfn.extraGroups = [
+ "audio"
+ "video"
+ ];
+
+ services.geoclue2.enable = true;
+
+ powerManagement = {
+ enable = true;
+ cpuFreqGovernor = lib.mkDefault "powersave";
+ powertop.enable = true;
+ };
+}