added stuff
This commit is contained in:
parent
e8d9044d2b
commit
9d0ebdfbd0
907 changed files with 70990 additions and 0 deletions
56
nyx/hosts/erebus/system/default.nix
Normal file
56
nyx/hosts/erebus/system/default.nix
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
# NixOS livesystem to generate yubikeys in an air-gapped manner
|
||||
# $ nix build .#images.erebus
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Secure defaults
|
||||
nixpkgs.config = {allowBroken = false;}; # false breaks zfs kernel - but we don't care about zfs
|
||||
|
||||
# Always copytoram so that, if the image is booted from, e.g., a
|
||||
# USB stick, nothing is mistakenly written to persistent storage.
|
||||
boot = {
|
||||
kernelParams = ["copytoram"];
|
||||
tmp.cleanOnBoot = true;
|
||||
kernel.sysctl = {"kernel.unprivileged_bpf_disabled" = 1;};
|
||||
};
|
||||
|
||||
# make sure we are air-gapped
|
||||
networking = {
|
||||
wireless.enable = false;
|
||||
dhcpcd.enable = false;
|
||||
};
|
||||
|
||||
services.getty.helpLine = "The 'root' account has an empty password.";
|
||||
|
||||
isoImage.isoBaseName = lib.mkForce config.networking.hostName;
|
||||
|
||||
# words cannot express how much I hate zfs
|
||||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
|
||||
environment = {
|
||||
# needed for i3blocks
|
||||
pathsToLink = ["/libexec"];
|
||||
# fix an annoying warning
|
||||
etc."mdadm.conf".text = ''
|
||||
MAILADDR root
|
||||
'';
|
||||
};
|
||||
|
||||
fonts = {
|
||||
fontDir = {
|
||||
enable = true;
|
||||
decompressFonts = true;
|
||||
};
|
||||
|
||||
fontconfig.enable = true;
|
||||
|
||||
packages = with pkgs; [
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-color-emoji
|
||||
];
|
||||
};
|
||||
}
|
||||
46
nyx/hosts/erebus/system/desktop.nix
Normal file
46
nyx/hosts/erebus/system/desktop.nix
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
{pkgs, ...}: {
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
users.users.yubikey = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel"];
|
||||
shell = pkgs.zsh;
|
||||
};
|
||||
|
||||
programs.dconf.enable = true;
|
||||
|
||||
services = {
|
||||
gvfs.enable = true;
|
||||
|
||||
autorandr.enable = true;
|
||||
|
||||
xserver = {
|
||||
enable = true;
|
||||
layout = "tr";
|
||||
displayManager = {
|
||||
autoLogin.enable = true;
|
||||
autoLogin.user = "yubikey";
|
||||
defaultSession = "none+i3";
|
||||
};
|
||||
|
||||
desktopManager = {
|
||||
xterm.enable = false;
|
||||
};
|
||||
|
||||
# i3 for window management
|
||||
windowManager.i3 = {
|
||||
enable = true;
|
||||
package = pkgs.i3-gaps;
|
||||
|
||||
extraPackages = with pkgs; [
|
||||
st # suckless terminal that sucks, pretty minimal though
|
||||
rofi # alternative to dmenu, usually better
|
||||
dmenu # application launcher most people use
|
||||
i3status # gives you the default i3 status bar
|
||||
i3lock # default i3 screen locker
|
||||
i3blocks # if you are planning on using i3blocks over i3status
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue