Setup maryland

flake.lock

@@ -197,11 +197,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1710427903,
-        "narHash": "sha256-sV0Q5ndvfjK9JfCg/QM/HX/fcittohvtq8dD62isxdM=",
+        "lastModified": 1711462743,
+        "narHash": "sha256-3wKGpHy9Kyh98DrziqC/s//60Q0pE17NgbY93L0uWng=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "21d89b333ca300bef82c928c856d48b94a9f997c",
+        "rev": "a6717b1afee7ae955c61eefdf0ce8f864ef78115",
         "type": "github"
       },
       "original": {
@@ -238,10 +238,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "dirtyRev": "70f14f5928c6cffb3be81784425b57d984a00acd-dirty",
-        "dirtyShortRev": "70f14f5-dirty",
-        "lastModified": 1710021649,
-        "narHash": "sha256-3gmgWWaVJNW1xpbov8dVkf3EGucNXQggd5KsYONfTo0=",
+        "lastModified": 1711478570,
+        "narHash": "sha256-qjzwq2qj0e9EpN7QYTnTXipHmrWWUG3bEARmzju81OI=",
+        "ref": "refs/heads/v4",
+        "rev": "2d459669cb67e1960579e97e05ccac05c993b70a",
+        "revCount": 1063,
         "type": "git",
         "url": "file:///home/lxsameer/src/fg42"
       },
@@ -418,11 +419,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1710031547,
-        "narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
+        "lastModified": 1711241261,
+        "narHash": "sha256-knrTvpl81yGFHIpm1SsLDApe0thFkw1cl3ISAMPmP/0=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
+        "rev": "b2a1eeef8c185f6bd27432b053ff09d773244cbc",
         "type": "github"
       },
       "original": {
@@ -439,11 +440,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710398463,
-        "narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
+        "lastModified": 1711375484,
+        "narHash": "sha256-+d4HqehyQvuHUKR8Nv9HGGd/SP5wjg3MA/hEYJBWQq0=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
+        "rev": "2b3720c7af2271be8cee713cd2f69c5127b0a8e4",
         "type": "github"
       },
       "original": {
@@ -454,11 +455,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1710123225,
-        "narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=",
+        "lastModified": 1711352745,
+        "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba",
+        "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
         "type": "github"
       },
       "original": {
@@ -469,11 +470,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1710346304,
-        "narHash": "sha256-vwoyBoCovK7+vdbCYqL9MssoFQjaXtZN8sElcjUdbx8=",
+        "lastModified": 1710889954,
+        "narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a0906f14161a5c5792e9883117b9471f5bf6df72",
+        "rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b",
         "type": "github"
       },
       "original": {

secrets/secrets.nix

@@ -23,10 +23,10 @@ let
   mary = {
     yubikey_1 = "age1yubikey1qtsln0tj4my8t0nywnmpse8tsfl28ctmd26tkxahspm5skefmqvmvpw4ef4";
     yubikey_2 = "age1yubikey1qvnajv3gu2t7q239nxz2ggfykavrt0k5vaauy9gc8ac82gsrsx3cwk7lfpd";
-    pub = "age1zmrr9vrq6r3twfj3e00vn33hn2qgggv5dg3l2kysw9kjtx2r2ckq87ee5w";
+    pub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXfcDiEl2a520F3BEirU8ey4VUxcNQu90FIescz1PQi mary@maryland";
   };
 in
 {
   "lxsameer/user.age".publicKeys = [ lxsameer.pub ];
-  "mary/user.age".publicKeys = [ mary.yubikey_1 mary.yubikey_2 ];
+  "mary/user.age".publicKeys = [ mary.pub  ];
 }

users/lxsameer/default.nix

@@ -73,7 +73,6 @@ rec {
           "networkmanager"
         ];
 	      password = "123123";
-
       };
       users.lxsameer = {
         isNormalUser = true;
@@ -90,7 +89,6 @@ rec {
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com"
         ];
-
       };
     };
 

users/lxsameer/desktop.nix

@@ -154,57 +154,6 @@ in {
     remmina
   ];
 
-  # # basic configuration of git, please change to your own
-  # programs.git = {
-  #   enable = true;
-  #   package = pkgs.gitFull;
-  #   userName = "Sameer Rahmani";
-  #   userEmail = "lxsameer@gnu.org";
-  #   aliases = {
-  #     co = "checkout";
-  #     br = "branch";
-  #     ci = "commit";
-  #     st = "status";
-  #     unstage = "reset HEAD --";
-  #     last = "log -1 HEAD";
-  #     lg =
-  #       "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
-  #     brs =
-  #       "for-each-ref --sort='-authordate:iso8601' --count 20 --format=' %(color:green)%(authordate:relative)%09%(if)%(HEAD)%(then)%(color:brightwhite)*%(else)%(color:white) %(end)%(refname:short)%09%(color:yellow)%(authorname)%(authoremail)' refs/heads";
-  #     e = "emacsclient";
-  #   };
-
-  #   signing = {
-  #     key = "0x8741FACBF412FFA5";
-  #     signByDefault = true;
-  #   };
-
-  #   difftastic.enable = true;
-  #   # delta.enable = true;
-
-  #   extraConfig = {
-  #     core = {
-  #       abbrev = 12;
-  #       excludesFile = "${./git/gitignore}";
-  #     };
-
-  #     pretty = { fixes = ''Fixes: %h ("%s")''; };
-
-  #     url."git@github.com:" = { insteadOf = "https://github.com/"; };
-
-  #     sendemail = {
-  #       smtpEncryption = "tls";
-  #       smtpServer = "fencepost.gnu.org";
-  #       smtpUser = "lxsameer";
-  #       smtpServerPort = 587;
-  #     };
-
-  #     status.submoduleSummary = true;
-  #     pull.rebase = false;
-  #     http.sslVerify = true;
-  #   };
-  # };
-
   # starship - an customizable prompt for any shell
   programs.starship = {
     enable = true;
@@ -453,4 +402,5 @@ in {
     enableBashIntegration = true; # see note on other shells below
       nix-direnv.enable = true;
   };
+
 }

