Initial commit with a stub for birne

birne/configuration.nix

@@ -0,0 +1,79 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+
+      <modules/base.nix>
+      <modules/desktop.nix>
+      <modules/printing.nix>
+    ];
+
+  # setup the NIX_PATH so modules from the repo found
+  nix.nixPath = [
+   "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
+   "nixos-config=/etc/nixos/configuration.nix"
+   "/nix/var/nix/profiles/per-user/root/channels"
+   "/var/src/fruitbasket"
+  ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+   # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  networking.hostName = "birne"; # Define your hostname.
+  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.nameservers = [ "9.9.9.9" "1.1.1.1" ];
+
+  # allow brightness control
+  services.illum.enable = true;
+
+  # Define the print user account
+  users.users.print = {
+    createHome = true;
+    isNormalUser = true;
+    extraGroups = [ "video" "audio" "dialout" ];
+    group = "users";
+    home = "/home/print";
+    shell = pkgs.fish;
+    password = "print";
+  };
+
+  services.xserver.displayManager.autoLogin = {
+    enable = true;
+    user = "print";
+  };
+
+  # TODO: systemd-service for clearing the Downloads folder @midnight
+  # TODO: chmod 500 Desktop
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+}
+

modules/base.nix

@@ -0,0 +1,55 @@
+{ pkgs, config, ... }:
+
+{
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    #font = "Lat2-Terminus16";
+    font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
+    keyMap = pkgs.lib.mkForce "uk";
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # set root ssh keys
+  users.users.root.openssh.authorizedKeys = {
+    keys = [
+      # RSA keys go into keyFiles because they're shamefully long
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS8xkNH7JvKblekx5oel4HVKCz3uBbQYEaR9Z9nzTAr manuel@ifsr.de"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINogGKyXieCXQvVTa1z3ArS1TlqcVl2sSqvMpOjQo/Um jakob@krbs.me"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjNYNRBsY/Dc+/XOaGDui9tRa4VGPsHwYo3irGnMRbR felix@tycho"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdOcXORg+akeN2t3yZlKWdoTURKxtV29eQ7UrIMkCHv felix@entropy"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH73n+ZfJqNzIh9rPh6JYQaI4OAw9WKkPeqj2XRFmRfQ pascal@ifsr.de"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmb1kv+7HU1QKE53+gNxUhrggbwomC40Xjxd9hACkoo bennofs@d-cube"
+    ];
+    keyFiles = [
+      ./keys/marcus-sapphire
+      ./keys/schrader
+      ./keys/jannusch
+      ./keys/jannusch-arch
+    ];
+  };
+
+  # allow unfree licenced packges
+  # nixpkgs.config.allowUnfree = true;
+
+  # basic shell & editor
+  programs.fish.enable = true;
+  programs.vim.defaultEditor = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    atop
+    bat
+    git
+    htop
+    ripgrep
+    tldr
+    tmux
+    usbutils
+    wget
+  ];
+}
+

modules/desktop.nix

@@ -0,0 +1,37 @@
+{ pkgs, config, ... }:
+
+{
+  # enable XFCE as lightweight desktop environment
+  services.xserver.desktopManager.xfce.enable = true;
+  services.xserver.displayManager.defaultSession = "xfce";
+
+  # Configure keymap in X11
+  services.xserver.layout = "de";
+  services.xserver.xkbOptions = "eurosign:e,ctrl:nocaps,compose:prsc";
+
+  # enable touchpad support
+  services.xserver.libinput.enable = true;
+
+  # enable sound
+  sound.enable = true;
+  sound.mediaKeys.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  # additional programs for a lightweight working office environment
+  environment.systemPackages = with pkgs; [
+    ## audio management
+    pavucontrol
+    ## terminal, browsers, text editing
+    vscodium
+    firefox
+    ## document viewers
+    okular
+    ## LaTeX
+    texlive.combined.scheme-full
+    texstudio
+    ## the eternal pain continues
+    libreoffice-fresh
+    # media viewers
+    vlc
+  ];
+}

