maurer/configuration.nix Secret

## configuration.nix
{ config, pkgs, lib, ... }:

{
  nixpkgs.config.allowUnfree = true;
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  boot.blacklistedKernelModules = ["nouveau"];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.postDeviceCommands = ''
    modprobe nvme
    echo -n 'Waiting for NVMe #1'
    while [ ! -e /dev/nvme0n1 ]; do
      sleep 0.1
      echo -n .
    done
    echo -n 'Waiting for NVMe #2'
    while [ ! -e /dev/nvme1n1 ]; do
      sleep 0.1
      echo -n .
    done
    zpool import -a
  '';
  boot.supportedFilesystems = [ "zfs" ];
  # boot.zfs.enableUnstable = true;
  boot.kernelParams = [ "boot.shell_on_fail" ];

  hardware.opengl.driSupport32Bit=true;
  hardware.pulseaudio.support32Bit = true;
  hardware.cpu.intel.updateMicrocode = true;

  systemd.coredump.enable = true;

  security.pam.loginLimits = [
    {
      domain = "*";
      type   = "soft";
      item   = "core";
      value  = "unlimited";
    }
  ];

  networking.hostName = "durandal";
  networking.hostId = "0f3cd500";
  networking.wireless.enable = true;

  time.timeZone = "America/New_York";

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql96;
  };
  services.pcscd.enable = true;
  powerManagement.powertop.enable = true;

  nix.gc.automatic = false;

  environment.systemPackages = with pkgs; [
     slock
     libu2f-host
     rxvt_unicode.terminfo
  ];

  security.wrappers = { slock.source = "${pkgs.slock.out}/bin/slock"; };

  services.udev.extraRules = ''
ACTION!="add|change", GOTO="u2f_internal_end"

# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="maurer", MODE="0666"

LABEL="u2f_internal_end"
  '';

  systemd.user.services.emacs = {
    description = "Emacs Daemon";
    environment = {
      GTK_DATA_PREFIX = config.system.path;
      SSH_AUTH_SOCK = "%t/ssh-agent";
      GTK_PATH = "${config.system.path}/lib/gtk-3.0:${config.system.path}/lib/gtk-2.0";
      NIX_PROFILES = "${pkgs.lib.concatStringsSep " " config.environment.profiles}";
      TERMINFO_DIRS = "/run/current-system/sw/share/terminfo";
      ASPELL_CONF = "dict-dir /run/current-system/sw/lib/aspell";
    };
    serviceConfig = {
      Type = "forking";
      ExecStart = "${pkgs.emacs}/bin/emacs --daemon";
      ExecStop = "${pkgs.emacs}/bin/emacsclient --eval (kill-emacs)";
      Restart = "always";
    };
    wantedBy = [ "default.target" ];
  };

  systemd.services.emacs.enable = true;

  fonts = {
    enableFontDir = true;
    enableGhostscriptFonts = true;
    enableCoreFonts = true;
    fonts = with pkgs; [
      corefonts
      inconsolata
      source-code-pro
      source-sans-pro
      unifont
      dejavu_fonts
      google-fonts
      terminus_font
      unifont_upper
    ];
  };

  services.printing = {
    enable = true;
    drivers = [ pkgs.hplipWithPlugin pkgs.gutenprint ];
  };
  services.sshd.enable = true;
  services.xserver = {
    enable = true;
    xkbOptions = "ctrl:nocaps";
    layout = "us";
    videoDrivers = [ "nvidia" "intel" "hot garbage" ];
    displayManager.lightdm.enable = true;
    desktopManager.xterm.enable = false;
    desktopManager.default = "none";
    windowManager.default = "xmonad";
    windowManager.xmonad = {
      enable = true;
      enableContribAndExtras = true;
    };
    synaptics = {
      enable = true;
      twoFingerScroll = true;
      tapButtons = false;
      palmDetect = true;
    };
  };

  services.logind.extraConfig = ''
    HandleLidSwitch=ignore
  '';

  hardware.pulseaudio.enable = true;
  hardware.trackpoint = {
    enable = true;
    emulateWheel = true;
  };

  nix.binaryCaches = [ "https://cache.nixos.org" ];
  nix.binaryCachePublicKeys = [
    "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];

  nix.nrBuildUsers = 100;
  nix.buildCores = 12;
  nix.useSandbox = true;

  virtualisation.virtualbox.host.enable = true;
  virtualisation.docker.enable = true;
  virtualisation.docker.storageDriver = "zfs";
  networking.nameservers = [ "8.8.8.8" ];

  networking.extraHosts = "128.237.152.74 excalibur";

  users.extraUsers.maurer = {
     isNormalUser = true;
     uid = 1000;
     extraGroups = [ "wheel" "audio" "docker" "vboxusers" ];
  };
}
	{ config, pkgs, lib, ... }:

