Add kids' config

home/development.nix

@@ -0,0 +1,25 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    # Compiler & interpreter
+    rustup ghc gcc binutils nodejs
+    # IDEs
+    atom vscodium
+    # Build systems
+    gnumake ninja meson cmake
+    # Docs
+    zeal
+    # Misc
+    gdb 
+    google-cloud-sdk
+    wasm-pack 
+    # Environment setting
+    docker
+  ];
+
+  programs.git = {
+    enable = true;
+    userName = "Kevin Hamacher";
+    userEmail = "kevin.hamacher@ruhr-uni-bochum.de";
+  };
+}

home/gaming.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    ja2-stracciatella
+  ];
+}

home/gui.nix

@@ -0,0 +1,34 @@
+{ pkgs, ... }:
+let binaryninja = pkgs.callPackage (import /home/chief/tools/nix/binaryninja/default.nix) {};
+in
+{
+  home.packages = with pkgs; [
+    # Terminal emulator
+    terminator
+    # Image viewer
+    imv
+    # Browser
+    qutebrowser
+    # Fonts
+    source-code-pro
+    # Image manipulation
+    inkscape gimp
+    # Misc
+    i3status virtmanager virtmanager-qt pavucontrol networkmanagerapplet quasselClient mupdf
+    blender signal-desktop audacity
+    meld
+
+    binaryninja
+  ];
+
+  programs.chromium = {
+    enable = true;
+    extensions = [
+      "ogfcmafjalglgifnmanfmnieipoejdcf" # umatrix
+      "dneaehbmnbhcippjikoajpoabadpodje" # old reddit
+    ];
+  };
+  programs.firefox = {
+    enable = true;
+  };
+}

home/hacking.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    # Radio stuff
+    urh gnuradio gnuradio-osmosdr inspectrum
+    # Circuit stuff
+    kicad yosys freecad openscad nextpnr
+    # Sandboxing
+    nsjail
+    # RE
+    radare2 radare2-cutter
+  ];
+}

home/home.nix

@@ -0,0 +1,150 @@
+{ pkgs, ...}:
+let duplicity =
+    pkgs.duplicity.overrideAttrs (oldAttrs: rec {
+      propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ pkgs.backblaze-b2 ];
+      doCheck = false;
+      doInstallCheck = false;
+    });
+in
+{
+  imports = [
+    ./development.nix
+    ./gui.nix
+    ./hacking.nix
+    ./gaming.nix
+  ];
+  home.packages = with pkgs; [
+    # Some base applications
+    htop socat
+    tmux mpv manpages
+    fzf bat python2 python3 keepassxc
+    qemu
+    unzip keybase mc bat
+    jdk11 ranger exa
+    usbutils pciutils
+
+    gnupg
+    libusb
+    mosh
+    reptyr
+
+    rtv
+
+    # backup things
+    duplicity
+  ];
+
+  programs.home-manager.enable = true;
+
+  programs.zsh = {
+    enable = true;
+    shellAliases = {
+      l = "ls -lh";
+      ll = "ls -lah";
+    };
+    history = {
+      extended = true;
+      ignoreDups = true;
+      share = false;
+    };
+    oh-my-zsh = {
+      enable = true;
+      plugins = [ "git" ];
+    };
+  };
+
+  programs.man.enable = true;
+  programs.vim = {
+    enable = true;
+    #extraConfig = builtins.readFile vim/vimrc;
+    extraConfig = ''
+      let mapleader=","
+      set hlsearch
+      map <silent> <leader>n :silent :nohlsearch <CR>
+
+      nnoremap <silent> <F2> :NERDTreeToggle<CR>
+      nnoremap <silent> <F3> :NERDTreeVCS @% <CR>
+      let NERDTreeQuitOnOpen=1
+
+      set shortmess=atI
+      set cursorline
+      set incsearch
+      set lazyredraw
+      set encoding=utf8
+      set title
+
+      " Learn proper keybindings dude!
+      noremap <Up> <nop>
+      noremap <Down> <nop>
+      noremap <Left> <nop>
+      noremap <Right> <nop>
+      inoremap <Up> <nop>
+      inoremap <Down> <nop>
+      inoremap <Left> <nop>
+      inoremap <Right> <nop>
+
+      " Backups not needed
+      set nobackup
+      set nowritebackup
+
+      " CoC settings
+      inoremap <silent><expr> <c-space> coc#refresh()
+
+      " Use `[g` and `]g` to navigate diagnostics
+      nmap <silent> [g <Plug>(coc-diagnostic-prev)
+      nmap <silent> ]g <Plug>(coc-diagnostic-next)
+
+      " Remap keys for gotos
+      nmap <silent> gd <Plug>(coc-definition)
+      nmap <silent> gy <Plug>(coc-type-definition)
+      nmap <silent> gi <Plug>(coc-implementation)
+      nmap <silent> gr <Plug>(coc-references)
+      " Use K to show documentation in preview window
+      nnoremap <silent> K :call <SID>show_documentation()<CR>
+
+      function! s:show_documentation()
+        if (index(['vim','help'], &filetype) >= 0)
+          execute 'h '.expand('<cword>')
+        else
+          call CocAction('doHover')
+        endif
+      endfunction
+
+      " Do default action for next item.
+      nnoremap <silent> <space>j  :<C-u>CocNext<CR>
+      " Do default action for previous item.
+      nnoremap <silent> <space>k  :<C-u>CocPrev<CR>
+      '';
+    settings = {
+      expandtab = true;
+      number = true;
+      relativenumber = true;
+      tabstop = 4;
+      shiftwidth = 4;
+    };
+    plugins = with pkgs.vimPlugins; [
+      idris-vim
+      sensible
+      vim-airline
+      The_NERD_tree
+      fugitive
+      vim-gitgutter
+      rust-vim
+      coc-rls
+      coc-nvim
+      coc-json
+    ];
+  };
+
+  programs.ssh = {
+    enable = true;
+  };
+
+  programs.direnv = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+  };
+
+  services.keybase.enable = true;
+}

