Setup maryland
This commit is contained in:
parent
833c2c5158
commit
f861e50f3e
39
flake.lock
39
flake.lock
|
@ -197,11 +197,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710427903,
|
"lastModified": 1711462743,
|
||||||
"narHash": "sha256-sV0Q5ndvfjK9JfCg/QM/HX/fcittohvtq8dD62isxdM=",
|
"narHash": "sha256-3wKGpHy9Kyh98DrziqC/s//60Q0pE17NgbY93L0uWng=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "21d89b333ca300bef82c928c856d48b94a9f997c",
|
"rev": "a6717b1afee7ae955c61eefdf0ce8f864ef78115",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -238,10 +238,11 @@
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dirtyRev": "70f14f5928c6cffb3be81784425b57d984a00acd-dirty",
|
"lastModified": 1711478570,
|
||||||
"dirtyShortRev": "70f14f5-dirty",
|
"narHash": "sha256-qjzwq2qj0e9EpN7QYTnTXipHmrWWUG3bEARmzju81OI=",
|
||||||
"lastModified": 1710021649,
|
"ref": "refs/heads/v4",
|
||||||
"narHash": "sha256-3gmgWWaVJNW1xpbov8dVkf3EGucNXQggd5KsYONfTo0=",
|
"rev": "2d459669cb67e1960579e97e05ccac05c993b70a",
|
||||||
|
"revCount": 1063,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "file:///home/lxsameer/src/fg42"
|
"url": "file:///home/lxsameer/src/fg42"
|
||||||
},
|
},
|
||||||
|
@ -418,11 +419,11 @@
|
||||||
},
|
},
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710031547,
|
"lastModified": 1711241261,
|
||||||
"narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
|
"narHash": "sha256-knrTvpl81yGFHIpm1SsLDApe0thFkw1cl3ISAMPmP/0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
|
"rev": "b2a1eeef8c185f6bd27432b053ff09d773244cbc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -439,11 +440,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710398463,
|
"lastModified": 1711375484,
|
||||||
"narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
|
"narHash": "sha256-+d4HqehyQvuHUKR8Nv9HGGd/SP5wjg3MA/hEYJBWQq0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
|
"rev": "2b3720c7af2271be8cee713cd2f69c5127b0a8e4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -454,11 +455,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710123225,
|
"lastModified": 1711352745,
|
||||||
"narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=",
|
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba",
|
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -469,11 +470,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710346304,
|
"lastModified": 1710889954,
|
||||||
"narHash": "sha256-vwoyBoCovK7+vdbCYqL9MssoFQjaXtZN8sElcjUdbx8=",
|
"narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a0906f14161a5c5792e9883117b9471f5bf6df72",
|
"rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
Binary file not shown.
|
@ -23,10 +23,10 @@ let
|
||||||
mary = {
|
mary = {
|
||||||
yubikey_1 = "age1yubikey1qtsln0tj4my8t0nywnmpse8tsfl28ctmd26tkxahspm5skefmqvmvpw4ef4";
|
yubikey_1 = "age1yubikey1qtsln0tj4my8t0nywnmpse8tsfl28ctmd26tkxahspm5skefmqvmvpw4ef4";
|
||||||
yubikey_2 = "age1yubikey1qvnajv3gu2t7q239nxz2ggfykavrt0k5vaauy9gc8ac82gsrsx3cwk7lfpd";
|
yubikey_2 = "age1yubikey1qvnajv3gu2t7q239nxz2ggfykavrt0k5vaauy9gc8ac82gsrsx3cwk7lfpd";
|
||||||
pub = "age1zmrr9vrq6r3twfj3e00vn33hn2qgggv5dg3l2kysw9kjtx2r2ckq87ee5w";
|
pub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXfcDiEl2a520F3BEirU8ey4VUxcNQu90FIescz1PQi mary@maryland";
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"lxsameer/user.age".publicKeys = [ lxsameer.pub ];
|
"lxsameer/user.age".publicKeys = [ lxsameer.pub ];
|
||||||
"mary/user.age".publicKeys = [ mary.yubikey_1 mary.yubikey_2 ];
|
"mary/user.age".publicKeys = [ mary.pub ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -73,7 +73,6 @@ rec {
|
||||||
"networkmanager"
|
"networkmanager"
|
||||||
];
|
];
|
||||||
password = "123123";
|
password = "123123";
|
||||||
|
|
||||||
};
|
};
|
||||||
users.lxsameer = {
|
users.lxsameer = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -90,7 +89,6 @@ rec {
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com"
|
||||||
];
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -154,57 +154,6 @@ in {
|
||||||
remmina
|
remmina
|
||||||