	{
	nixpkgs.config.allowUnfree = true;
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	];
	boot.blacklistedKernelModules = ["nouveau"];
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;
	boot.initrd.postDeviceCommands = ''
	modprobe nvme
	echo -n 'Waiting for NVMe #1'
	while [ ! -e /dev/nvme0n1 ]; do
	sleep 0.1
	echo -n .
	done
	echo -n 'Waiting for NVMe #2'
	while [ ! -e /dev/nvme1n1 ]; do
	sleep 0.1
	echo -n .
	done
	zpool import -a
	'';
	boot.supportedFilesystems = [ "zfs" ];
	# boot.zfs.enableUnstable = true;
	boot.kernelParams = [ "boot.shell_on_fail" ];

	hardware.opengl.driSupport32Bit=true;
	hardware.pulseaudio.support32Bit = true;
	hardware.cpu.intel.updateMicrocode = true;

	systemd.coredump.enable = true;

	security.pam.loginLimits = [
	{
	domain = "*";
	type = "soft";
	item = "core";
	value = "unlimited";
	}
	];

	networking.hostName = "durandal";
	networking.hostId = "0f3cd500";
	networking.wireless.enable = true;

	time.timeZone = "America/New_York";

	services.postgresql = {
	enable = true;
	package = pkgs.postgresql96;
	};
	services.pcscd.enable = true;
	powerManagement.powertop.enable = true;

	nix.gc.automatic = false;

	environment.systemPackages = with pkgs; [
	slock
	libu2f-host
	rxvt_unicode.terminfo
	];

	security.wrappers = { slock.source = "${pkgs.slock.out}/bin/slock"; };

	services.udev.extraRules = ''
	ACTION!="add\|change", GOTO="u2f_internal_end"

	# Yubico YubiKey
	KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113\|0114\|0115\|0116\|0120\|0402\|0403\|0406\|0407\|0410", TAG+="uaccess", GROUP="maurer", MODE="0666"

	LABEL="u2f_internal_end"
	'';

	systemd.user.services.emacs = {
	description = "Emacs Daemon";
	environment = {
	GTK_DATA_PREFIX = config.system.path;
	SSH_AUTH_SOCK = "%t/ssh-agent";
	GTK_PATH = "${config.system.path}/lib/gtk-3.0:${config.system.path}/lib/gtk-2.0";
	NIX_PROFILES = "${pkgs.lib.concatStringsSep " " config.environment.profiles}";
	TERMINFO_DIRS = "/run/current-system/sw/share/terminfo";
	ASPELL_CONF = "dict-dir /run/current-system/sw/lib/aspell";
	};
	serviceConfig = {
	Type = "forking";
	ExecStart = "${pkgs.emacs}/bin/emacs --daemon";
	ExecStop = "${pkgs.emacs}/bin/emacsclient --eval (kill-emacs)";
	Restart = "always";
	};
	wantedBy = [ "default.target" ];
	};

	systemd.services.emacs.enable = true;

	fonts = {
	enableFontDir = true;
	enableGhostscriptFonts = true;
	enableCoreFonts = true;
	fonts = with pkgs; [
	corefonts
	inconsolata
	source-code-pro
	source-sans-pro
	unifont
	dejavu_fonts
	google-fonts
	terminus_font
	unifont_upper
	];
	};

	services.printing = {
	enable = true;
	drivers = [ pkgs.hplipWithPlugin pkgs.gutenprint ];
	};
	services.sshd.enable = true;
	services.xserver = {
	enable = true;
	xkbOptions = "ctrl:nocaps";
	layout = "us";
	videoDrivers = [ "nvidia" "intel" "hot garbage" ];
	displayManager.lightdm.enable = true;
	desktopManager.xterm.enable = false;
	desktopManager.default = "none";
	windowManager.default = "xmonad";
	windowManager.xmonad = {
	enable = true;
	enableContribAndExtras = true;
	};
	synaptics = {
	enable = true;
	twoFingerScroll = true;
	tapButtons = false;
	palmDetect = true;
	};
	};

	services.logind.extraConfig = ''
	HandleLidSwitch=ignore
	'';

	hardware.pulseaudio.enable = true;
	hardware.trackpoint = {
	enable = true;
	emulateWheel = true;
	};

	nix.binaryCaches = [ "https://cache.nixos.org" ];
	nix.binaryCachePublicKeys = [
	"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
	];

	nix.nrBuildUsers = 100;
	nix.buildCores = 12;
	nix.useSandbox = true;

	virtualisation.virtualbox.host.enable = true;
	virtualisation.docker.enable = true;
	virtualisation.docker.storageDriver = "zfs";
	networking.nameservers = [ "8.8.8.8" ];

	networking.extraHosts = "128.237.152.74 excalibur";

	users.extraUsers.maurer = {
	isNormalUser = true;
	uid = 1000;
	extraGroups = [ "wheel" "audio" "docker" "vboxusers" ];
	};
	}