diff --git a/config/hardware/spark.nix b/config/hardware/spark.nix new file mode 100644 index 0000000..024b4ee --- /dev/null +++ b/config/hardware/spark.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + system.stateVersion = "20.03"; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + initrd = { + availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_usb_sdmmc" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = + { device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + hardware = { + bluetooth.enable = true; + + cpu.intel.updateMicrocode = true; + + opengl = { + driSupport = true; + driSupport32Bit = true; + }; + + pulseaudio.support32Bit = true; + }; + + networking = { + macvlans = { + extif0 = { + interface = "enp3s0"; + mode = "bridge"; + }; + }; + + interfaces = { + enp3s0 = { + useDHCP = false; + }; + + extif0 = { + # output of: echo spark-extif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' + macAddress = "02:9c:b7:b6:ad:c4"; + }; + }; + }; + + services.xserver.videoDrivers = [ "intel" ]; + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/config/hosts.nix b/config/hosts.nix index d315143..0012d47 100644 --- a/config/hosts.nix +++ b/config/hosts.nix @@ -130,7 +130,12 @@ pselby-work = { description = "Google Lenovo work laptop."; }; - spark = { description = "Niten's backup desktop."; }; + spark = { + description = "Niten's backup desktop."; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = true; + }; upstairs-desktop = { description = "Upstairs desktop in Russell."; @@ -144,12 +149,13 @@ ]; rp = "niten"; admin-email = "niten@fudo.org"; - domain = "rus.selby.ca"; - site = "russell"; - profile = "desktop"; }; - zbox = { description = "Niten's primary desktop."; - enable-gui = true;}; + zbox = { + description = "Niten's primary desktop."; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = true; + }; }; } diff --git a/config/hosts/spark.nix b/config/hosts/spark.nix new file mode 100644 index 0000000..e6b83d5 --- /dev/null +++ b/config/hosts/spark.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + # TODO: remove? + nixpkgs.config.permittedInsecurePackages = [ + "openssh-with-gssapi-8.4p1" # CVE-2021-28041 + ]; + + fudo.slynk.enable = true; + + networking = { + interfaces = { + extif0 = { useDHCP = true; }; + }; + }; +} diff --git a/config/profiles/common-ui.nix b/config/profiles/common-ui.nix index ac39060..504b394 100644 --- a/config/profiles/common-ui.nix +++ b/config/profiles/common-ui.nix @@ -12,30 +12,36 @@ in { boot.tmpOnTmpfs = true; - system.autoUpgrade.enable = true; + environment = mkIf enable-gui { + systemPackages = [ + #libva + ]; + }; - environment.systemPackages = with pkgs; [ - firefox - spotify - ]; + system = { + autoUpgrade.enable = true; + }; services = { xserver = mkIf enable-gui { - enable = true; + enable = true; - desktopManager.gnome3.enable = true; + desktopManager.gnome3.enable = true; - displayManager.gdm.enable = true; + displayManager.gdm = { + enable = true; + wayland = true; + }; - windowManager.stumpwm.enable = true; + windowManager.stumpwm.enable = true; - # windowManager.session = pkgs.lib.singleton { - # name = "stumpwm"; - # start = '' - # ${pkgs.lispPackages.stumpwm}/bin/stumpwm & - # waidPID=$! - # ''; - # }; + # windowManager.session = pkgs.lib.singleton { + # name = "stumpwm"; + # start = '' + # ${pkgs.lispPackages.stumpwm}/bin/stumpwm & + # waidPID=$! + # ''; + # }; }; emacs = { @@ -44,6 +50,17 @@ in { package = pkgs.emacs; defaultEditor = true; }; + + trezord.enable = true; + }; + + hardware = { + bluetooth.enable = true; + + opengl = mkIf enable-gui { + driSupport = true; + driSupport32Bit = true; + }; }; sound.enable = true; diff --git a/home-manager/niten.nix b/home-manager/niten.nix index d818577..478755c 100644 --- a/home-manager/niten.nix +++ b/home-manager/niten.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; let name = "Niten"; email = "niten@fudo.org"; @@ -19,6 +20,7 @@ let file firefox fortune + git gnupg guile imagemagick diff --git a/lib/fudo/users-common.nix b/lib/fudo/users-common.nix new file mode 100644 index 0000000..1066610 --- /dev/null +++ b/lib/fudo/users-common.nix @@ -0,0 +1,34 @@ +# Common home-manager config +{ config, lib, pkgs, ... }: + +with lib; +let + sys = import ../system.nix { inherit lib config; }; + + list-contains = lst: item: any (i: i == item) lst; + + domain-realm = domain: domainOpts: domainOpts.gssapi-realm; + + user-realms = username: + mapAttrsToList domain-realm + (filterAttrs (domain: domainOpts: list-contains domainOpts.local-users username) + config.fudo.domains); + + user-principals = username: + map (realm: "${username}@${realm}") (user-realms username); + + user-k5login = username: userOpts: let + principals = userOpts.k5login ++ (user-principals username); + in '' + ${concatStringsSep "\n" principals} + ''; + + user-config = username: userOpts: { + home.file.".k5login" = { + source = pkgs.writeText "${username}-k5login" (user-k5login username userOpts); + }; + }; + +in { + config.home-manager.users = mapAttrs user-config sys.local-users; +} diff --git a/lib/fudo/users.nix b/lib/fudo/users.nix index 29c5498..c450305 100644 --- a/lib/fudo/users.nix +++ b/lib/fudo/users.nix @@ -150,28 +150,13 @@ in { }; }; + imports = [ + ./users-common.nix + ]; + config = let - local-host = config.instance.hostname; - local-domain = config.fudo.hosts.