From 00d9289c5233a15ddc902de8c5799ef92e53e3ce Mon Sep 17 00:00:00 2001 From: Kevin Hamacher Date: Thu, 6 Feb 2020 15:21:28 +0100 Subject: [PATCH] Add kids' config --- home/development.nix | 25 +++++++ home/gaming.nix | 6 ++ home/gui.nix | 34 +++++++++ home/hacking.nix | 13 ++++ home/home.nix | 150 +++++++++++++++++++++++++++++++++++++++ system/configuration.nix | 128 +++++++++++++++++++++++++++++++++ system/wireguard.nix | 53 ++++++++++++++ system/yubikey-gpg.nix | 96 +++++++++++++++++++++++++ 8 files changed, 505 insertions(+) create mode 100644 home/development.nix create mode 100644 home/gaming.nix create mode 100644 home/gui.nix create mode 100644 home/hacking.nix create mode 100644 home/home.nix create mode 100644 system/configuration.nix create mode 100644 system/wireguard.nix create mode 100644 system/yubikey-gpg.nix diff --git a/home/development.nix b/home/development.nix new file mode 100644 index 0000000..befe68f --- /dev/null +++ b/home/development.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # Compiler & interpreter + rustup ghc gcc binutils nodejs + # IDEs + atom vscodium + # Build systems + gnumake ninja meson cmake + # Docs + zeal + # Misc + gdb + google-cloud-sdk + wasm-pack + # Environment setting + docker + ]; + + programs.git = { + enable = true; + userName = "Kevin Hamacher"; + userEmail = "kevin.hamacher@ruhr-uni-bochum.de"; + }; +} diff --git a/home/gaming.nix b/home/gaming.nix new file mode 100644 index 0000000..799f6dc --- /dev/null +++ b/home/gaming.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + ja2-stracciatella + ]; +} diff --git a/home/gui.nix b/home/gui.nix new file mode 100644 index 0000000..23ca71d --- /dev/null +++ b/home/gui.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: +let binaryninja = pkgs.callPackage (import /home/chief/tools/nix/binaryninja/default.nix) {}; +in +{ + home.packages = with pkgs; [ + # Terminal emulator + terminator + # Image viewer + imv + # Browser + qutebrowser + # Fonts + source-code-pro + # Image manipulation + inkscape gimp + # Misc + i3status virtmanager virtmanager-qt pavucontrol networkmanagerapplet quasselClient mupdf + blender signal-desktop audacity + meld + + binaryninja + ]; + + programs.chromium = { + enable = true; + extensions = [ + "ogfcmafjalglgifnmanfmnieipoejdcf" # umatrix + "dneaehbmnbhcippjikoajpoabadpodje" # old reddit + ]; + }; + programs.firefox = { + enable = true; + }; +} diff --git a/home/hacking.nix b/home/hacking.nix new file mode 100644 index 0000000..69d08a3 --- /dev/null +++ b/home/hacking.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # Radio stuff + urh gnuradio gnuradio-osmosdr inspectrum + # Circuit stuff + kicad yosys freecad openscad nextpnr + # Sandboxing + nsjail + # RE + radare2 radare2-cutter + ]; +} diff --git a/home/home.nix b/home/home.nix new file mode 100644 index 0000000..cc2fa51 --- /dev/null +++ b/home/home.nix @@ -0,0 +1,150 @@ +{ pkgs, ...}: +let duplicity = + pkgs.duplicity.overrideAttrs (oldAttrs: rec { + propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ pkgs.backblaze-b2 ]; + doCheck = false; + doInstallCheck = false; + }); +in +{ + imports = [ + ./development.nix + ./gui.nix + ./hacking.nix + ./gaming.nix + ]; + home.packages = with pkgs; [ + # Some base applications + htop socat + tmux mpv manpages + fzf bat python2 python3 keepassxc + qemu + unzip keybase mc bat + jdk11 ranger exa + usbutils pciutils + + gnupg + libusb + mosh + reptyr + + rtv + + # backup things + duplicity + ]; + + programs.home-manager.enable = true; + + programs.zsh = { + enable = true; + shellAliases = { + l = "ls -lh"; + ll = "ls -lah"; + }; + history = { + extended = true; + ignoreDups = true; + share = false; + }; + oh-my-zsh = { + enable = true; + plugins = [ "git" ]; + }; + }; + + programs.man.enable = true; + programs.vim = { + enable = true; + #extraConfig = builtins.readFile vim/vimrc; + extraConfig = '' + let mapleader="," + set hlsearch + map n :silent :nohlsearch + + nnoremap :NERDTreeToggle + nnoremap :NERDTreeVCS @% + let NERDTreeQuitOnOpen=1 + + set shortmess=atI + set cursorline + set incsearch + set lazyredraw + set encoding=utf8 + set title + + " Learn proper keybindings dude! + noremap + noremap + noremap + noremap + inoremap + inoremap + inoremap + inoremap + + " Backups not needed + set nobackup + set nowritebackup + + " CoC settings + inoremap coc#refresh() + + " Use `[g` and `]g` to navigate diagnostics + nmap [g (coc-diagnostic-prev) + nmap ]g (coc-diagnostic-next) + + " Remap keys for gotos + nmap gd (coc-definition) + nmap gy (coc-type-definition) + nmap gi (coc-implementation) + nmap gr (coc-references) + " Use K to show documentation in preview window + nnoremap K :call show_documentation() + + function! s:show_documentation() + if (index(['vim','help'], &filetype) >= 0) + execute 'h '.expand('') + else + call CocAction('doHover') + endif + endfunction + + " Do default action for next item. + nnoremap j :CocNext + " Do default action for previous item. + nnoremap k :CocPrev + ''; + settings = { + expandtab = true; + number = true; + relativenumber = true; + tabstop = 4; + shiftwidth = 4; + }; + plugins = with pkgs.vimPlugins; [ + idris-vim + sensible + vim-airline + The_NERD_tree + fugitive + vim-gitgutter + rust-vim + coc-rls + coc-nvim + coc-json + ]; + }; + + programs.ssh = { + enable = true; + }; + + programs.direnv = { + enable = true; + enableBashIntegration = true; + enableZshIntegration = true; + }; + + services.keybase.enable = true; +} diff --git a/system/configuration.nix b/system/configuration.nix new file mode 100644 index 0000000..7c39f90 --- /dev/null +++ b/system/configuration.nix @@ -0,0 +1,128 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./yubikey-gpg.nix + ./wireguard.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.plymouth.enable = true; + + fileSystems."/tmp" = { + device = "none"; + fsType = "tmpfs"; + }; + + networking.hostName = "kid"; + networking.networkmanager = { + enable = true; + }; + + time.timeZone = "Europe/Berlin"; + + environment.systemPackages = with pkgs; [ + wget vim sudo htop tmux zsh iotop less brightnessctl lm_sensors + file + powertop + networkmanager-openvpn + pulseaudio-modules-bt + + # LTE + ppp modemmanager + ]; + + programs.sway = { + enable = true; + extraPackages = with pkgs; [ swaylock swayidle xwayland dmenu rofi ]; + }; + + programs.tmux = { + enable = true; + clock24 = true; + }; + + programs.vim.defaultEditor = true; + programs.nm-applet.enable = true; + programs.firejail.enable = true; + programs.java.enable = true; + + fonts.fonts = with pkgs; [ + source-code-pro noto-fonts noto-fonts-emoji dina-font + ]; + + virtualisation.libvirtd.enable = true; + virtualisation.virtualbox.host.enable = true; + virtualisation.docker.enable = true; + + # List services that you want to enable: + services.openssh.enable = true; + services.acpid.enable = true; + services.cron.enable = true; + services.dbus.enable = true; + services.openvpn.servers = { + turris = { + config = "config /home/chief/downloads/turris.conf"; + updateResolvConf = true; + autoStart = false; + }; + turris6 = { + config = "config /home/chief/downloads/turris6.conf"; + updateResolvConf = true; + autoStart = false; + }; + }; + + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + networking.firewall.enable = false; + + # Enable sound. + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + }; + hardware.opengl.enable = true; + hardware.brightnessctl.