From e97acf6b51a17c35c950de712f71f85be48a59fe Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Tue, 27 Feb 2024 00:25:18 -0800 Subject: Switch ginaz to unstable and fix initial configuration --- ginaz/README | 4 ++ ginaz/configuration.nix | 83 +++++++++++++++++++++++++++++++++++++--- ginaz/hardware-configuration.nix | 5 ++- 3 files changed, 85 insertions(+), 7 deletions(-) (limited to 'ginaz') diff --git a/ginaz/README b/ginaz/README index 0d54d8d..1be871a 100644 --- a/ginaz/README +++ b/ginaz/README @@ -46,3 +46,7 @@ cd / umount -Rl /mnt zpool export -a reboot + +# upgrade to unstable +nix-channel --add https://nixos.org/channels/nixos-unstable nixos +nixos-rebuild switch --upgrade diff --git a/ginaz/configuration.nix b/ginaz/configuration.nix index 9dd7e6a..ac85c26 100644 --- a/ginaz/configuration.nix +++ b/ginaz/configuration.nix @@ -19,6 +19,7 @@ boot.supportedFilesystems = [ "zfs" ]; boot.zfs.devNodes = "/dev/disk/by-label"; + documentation.dev.enable = true; documentation.man.enable = true; environment.shells = with pkgs; [ zsh ]; @@ -26,9 +27,26 @@ # $ nix search wget environment.systemPackages = with pkgs; [ curl + dmenu + feh + geeqie + git i3 + i3status + netcat-openbsd + pass + passExtensions.pass-otp + pavucontrol + polkit_gnome + reaper + signal-desktop + st + stoken vim wget + xdotool + xorg.xdpyinfo + xscreensaver ]; i18n.defaultLocale = "en_US.UTF-8"; @@ -36,6 +54,7 @@ networking.hostId = "8425e349"; networking.hostName = "ginaz"; networking.networkmanager.enable = true; + networking.nftables.enable = true; nixpkgs.config.allowUnfree = true; @@ -52,8 +71,28 @@ programs.tmux.enable = true; programs.zsh.enable = true; + security.polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ( + subject.isInGroup("users") + && ( + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" + ) + ) + { + return polkit.Result.YES; + } + }) + ''; + }; security.rtkit.enable = true; + services.blueman.enable = true; services.openssh = { enable = true; settings.PasswordAuthentication = false; @@ -68,17 +107,46 @@ jack.enable = true; }; services.printing.enable = true; - services.xserver.displayManager.lightdm.enable = true; - services.xserver.enable = true; - services.xserver.libinput.enable = true; - services.xserver.xkb.layout = "us"; - services.xserver.xkb.options = "caps:super,compose:ralt"; + services.xserver = { + displayManager.defaultSession = "xsession"; + displayManager.lightdm = { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }; + displayManager.session = [ + { + manage = "desktop"; + name = "xsession"; + start = ''exec $HOME/.xsession''; + } + ]; + enable = true; + libinput.enable = true; + xkb.layout = "us"; + xkb.options = "caps:super,compose:ralt"; + }; services.zfs.autoScrub.enable = true; services.zfs.trim.enable = true; system.copySystemConfiguration = true; system.stateVersion = "23.11"; + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; + time.timeZone = "America/Los_Angeles"; users.groups.nipsy.gid = 1000; @@ -96,5 +164,8 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ]; }; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ]; + users.users.root = { + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net" ]; + }; } diff --git a/ginaz/hardware-configuration.nix b/ginaz/hardware-configuration.nix index 3d76693..140a799 100644 --- a/ginaz/hardware-configuration.nix +++ b/ginaz/hardware-configuration.nix @@ -42,6 +42,9 @@ [ { device = "/dev/disk/by-label/swap"; } ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.bluetooth.enable = true; + #hardware.bluetooth.powerOnBoot = true; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } -- cgit v1.2.3