modules/keys/jannusch

@@ -0,0 +1,10 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYNjKwaX+XZzFZXff7G/s0blMy72F3Aa2YdaU3iXWQsTf6
+LWStwdeMXDasB4oBv/qkitWRQ1uEhwdrXDs6R9bZaqOZX0mb40p0El6WvFSa5wh0yjA8LQbAckRjELbjDFLF
+SoQq320KFnlO7Zdcp8Ve2JFMh+nwXt61UfQGw5H2Zx7SfhpFHBHIxEPXKVTzF2bESGh0biNboZpNZYeGcfYy
+w28uvgSUlHueV5PR92ZS/Wxoge9cpZr2E/N8d2dmg93k7v7JQxW22pslXk1GPooBDB/9Ld5UtvSQs8+Z+p7J
+2/l2thjmXNhvEaqMU6PsnHOdmVssUrKPZeLXqbu+3/W5XVwaYMG4Nn9RcFQaSGxMnRYX+q2qjHCLUDa7KIDw
+UB53LIzTCR5t1gv6adQimZ5KZjR7gExTfOSghzipp09luBlfBjYFOQ0qDgRNx7jkp+lwq63NF2ZEubIW03bj
+4+4qeLX8eZJwLpgTEIZFarD+qiPESRDBgZxUMO+g3hqcE9NPEpeTt9PlGRQ6h4vD4vjASU4+rcDKyU1eSp7u
+hnVuXjOAPaWxrQn2+7yuNzKl3j8hTgzK5kRkilQr0B6sMfH4YlVHGvmrCkLFN3NAK/2uavAsUAMnGAM+EC+0
+yptGpzReAmkMFiVG5YN/jIy8S27vk6LisRkVwf6uTf0K/tjbJw== jannusch.bigge@mailbox.tu-dresd
+en.de

modules/keys/jannusch-arch

@@ -0,0 +1,7 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYjiRZkM9P6GV9t3a4g57G6nUNfZMO4MTMfekyNpJlm/Dh
+lxTKdOzFgRbOh4LFW5WpAQirsqvLTv9cjym3KSwDO+wDEtVgF2uzZJErs5JxOx5CGhTuh2o2IrjiWABnxLMy
+g6B7yRd2eghoHWrITHIqPvYFZs1m6IgiJ/O/4wh3zYG2EGlJSVIf7pzbp/ybnE7OdB+gSzxsXZ56E2bDhf8/
+XTmIGy7uHl32tJNYfnbajvxi4BcQXHdr22uBJ7M3PaHy8qWhSDmfdeWUlWjzW1g29bgW13BjEBQBzxEzrFYJ
+qFiruECHhHw0kSo3UIQ0dLGPL6quVRZuawgNRO44gBvAoFTDYaQ3878kX7vsjOv28Aic7DML/ZcaQ5wS4DKN
+iUHohSQ9c3B58fvo880KFZ9ZM1+5fx8OIjT+p/85FLZCncOXZiAzn2IzZsMbyQCfrwDZ1frhs6GdfLMI8IBW
+1/EyQu9QQS6a7EIzBsyaQpLbNJpx8GyP2Il2tsskRjjOyD0= jannusch@Desktop-Arch

modules/keys/marcus-sapphire

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMAiyN+GQ9nri44LAHqnxA+wAAaA9yrCvWUCzfNY2WLi45aYnF8Ejd2jr9cETHAHkpvrs0R4x2JbiRP0KVgxKwFcxxH+ByYOaiGBdMmWOKOKh97u2pYfnMUGFglsnD0MEDzC3ApDMoblgn//DQQL2FdEWNDFLXl5xam+VGysxhIBm9Kj0nNJ0/Y0ZKH+pZpzFL3iARHEhGD6qeLUTAfsA75zQtMOJ+qK3jKjYumEhcwmMl0EJZYF1h55GByN+2dDmans7lufCXbeeM3Sy/eutUFDlYONp5B1RRTXqMjYi8qB8zCcJ8gNdjSLC13SfdEdD2uW0QMzXMDIWaba8GhzDj marcus@sapphire

modules/keys/schrader

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkbKzwpdU7XrhTkCx144sbn76qqZ0S18619jbzrIyYpNYouVum1rgOO0EHYkSPw+l87YGkucjDllfaKUkrmf6wHBZfKDfjiSg9cQB+xQZZYqCr9Ng2M1Mh92tUXrki0wi6NGNbCRskL4f+9BMNLlEbg7yMWmQ0wf8n81Fc1n7QTxWcdycSqgGKbG7wgJETCSsAE9eP+zRrtRIV2xhdOisIUzMQajuY0bGzW1P73fZ+vHRQbZWwv99UFjIanzjHEFluhEgwB40qvpKsz+lpSFAgU1T+PvM+GAetUnrOtHNIv1ZNSBm15vQXHbjD9nqcTrhoQI+JA9s4+f3eUbKauVe9Q== schrader@ifsr.de

modules/printing.nix

@@ -0,0 +1,20 @@
+{ pkgs, config, ... }:
+
+{
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+  # services.printing.drivers = [
+  #   pkgs.gutenprint
+  # ];
+
+  # set up Heiko
+  # hardware.printers.ensurePrinters = [
+  #   {
+  #     description = "Drucker im FSR Buero";
+  #     deviceUri = "";
+  #     location = "FSR Buero";
+  #     model = "";
+  #     name = "Heiko";
+  #   }
+  # ];
+}