From 660017a85e88ff14f2945d8e5157dd08442bc568 Mon Sep 17 00:00:00 2001
From: mb <mb@codemonkey.cc>
Date: Sat, 8 Jun 2019 11:35:38 +0200
Subject: mb suns1n3.r: add configs; update users

---
 mb/1systems/sunsh1n3/configuration.nix          | 180 ++++++++++++++++++++++++
 mb/1systems/sunsh1n3/hardware-configuration.nix |  29 ++++
 mb/2configs/default.nix                         |  23 +++
 3 files changed, 232 insertions(+)
 create mode 100644 mb/1systems/sunsh1n3/configuration.nix
 create mode 100644 mb/1systems/sunsh1n3/hardware-configuration.nix

diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix
new file mode 100644
index 0000000..d0a609f
--- /dev/null
+++ b/mb/1systems/sunsh1n3/configuration.nix
@@ -0,0 +1,180 @@
+
+{ config, pkgs, ... }: let
+  unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
+in {
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+     <stockholm/mb>
+    ];
+
+  krebs.build.host = config.krebs.hosts.sunsh1n3;
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+  
+  boot.initrd.luks.devices = [
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
+      preLVM = true;
+      allowDiscards = true;
+    }
+  ];
+
+  i18n = {
+    consoleFont = "Lat2-Terminus16";
+    consoleKeyMap = "de";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  nixpkgs.config.packageOverrides = super : {
+   openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  fonts = {
+    enableCoreFonts = true;
+    enableGhostscriptFonts = true;
+    fonts = with pkgs; [
+      anonymousPro
+      corefonts
+      dejavu_fonts
+      envypn-font
+      fira
+      gentium
+      gohufont
+      inconsolata
+      liberation_ttf
+      powerline-fonts
+      source-code-pro
+      terminus_font
+      ttf_bitstream_vera
+      ubuntu_font_family
+      unifont
+      unstable.cherry
+      xorg.fontbitstream100dpi
+      xorg.fontbitstream75dpi
+      xorg.fontbitstreamtype1
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    wget vim git curl fish
+    ag
+    chromium
+    firefox
+    gimp
+    p7zip
+    htop
+    mpv
+    mpvc
+    nmap
+    ntfs3g
+    keepassx2
+    sshfs
+    #unstable.skrooge
+    skrooge
+    unstable.alacritty
+    tmux
+    tree
+    wcalc
+    virtmanager
+    virt-viewer
+    (wine.override { wineBuild = "wineWow"; }) 
+    xz    
+  ];
+
+  virtualisation.libvirtd.enable = true;
+  virtualisation.kvmgt.enable = true;
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+
+  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+  programs.dconf.enable = true;
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+
+  krebs.iptables.enable = true;
+  #networking.wireless.enable = true;  
+  networking.networkmanager.enable = true;
+  networking.enableIPv6 = false;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.support32Bit = true;
+  nixpkgs.config.pulseaudio = true;
+
+  services.xserver.enable = true;
+  services.xserver.layout = "de";
+  services.xserver.xkbOptions = "nodeadkeys";
+  services.xserver.libinput.enable = true;
+
+  # Enable the KDE Desktop Environment.
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.desktopManager.plasma5.enable = true;
+
+  programs.fish = {
+    enable = true;
+    shellInit = ''
+      function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
+          if begin
+              set -q SSH_AGENT_PID
+              and kill -0 $SSH_AGENT_PID
+              and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
+          end
+              echo "ssh-agent running on pid $SSH_AGENT_PID"
+          else
+              eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
+          end
+          set -l identity $HOME/.ssh/id_rsa
+          set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
+          ssh-add -l | grep -q $fingerprint
+            or ssh-add $identity
+      end
+    '';
+    promptInit = ''
+      function fish_prompt --description 'Write out the prompt'
+          set -l color_cwd
+          set -l suffix
+          set -l nix_shell_info (
+              if test "$IN_NIX_SHELL" != ""
+                 echo -n " <nix-shell>"
+              end
+          )
+          switch "$USER"
+              case root toor
+                  if set -q fish_color_cwd_root
+                      set color_cwd $fish_color_cwd_root
+                  else
+                      set color_cwd $fish_color_cwd
+                  end
+                  set suffix '#'
+              case '*'
+                  set color_cwd $fish_color_cwd
+                  set suffix '>'
+          end
+
+          echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
+      end
+    '';
+  };
+  
+  nix.buildCores = 4;
+
+  system.stateVersion = "19.09";
+
+}
diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix
new file mode 100644
index 0000000..2beee7c
--- /dev/null
+++ b/mb/1systems/sunsh1n3/hardware-configuration.nix
@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/60A6-4DAB";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
index ab11495..3066d1c 100644
--- a/mb/2configs/default.nix
+++ b/mb/2configs/default.nix
@@ -21,6 +21,29 @@ with import <stockholm/lib>;
             "video"
             "fuse"
             "wheel"
+            "kvm"
+            "qemu-libvirtd"
+            "libvirtd"
+          ];
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.mb.pubkey
+          ];
+        };
+        xo = {
+          name = "xo";
+          uid = 2323;
+          home = "/home/xo";
+          group = "users";
+          createHome = true;
+          shell = "/run/current-system/sw/bin/fish";
+          extraGroups = [
+            "audio"
+            "video"
+            "fuse"
+            "wheel"
+            "kvm"
+            "qemu-libvirtd"
+            "libvirtd"
           ];
           openssh.authorizedKeys.keys = [
             config.krebs.users.mb.pubkey
-- 
cgit v1.2.3