system/configuration.nix

@@ -0,0 +1,128 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./yubikey-gpg.nix
+      ./wireguard.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.plymouth.enable = true;
+
+  fileSystems."/tmp" = {
+    device = "none";
+    fsType = "tmpfs";
+  };
+
+  networking.hostName = "kid";
+  networking.networkmanager = {
+    enable = true;
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  environment.systemPackages = with pkgs; [
+    wget vim sudo htop tmux zsh iotop less brightnessctl lm_sensors
+    file
+    powertop
+    networkmanager-openvpn
+    pulseaudio-modules-bt 
+
+    # LTE
+    ppp modemmanager
+  ];
+
+  programs.sway = {
+    enable = true;
+    extraPackages = with pkgs; [ swaylock swayidle xwayland dmenu rofi ];
+  };
+
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+  };
+
+  programs.vim.defaultEditor = true;
+  programs.nm-applet.enable = true;
+  programs.firejail.enable = true;
+  programs.java.enable = true;
+
+  fonts.fonts = with pkgs; [
+    source-code-pro noto-fonts noto-fonts-emoji dina-font
+  ];
+
+  virtualisation.libvirtd.enable = true;
+  virtualisation.virtualbox.host.enable = true;
+  virtualisation.docker.enable = true;
+
+  # List services that you want to enable:
+  services.openssh.enable = true;
+  services.acpid.enable = true;
+  services.cron.enable = true;
+  services.dbus.enable = true;
+  services.openvpn.servers = {
+    turris = {
+      config = "config /home/chief/downloads/turris.conf";
+      updateResolvConf = true;
+      autoStart = false;
+    };
+    turris6 = {
+      config = "config /home/chief/downloads/turris6.conf";
+      updateResolvConf = true;
+      autoStart = false;
+    };
+  };
+
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.enable = false;
+
+  # Enable sound.
+  hardware.pulseaudio = {
+    enable = true;
+    package = pkgs.pulseaudioFull;
+    extraModules = [ pkgs.pulseaudio-modules-bt ];
+  };
+  hardware.opengl.enable = true;
+  hardware.brightnessctl.enable = true;
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = false;
+    extraConfig = "
+      [General]
+      Enable=Source,Sink,Media,Socket
+    ";
+  };
+
+  users.groups.chief = {
+    name = "chief";
+    gid = 1000;
+  };
+
+  users.groups.plugdev = {
+    name = "plugdev";
+  };
+
+  users.users.chief = {
+    name = "chief";
+    group = "chief";
+    uid = 1000;
+    initialPassword = "password";
+    createHome = true;
+    shell = pkgs.zsh;
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" "disk" "kvm" "audio" "video" "systemd-journal" "plugdev" "libvirtd" "docker" ];
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+}