];
|
];
|
||||||
|
|
||||||
# # basic configuration of git, please change to your own
|
|
||||||
# programs.git = {
|
|
||||||
# enable = true;
|
|
||||||
# package = pkgs.gitFull;
|
|
||||||
# userName = "Sameer Rahmani";
|
|
||||||
# userEmail = "lxsameer@gnu.org";
|
|
||||||
# aliases = {
|
|
||||||
# co = "checkout";
|
|
||||||
# br = "branch";
|
|
||||||
# ci = "commit";
|
|
||||||
# st = "status";
|
|
||||||
# unstage = "reset HEAD --";
|
|
||||||
# last = "log -1 HEAD";
|
|
||||||
# lg =
|
|
||||||
# "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
|
|
||||||
# brs =
|
|
||||||
# "for-each-ref --sort='-authordate:iso8601' --count 20 --format=' %(color:green)%(authordate:relative)%09%(if)%(HEAD)%(then)%(color:brightwhite)*%(else)%(color:white) %(end)%(refname:short)%09%(color:yellow)%(authorname)%(authoremail)' refs/heads";
|
|
||||||
# e = "emacsclient";
|
|
||||||
# };
|
|
||||||
|
|
||||||
# signing = {
|
|
||||||
# key = "0x8741FACBF412FFA5";
|
|
||||||
# signByDefault = true;
|
|
||||||
# };
|
|
||||||
|
|
||||||
# difftastic.enable = true;
|
|
||||||
# # delta.enable = true;
|
|
||||||
|
|
||||||
# extraConfig = {
|
|
||||||
# core = {
|
|
||||||
# abbrev = 12;
|
|
||||||
# excludesFile = "${./git/gitignore}";
|
|
||||||
# };
|
|
||||||
|
|
||||||
# pretty = { fixes = ''Fixes: %h ("%s")''; };
|
|
||||||
|
|
||||||
# url."git@github.com:" = { insteadOf = "https://github.com/"; };
|
|
||||||
|
|
||||||
# sendemail = {
|
|
||||||
# smtpEncryption = "tls";
|
|
||||||
# smtpServer = "fencepost.gnu.org";
|
|
||||||
# smtpUser = "lxsameer";
|
|
||||||
# smtpServerPort = 587;
|
|
||||||
# };
|
|
||||||
|
|
||||||
# status.submoduleSummary = true;
|
|
||||||
# pull.rebase = false;
|
|
||||||
# http.sslVerify = true;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# starship - an customizable prompt for any shell
|
# starship - an customizable prompt for any shell
|
||||||
programs.starship = {
|
programs.starship = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -453,4 +402,5 @@ in {
|
||||||
enableBashIntegration = true; # see note on other shells below
|
enableBashIntegration = true; # see note on other shells below
|
||||||
nix-direnv.enable = true;
|
nix-direnv.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,15 +43,15 @@ rec {
|
||||||
(inputs.agenix.packages.x86_64-linux.default.override { ageBin = "${rager}/bin/rager"; })
|
(inputs.agenix.packages.x86_64-linux.default.override { ageBin = "${rager}/bin/rager"; })
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
age.identityPaths = [
|
age.identityPaths = [
|
||||||
|
# This is an actual private key, we should avoid
|
||||||
|
# including it in the store
|
||||||
|
"/home/mary/.ssh/universe"
|
||||||
|
|
||||||
# Since these are stubs, its ok to include them in the store
|
# Since these are stubs, its ok to include them in the store
|
||||||
./yubikey_1.stub.id
|
./yubikey_1.stub.id
|
||||||
./yubikey_2.stub.id
|
./yubikey_2.stub.id
|
||||||
|
|
||||||
# But this is an actual private key, we should avoid
|
|
||||||
# including it in the store
|
|
||||||
#"~/.ssh/universe.priv"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets.user.file = ../../secrets/mary/user.age;
|
age.secrets.user.file = ../../secrets/mary/user.age;
|
||||||
|
@ -61,6 +61,19 @@ rec {
|
||||||
gid = 1001;
|
gid = 1001;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.lxsameer1 = {
|
||||||
|
isNormalUser = true;
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
uid = 9000;
|
||||||
|
group = "lxsameer";
|
||||||
|
|
||||||
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"networkmanager"
|
||||||
|
];
|
||||||
|
password = "123123";
|
||||||
|
};
|
||||||
|
|
||||||
users.mary = {
|
users.mary = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
@ -71,8 +84,13 @@ rec {
|
||||||
"wheel"
|
"wheel"
|
||||||
"networkmanager"
|
"networkmanager"
|
||||||
];
|
];
|
||||||
|
|
||||||
hashedPasswordFile = config.age.secrets.user.path;
|
hashedPasswordFile = config.age.secrets.user.path;
|
||||||
|
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com"
|
