path: root/machines/oxygen.nix
diff options
authorBen Sima <>2021-09-15 21:46:34 -0400
committerBen Sima <>2021-09-15 21:46:34 -0400
commitbec0be8b42bca1785922237a4c06674bb5123e0c (patch)
treeac9bf1ecc6ded8cced9216a7f3a2a9f498f32c6a /machines/oxygen.nix
parentd3503a13da2bdaf11adcc72bca44214960c23190 (diff)
update machines, wip oxygen
Diffstat (limited to 'machines/oxygen.nix')
1 files changed, 73 insertions, 0 deletions
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
new file mode 100644
index 0000000..309cd20
--- /dev/null
+++ b/machines/oxygen.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+# My airgapped machine for generating and backing up security keys
+ nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
+in {
+ security.sudo.wheelNeedsPassword = false;
+"user".yubicoAuth = true;
+ #security.pam.yubico.enable = true;
+ #security.pam.yubico.control = "sufficient"; # pam.conf(5)
+ #security.pam.yubico.mode = "challenge-response"; # ykpamcfg(1)
+ #file."~/.yubico/authorized_yubikeys" = <list of keys>;
+ # networking is disabled, but we still need a hostname
+ networking.hostName = "oxygen";
+ = false;
+ time.timeZone = "America/New_York";
+ environment.systemPackages = [
+ pkgs.brightnessctl
+ ];
+ nixpkgs.config.allowUnfree = false;
+ nixpkgs.config.allowBroken = false;
+ programs.bash.enableCompletion = true;
+ programs.command-not-found.enable = true;
+ programs.light.enable = true;
+ programs.gnupg.agent.enable = true;
+ programs.gnupg.agent.enableSSHSupport = true;
+ services.pcscd.enable = true;
+ services.printing.enable = true;
+ services.xserver.enable = true;
+ services.xserver.autorun = true;
+ services.xserver.layout = "us";
+ services.xserver.libinput.enable = true;
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.desktopManager.xterm.enable = true;
+ services.clamav.daemon.enable = true;
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+ powerManagement.enable = false;
+ nix.nixPath = [
+ "nixpkgs=${nixpkgs}"
+ "nixos-config=/etc/nixos/configuration.nix"
+ "/nix/var/nix/profiles/per-user/root/channels"
+ ];
+ nix.binaryCaches = [ ];
+ nix.extraOptions = ''
+ keep-outputs = true
+ keep-derivations = true
+ builders-use-substitutes = true
+ '';
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "19.03"; # Did you read the comment?
+ system.autoUpgrade.enable = false;