system/wireguard.nix

@@ -0,0 +1,53 @@
+{
+  networking.wireguard = {
+    enable = true;
+    interfaces.home = {
+      privateKeyFile = "/home/chief/stuff/wireguard/key";
+      allowedIPsAsRoutes = true;
+      ips = ["10.0.0.3/32"];
+      peers = [{
+        allowedIPs = [
+          # Local LAN
+          "10.0.0.0/24"
+          "10.13.37.0/24"
+          "10.111.111.0/24"
+
+          # Route all:
+          #"0.0.0.0/5"
+          #"8.0.0.0/7"
+          #"11.0.0.0/8"
+          #"12.0.0.0/6"
+          #"16.0.0.0/4"
+          #"32.0.0.0/3"
+          #"64.0.0.0/2"
+          #"128.0.0.0/3"
+          #"160.0.0.0/5"
+          #"168.0.0.0/6"
+          #"172.0.0.0/12"
+          #"172.32.0.0/11"
+          #"172.64.0.0/10"
+          #"172.128.0.0/9"
+          #"173.0.0.0/8"
+          #"174.0.0.0/7"
+          #"176.0.0.0/4"
+          #"192.0.0.0/9"
+          #"192.128.0.0/11"
+          #"192.160.0.0/13"
+          #"192.169.0.0/16"
+          #"192.170.0.0/15"
+          #"192.172.0.0/14"
+          #"192.176.0.0/12"
+          #"192.192.0.0/10"
+          #"193.0.0.0/8"
+          #"194.0.0.0/7"
+          #"196.0.0.0/6"
+          #"200.0.0.0/5"
+          #"208.0.0.0/4"
+        ];
+
+        endpoint = "x.hamacher.cc:46339";
+        publicKey = "et6qSKmlsQIupUdMrG0ExqT8wb21qo9Q+3pkCYYr1AE=";
+      }];
+    };
+  };
+}

system/yubikey-gpg.nix

@@ -0,0 +1,96 @@
+{ config, pkgs, ... }:
+{
+  services.pcscd.enable = true;
+  programs.ssh.startAgent = false;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    gnupg
+  ];
+
+  services.udev.extraRules = ''
+    # Copyright (C) 2013-2015 Yubico AB
+    #
+    # This program is free software; you can redistribute it and/or modify it
+    # under the terms of the GNU Lesser General Public License as published by
+    # the Free Software Foundation; either version 2.1, or (at your option)
+    # any later version.
+    #
+    # This program is distributed in the hope that it will be useful, but
+    # WITHOUT ANY WARRANTY; without even the implied warranty of
+    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser
+    # General Public License for more details.
+    #
+    # You should have received a copy of the GNU Lesser General Public License
+    # along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+    # this udev file should be used with udev 188 and newer
+    ACTION!="add|change", GOTO="u2f_end"
+
+    # Yubico YubiKey
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Happlink (formerly Plug-Up) Security KEY
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Neowave Keydo and Keydo AES
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # HyperSecu HyperFIDO
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Feitian ePass FIDO, BioPass FIDO2
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # JaCarta U2F
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # U2F Zero
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # VASCO SecureClick
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Bluink Key
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct}=="1002", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Thetis Key
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Nitrokey FIDO U2F
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Google Titan U2F
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Tomu board + chopstx U2F + SoloKeys
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # SoloKeys
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Trezor
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Infineon FIDO
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Ledger Nano S and Nano X
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Kensington VeriMark
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # Longmai mFIDO
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    # eWBM FIDO2 - Goldengate 310, 320, 500, 450
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+    LABEL="u2f_end"
+  '';
+}