||||||
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -113,6 +113,10 @@
|
||||||
protonvpn-gui
|
protonvpn-gui
|
||||||
yubioath-flutter
|
yubioath-flutter
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
|
|
||||||
|
shotwell
|
||||||
|
flameshot
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# basic configuration of git, please change to your own
|
# basic configuration of git, please change to your own
|
||||||
|
@ -224,7 +228,6 @@
|
||||||
eval $(thefuck --alias)
|
eval $(thefuck --alias)
|
||||||
autopair-init
|
autopair-init
|
||||||
'';
|
'';
|
||||||
|
|
||||||
plugins = with pkgs; [
|
plugins = with pkgs; [
|
||||||
{
|
{
|
||||||
name = "formarks";
|
name = "formarks";
|
||||||
|
@ -312,7 +315,6 @@
|
||||||
|
|
||||||
programs.mpv.enable = true;
|
programs.mpv.enable = true;
|
||||||
programs.obs-studio.enable = true;
|
programs.obs-studio.enable = true;
|
||||||
programs.noti.enable = true;
|
|
||||||
# Let home Manager install and manage itself.
|
# Let home Manager install and manage itself.
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
|
|
||||||
|
@ -327,9 +329,18 @@
|
||||||
home.stateVersion = "24.05";
|
home.stateVersion = "24.05";
|
||||||
|
|
||||||
services.network-manager-applet.enable = true;
|
services.network-manager-applet.enable = true;
|
||||||
|
|
||||||
|
programs.gpg = {
|
||||||
|
enable = true;
|
||||||
|
scdaemonSettings = {
|
||||||
|
disable-ccid = true;
|
||||||
|
};
|
||||||
|
homedir = lib.mkForce "/home/mary/.gnupg";
|
||||||
|
};
|
||||||
|
|
||||||
services.gpg-agent = {
|
services.gpg-agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableSshSupport = false;
|
enableSshSupport = lib.mkForce false;
|
||||||
};
|
};
|
||||||
|
|
||||||
gtk = {
|
gtk = {
|
||||||
|
@ -342,5 +353,11 @@
|
||||||
platformTheme = "gtk";
|
platformTheme = "gtk";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.direnv = {
|
||||||
|
enable = true;
|
||||||
|
enableBashIntegration = true; # see note on other shells below
|
||||||
|
nix-direnv.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
services.ssh-agent.enable = true;
|
services.ssh-agent.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,7 @@ let
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
||||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
|
boot.kernelParams = [ "radeon.cik_support=0" "amdgpu.cik_support=1" ];
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
|
@ -41,19 +42,33 @@ let
|
||||||
services.xserver.displayManager.sddm.enable = true;
|
services.xserver.displayManager.sddm.enable = true;
|
||||||
services.xserver.desktopManager.plasma6.enable = true;
|
services.xserver.desktopManager.plasma6.enable = true;
|
||||||
|
|
||||||
|
# I want to fully control my users via nix
|
||||||
|
users.mutableUsers = false;
|
||||||
|
networking.extraHosts = ''
|
||||||
|
192.168.0.86 sameer
|
||||||
|
'';
|
||||||
|
|
||||||
services.printing.enable = true;
|
services.printing.enable = true;
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nssmdns = true;
|
nssmdns = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/home".neededForBoot = true;
|
||||||
|
services.gvfs.enable = true;
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [ 8000 ];
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
mary = pkgs.callPackage ../users/mary/default.nix {};
|
mary = pkgs.callPackage ../users/mary/default.nix {};
|
||||||
|
|
||||||
fg42 = inputs.fg42.packages.${system}.default;
|
fg42 = inputs.fg42.packages.${system}.default;
|
||||||
inVM = (utils.sanitizeBuilderConfig hostBuilderConfig).inVM;
|
inVM = (utils.sanitizeBuilderConfig hostBuilderConfig).inVM;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
installer = import ./installer.nix (params // {
|
installer = import ./installer.nix (params // {
|
||||||
|
@ -79,6 +94,7 @@ in {
|
||||||
desktop
|
desktop
|
||||||
styles
|
styles
|
||||||
yubikey
|
yubikey
|
||||||
|
virtualisation.podman
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
{
|
{
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
|
|
Loading…
Reference in New Issue