users/mary/default.nix

@@ -43,15 +43,15 @@ rec {
       (inputs.agenix.packages.x86_64-linux.default.override { ageBin = "${rager}/bin/rager"; })
     ];
 
-
     age.identityPaths = [
+      # This is an actual private key, we should avoid
+      # including it in the store
+      "/home/mary/.ssh/universe"
+
       # Since these are stubs, its ok to include them in the store
       ./yubikey_1.stub.id
       ./yubikey_2.stub.id
 
-      # But this is an actual private key, we should avoid
-      # including it in the store
-      #"~/.ssh/universe.priv"
     ];
 
     age.secrets.user.file = ../../secrets/mary/user.age;
@@ -61,6 +61,19 @@ rec {
         gid = 1001;
       };
 
+      users.lxsameer1 = {
+        isNormalUser = true;
+        shell = pkgs.zsh;
+        uid = 9000;
+        group = "lxsameer";
+
+        extraGroups = [
+          "wheel"
+          "networkmanager"
+        ];
+	      password = "123123";
+      };
+
       users.mary = {
         isNormalUser = true;
         shell = pkgs.zsh;
@@ -71,8 +84,13 @@ rec {
           "wheel"
           "networkmanager"
         ];
+
         hashedPasswordFile = config.age.secrets.user.path;
 
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com"
+        ];
+
       };
     };
 

users/mary/desktop.nix

@@ -113,6 +113,10 @@
     protonvpn-gui
     yubioath-flutter
     yubikey-manager
+
+    shotwell
+    flameshot
+
   ];
 
   # basic configuration of git, please change to your own
@@ -224,7 +228,6 @@
       eval $(thefuck --alias)
       autopair-init
     '';
-
     plugins = with pkgs; [
       {
         name = "formarks";
@@ -312,7 +315,6 @@
 
   programs.mpv.enable = true;
   programs.obs-studio.enable = true;
-  programs.noti.enable = true;
   # Let home Manager install and manage itself.
   programs.home-manager.enable = true;
 
@@ -327,9 +329,18 @@
   home.stateVersion = "24.05";
 
   services.network-manager-applet.enable = true;
+
+  programs.gpg = {
+    enable = true;
+    scdaemonSettings = {
+      disable-ccid = true;
+    };
+    homedir = lib.mkForce "/home/mary/.gnupg";
+  };
+
   services.gpg-agent = {
     enable = true;
-    enableSshSupport = false;
+    enableSshSupport = lib.mkForce false;
   };
 
   gtk = {
@@ -342,5 +353,11 @@
     platformTheme = "gtk";
   };
 
+  programs.direnv = {
+    enable = true;
+    enableBashIntegration = true; # see note on other shells below
+      nix-direnv.enable = true;
+  };
+
   services.ssh-agent.enable = true;
 }

worlds/maryland.nix

@@ -34,6 +34,7 @@ let
     nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 
     boot.initrd.kernelModules = [ "amdgpu" ];
+    boot.kernelParams = [ "radeon.cik_support=0" "amdgpu.cik_support=1" ];
     hardware.enableRedistributableFirmware = true;
     hardware.cpu.amd.updateMicrocode = true;
 
@@ -41,19 +42,33 @@ let
     services.xserver.displayManager.sddm.enable = true;
     services.xserver.desktopManager.plasma6.enable = true;
 
+    # I want to fully control my users via nix
+    users.mutableUsers = false;
+    networking.extraHosts = ''
+      192.168.0.86 sameer
+    '';
+
     services.printing.enable = true;
     services.avahi = {
       enable = true;
       nssmdns = true;
       openFirewall = true;
     };
+
+    fileSystems."/home".neededForBoot = true;
+    services.gvfs.enable = true;
+
+    networking.firewall = {
+      enable = true;
+      allowedTCPPorts = [ 8000 ];
+    };
+
   };
 
   mary = pkgs.callPackage ../users/mary/default.nix {};
 
   fg42 = inputs.fg42.packages.${system}.default;
   inVM = (utils.sanitizeBuilderConfig hostBuilderConfig).inVM;
-
 in {
 
   installer = import ./installer.nix (params // {
@@ -79,6 +94,7 @@ in {
       desktop
       styles
       yubikey
+      virtualisation.podman
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;