${local-host}.domain; - local-site = config.fudo.hosts.${local-host}.site; - - host-user-list = config.fudo.hosts."${local-host}".local-users; - domain-user-list = config.fudo.domains."${local-domain}".local-users; - local-users = - getAttrs (host-user-list ++ domain-user-list) config.fudo.users; - - host-admin-list = config.fudo.hosts."${local-host}".local-admins; - domain-admin-list = config.fudo.domains."${local-domain}".local-admins; - site-admin-list = config.fudo.sites."${local-site}".local-admins; - local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list; - - host-group-list = config.fudo.hosts."${local-host}".local-groups; - domain-group-list = config.fudo.domains."${local-domain}".local-groups; - site-group-list = config.fudo.sites."${local-site}".local-groups; - local-groups = - getAttrs (host-group-list ++ domain-group-list ++ site-group-list) - config.fudo.groups; - + sys = import ../system.nix { inherit lib config; }; + in { fudo.auth.ldap-server = let ldapUsers = (filterAttrs @@ -211,29 +196,39 @@ in { "/home/${userOpts.primary-group}/${username}"; hashedPassword = userOpts.login-hashed-passwd; openssh.authorizedKeys.keys = userOpts.ssh-authorized-keys; - }) local-users; + }) sys.local-users; groups = (mapAttrs (groupname: groupOpts: { gid = groupOpts.gid; - members = filterExistingUsers local-users groupOpts.members; - }) local-groups) // { - wheel = { members = local-admins; }; + members = filterExistingUsers sys.local-users groupOpts.members; + }) sys.local-groups) // { + wheel = { members = sys.local-admins; }; }; }; - home-manager.users = let - home-manager-users = - filterAttrs (username: userOpts: userOpts.home-manager-config != null) - local-users; - common-user-config = username: { - home.file.".k5login" = { - source = pkgs.writeText "${username}-k5login" '' - ${concatStringsSep "\n" config.fudo.users.${username}.k5login} - ''; - }; - }; - in mapAttrs (username: userOpts: - userOpts.home-manager-config // (common-user-config username)) - home-manager-users; + home-manager = { + useGlobalPkgs = true; + + users = let + home-manager-users = + filterAttrs (username: userOpts: userOpts.home-manager-config != null) + sys.local-users; + in mapAttrs (username: userOpts: userOpts.home-manager-config) home-manager-users; + + # users = let + # home-manager-users = + # filterAttrs (username: userOpts: userOpts.home-manager-config != null) + # local-users; + # common-user-config = username: { + # home.file.".k5login" = { + # source = pkgs.writeText "${username}-k5login" '' + # ${concatStringsSep "\n" config.fudo.users.${username}.k5login} + # ''; + # }; + # }; + # in mapAttrs (username: userOpts: + # userOpts.home-manager-config // (common-user-config username)) + # home-manager-users; + }; }; } diff --git a/lib/system.nix b/lib/system.nix new file mode 100644 index 0000000..c9d7f1e --- /dev/null +++ b/lib/system.nix @@ -0,0 +1,31 @@ +{ config, lib, ... }: + +with lib; +let + local-host = config.instance.hostname; + local-domain = config.fudo.hosts.${local-host}.domain; + local-site = config.fudo.hosts.${local-host}.site; + + host-user-list = config.fudo.hosts."${local-host}".local-users; + domain-user-list = config.fudo.domains."${local-domain}".local-users; + site-user-list = config.fudo.sites."${local-site}".local-users; + local-users = + getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users; + + host-admin-list = config.fudo.hosts."${local-host}".local-admins; + domain-admin-list = config.fudo.domains."${local-domain}".local-admins; + site-admin-list = config.fudo.sites."${local-site}".local-admins; + local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list; + + host-group-list = config.fudo.hosts."${local-host}".local-groups; + domain-group-list = config.fudo.domains."${local-domain}".local-groups; + site-group-list = config.fudo.sites."${local-site}".local-groups; + local-groups = + getAttrs (host-group-list ++ domain-group-list ++ site-group-list) + config.fudo.groups; + +in { + local-users = local-users; + local-admins = local-admins; + local-groups = local-groups; +}