Add basic automatix config

Extract desktop-specific settings that are shared by asterix and obelix into desktop role.

7 files changed, 133 insertions, 2 deletions

diff --git a/host/asterix.nix b/host/asterix.nix
index 0112617..d925259 100644
--- a/host/asterix.nix
+++ b/host/asterix.nix
@@ -1,5 +1,8 @@
 {
-  imports = [ ./hardware/asterix.nix ];
+  imports = [
+    ./hardware/asterix.nix
+    ./role/desktop.nix
+  ];
 
   boot = {
     loader.grub = {
diff --git a/host/automatix.nix b/host/automatix.nix
new file mode 100644
index 0000000..fd819f4
--- /dev/null
+++ b/host/automatix.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+{
+  imports = [ ./hardware/automatix.nix ];
+
+  boot.loader.grub = {
+    enable  = true;
+    version = 2;
+    device  = "/dev/sda"; 
+  };
+
+  networking.hostName = "automatix";
+}
diff --git a/host/hardware/automatix.nix b/host/hardware/automatix.nix
new file mode 100644
index 0000000..4b35109
--- /dev/null
+++ b/host/hardware/automatix.nix
@@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ec324e84-6766-49b7-ad5e-583e78a35432";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/05f0315c-f5f5-4471-b2ef-6e53b95cb08b"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 1;
+}
diff --git a/host/obelix.nix b/host/obelix.nix
index 5d6206c..f876a61 100644
--- a/host/obelix.nix
+++ b/host/obelix.nix
@@ -1,7 +1,10 @@
 { pkgs, ... }:
 
 {
-  imports = [ ./hardware/obelix.nix ];
+  imports = [
+    ./hardware/obelix.nix
+    ./role/desktop.nix
+  ];
 
   boot = {
     loader.grub = {
diff --git a/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem b/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem
new file mode 100644
index 0000000..374b050
--- /dev/null
+++ b/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----

+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx

+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd

+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl

+YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1

+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy

+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50

+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G

+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd

+AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC

+FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi

+1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq

+jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ

+wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj

+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/

+WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy

+NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC

+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw

+IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6

+g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN

+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP

+BSeOE6Fuwg==

+-----END CERTIFICATE-----

diff --git a/host/role/conf/vpn/kit.ovpn.nix b/host/role/conf/vpn/kit.ovpn.nix
new file mode 100644
index 0000000..82a21ee
--- /dev/null
+++ b/host/role/conf/vpn/kit.ovpn.nix
@@ -0,0 +1,19 @@
+# adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn
+
+''
+client
+remote 141.52.8.20
+port 1194
+dev tun
+proto udp
+auth-user-pass
+nobind
+comp-lzo no
+tls-version-min 1.2
+ca ${./T-TeleSec_GlobalRoot_Class_2.pem}
+verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject
+cipher AES-256-CBC
+auth SHA384
+verb 3
+script-security 2
+''
diff --git a/host/role/desktop.nix b/host/role/desktop.nix
new file mode 100644
index 0000000..cf20500
--- /dev/null
+++ b/host/role/desktop.nix
@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+
+{
+  fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
+
+  sound.enable = true;
+  hardware = {
+    opengl.driSupport32Bit = true;
+    pulseaudio = {
+      enable       = true;
+      support32Bit = true;
+    };
+  };
+
+  services = {
+    journald = {
+      extraConfig = ''Storage=volatile'';
+    };
+
+    openvpn.servers = {
+      KIT = {
+        config = import ./conf/vpn/kit.ovpn.nix;
+        autoStart = false;
+      };
+    };
+
+    xserver = {
+      enable = true;
+      layout = "de";
+      xkbOptions = "caps:escape";
+
+      displayManager.slim = {
+        enable = true;
+        autoLogin = true;
+        defaultUser = "common";
+      };
+
+      desktopManager.default = "none";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    hdparm ntfs3g 
+  ];
+}