4 files changed, 159 insertions, 0 deletions
diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
new file mode 100644
index 0000000..7d7afcb
--- /dev/null
+++ b/hosts/ahmed/configuration.nix
@@ -0,0 +1,68 @@
+# This file conatins the host-specific configuration for a shitty webserver in
+# my closet.
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ./ssh.nix
+    ];
+
+  # Create the main user
+  users.users.linus = {
+    isNormalUser = true;
+    hashedPassword = "$y$j9T$kNJ5L50Si0sAhdrHyO19I1$YcwXZ46dI.ApLMgZSj7qImq9FrSL0CEUeoJUS8P1103";
+    extraGroups = [ "wheel" ];
+    shell = pkgs.zsh;
+  };
+  home-manager.users.linus.home.stateVersion = "22.05";
+  my.use-cases.development.enable = true;
+  my.use-cases.sysadmin.enable = true;
+  # Following are recommended when changing the default shell.
+  # https://nixos.wiki/wiki/Command_Shell#Changing_default_shelltrue;
+  programs.zsh.enable = true;
+  environment.shells = [ pkgs.zsh ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.grub.device = "/dev/mmcblk0p3"; # FIXME: Do we need to specify GRUB device?
+  boot.loader.efi.canTouchEfiVariables = false;
+
+  # The hostname should match the containing folder.
+  networking.hostName = "ahmed";
+
+  # This host is located in Denmark.
+  time.timeZone = "Europe/Copenhagen";
+
+  console = {
+    font = "sun12x22"; # This font is pretty readable on the cracked display.
+    keyMap = "dk";     # This host has a Danish keyboard layout.
+  };
+
+  # Disable sleep on lid close.
+  # FIXME: Screen does not appear to turn off when closed.
+  services.logind.extraConfig =
+    let
+      lidSwitchAction = "ignore";
+    in
+    ''
+      HandleLidSwitch=${lidSwitchAction}
+      HandleLidSwitchDocked=${lidSwitchAction}
+      HandleLidSwitchExternalPower=${lidSwitchAction}
+    '';
+
+  # Configure WiFi at computer's location.
+  # FIXME: Don't store in plain text.
+  networking.wireless.enable = true;
+  networking.wireless.networks."Rumpenettet_Guest".psk = "Rumpenerglad"; # NOCOMMIT
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
diff --git a/hosts/ahmed/hardware-configuration.nix b/hosts/ahmed/hardware-configuration.nix
new file mode 100644
index 0000000..bae3db1
--- /dev/null
+++ b/hosts/ahmed/hardware-configuration.nix
@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-label/nixos"; #"/dev/disk/by-uuid/a51aa876-0ba2-437f-b2fd-04ef18bdea79";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-label/swap"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/ahmed/ssh.nix b/hosts/ahmed/ssh.nix
new file mode 100644
index 0000000..cedf56e
--- /dev/null
+++ b/hosts/ahmed/ssh.nix
@@ -0,0 +1,19 @@
+# This file configures openSSH on this host.
+
+{ config, pkgs, lib, ... }:
+
+{
+  # Who is allowed/expected to connect to this machine?
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false; 
+  };
+
+  users.users = lib.genAttrs ["root" "linus"] (_: {
+    openssh.authorizedKeys.keys = 
+      [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcmUCfFA/arYpT0zBWoOXcyxN5bgk5cMrWgTIol5RsHB82VzoS+LG3IV4IwBz4QALaCj5DlhfbasGKMkFRgFvLerEtBleIb58RtOXIOf6TIUaqpyHB3h2CjdwrbmyjjWEl9W2BTpadrR5uPr0HoeED8dCFYE5cPjrSELtrYxEW0o1DBJw8bXfpgyYB21loBzrcOhRsrPSaS0gYHZLGY7Av7FGfncVZDLNYL0/pZ/t0UWD6JF+6FgOdGWAuuwSt5WR9DVxGilVG5aFktDB14fNPEBIVf7tkT4/McAihR/u344yaiUWA4bV7w039Ubhn9NdnoBSvGrP6jTy/zDgq5ywFj8aqcdlahxtELNWgxYYrI8HZzvITKo1FU7BOcUN1vNS4npOvyWBl7s3jFCO+R2E/BoyjfsjYTylacpepf26D87U32jNsh39OKdHxRF3/qmMGYa1L7N4M0iT9WFEMCcKB/MMAcHgE25vWPQaY1orU8X8NZPhxjfIVcw1rqcjwCryNwb1ZOMTIEc9kbGiP99MhE7ZA0yvHZfMezeymSwg1kN+iJDTp24gSsFtYuz5vm9lRu/PzfU9lNlp2KHdaLISUouSCCHPgF7zZSWtXa1B920zrAg2Fco8/Iymh+Fa0UNnrbnfyQTgLeNT12SLD4Y5gHimUsuq8tFkxjR6WffmrRw== [email protected]"
+      ];
+  });
+}
diff --git a/hosts/muhammed/configuration.nix b/hosts/muhammed/configuration.nix
new file mode 100644
index 0000000..2645b80
--- /dev/null
+++ b/hosts/muhammed/configuration.nix
@@ -0,0 +1,31 @@
+# This file contains the configuration for my Macbook Pro.
+
+{ pkgs, inputs, lib, ... }:
+
+{
+  # Specify the location of this configuration file. Very meta.
+  # environment.darwinConfig = inputs.self + "/hosts/muhammed/configuration.nix";
+
+  # Use the Nix daemon.
+  services.nix-daemon.enable = true;
+
+  # Set up main account.
+  users.users.linus = {
+    description = "Personal user account";
+    home = "/Users/linus";
+  };
+
+  # Don't request password for running pmset.
+  environment.etc."sudoers.d/10-unauthenticated-commands".text =
+    let
+      commands = [
+        "/usr/bin/pmset"
+      ];
+    in
+    ''
+      %admin ALL=(ALL:ALL) NOPASSWD: ${builtins.concatStringsSep ", " commands}
+    '';
+
+  # Backwards compatability. Check `darwin-rebuild changelog` before bumping.
+  system.stateVersion = 4;
+}