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + extraConfig = " + [General] + Enable=Source,Sink,Media,Socket + "; + }; + + users.groups.chief = { + name = "chief"; + gid = 1000; + }; + + users.groups.plugdev = { + name = "plugdev"; + }; + + users.users.chief = { + name = "chief"; + group = "chief"; + uid = 1000; + initialPassword = "password"; + createHome = true; + shell = pkgs.zsh; + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "disk" "kvm" "audio" "video" "systemd-journal" "plugdev" "libvirtd" "docker" ]; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? +} diff --git a/system/wireguard.nix b/system/wireguard.nix new file mode 100644 index 0000000..71b412d --- /dev/null +++ b/system/wireguard.nix @@ -0,0 +1,53 @@ +{ + networking.wireguard = { + enable = true; + interfaces.home = { + privateKeyFile = "/home/chief/stuff/wireguard/key"; + allowedIPsAsRoutes = true; + ips = ["10.0.0.3/32"]; + peers = [{ + allowedIPs = [ + # Local LAN + "10.0.0.0/24" + "10.13.37.0/24" + "10.111.111.0/24" + + # Route all: + #"0.0.0.0/5" + #"8.0.0.0/7" + #"11.0.0.0/8" + #"12.0.0.0/6" + #"16.0.0.0/4" + #"32.0.0.0/3" + #"64.0.0.0/2" + #"128.0.0.0/3" + #"160.0.0.0/5" + #"168.0.0.0/6" + #"172.0.0.0/12" + #"172.32.0.0/11" + #"172.64.0.0/10" + #"172.128.0.0/9" + #"173.0.0.0/8" + #"174.0.0.0/7" + #"176.0.0.0/4" + #"192.0.0.0/9" + #"192.128.0.0/11" + #"192.160.0.0/13" + #"192.169.0.0/16" + #"192.170.0.0/15" + #"192.172.0.0/14" + #"192.176.0.0/12" + #"192.192.0.0/10" + #"193.0.0.0/8" + #"194.0.0.0/7" + #"196.0.0.0/6" + #"200.0.0.0/5" + #"208.0.0.0/4" + ]; + + endpoint = "x.hamacher.cc:46339"; + publicKey = "et6qSKmlsQIupUdMrG0ExqT8wb21qo9Q+3pkCYYr1AE="; + }]; + }; + }; +} diff --git a/system/yubikey-gpg.nix b/system/yubikey-gpg.nix new file mode 100644 index 0000000..fd3d015 --- /dev/null +++ b/system/yubikey-gpg.nix @@ -0,0 +1,96 @@ +{ config, pkgs, ... }: +{ + services.pcscd.enable = true; + programs.ssh.startAgent = false; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + environment.systemPackages = with pkgs; [ + gnupg + ]; + + services.udev.extraRules = '' + # Copyright (C) 2013-2015 Yubico AB + # + # This program is free software; you can redistribute it and/or modify it + # under the terms of the GNU Lesser General Public License as published by + # the Free Software Foundation; either version 2.1, or (at your option) + # any later version. + # + # This program is distributed in the hope that it will be useful, but + # WITHOUT ANY WARRANTY; without even the implied warranty of + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser + # General Public License for more details. + # + # You should have received a copy of the GNU Lesser General Public License + # along with this program; if not, see . + + # this udev file should be used with udev 188 and newer + ACTION!="add|change", GOTO="u2f_end" + + # Yubico YubiKey + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Happlink (formerly Plug-Up) Security KEY + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Neowave Keydo and Keydo AES + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # HyperSecu HyperFIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Feitian ePass FIDO, BioPass FIDO2 + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # JaCarta U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # U2F Zero + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # VASCO SecureClick + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Bluink Key + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct}=="1002", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Thetis Key + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Nitrokey FIDO U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Google Titan U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Tomu board + chopstx U2F + SoloKeys + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # SoloKeys + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Trezor + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660" + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Infineon FIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Ledger Nano S and Nano X + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Kensington VeriMark + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Longmai mFIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # eWBM FIDO2 - Goldengate 310, 320, 500, 450 + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + LABEL="u2f_end" + ''; +}