Commits: 4

Write initial configuration for Bieb laptops

Featuring:

• Guest session erased after shutdown
• My (Tad) account
• General Bieb staff account (likely to be removed in favor of individual accounts)

Signed-off-by: Tad Lispy hello@tad-lispy.com

new file mode 100644
index 0000000..c4a847d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/result

new file mode 100644
index 0000000..4761b9b
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,138 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_GB.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "nl_NL.UTF-8";
+    LC_IDENTIFICATION = "nl_NL.UTF-8";
+    LC_MEASUREMENT = "nl_NL.UTF-8";
+    LC_MONETARY = "nl_NL.UTF-8";
+    LC_NAME = "nl_NL.UTF-8";
+    LC_NUMERIC = "nl_NL.UTF-8";
+    LC_PAPER = "nl_NL.UTF-8";
+    LC_TELEPHONE = "nl_NL.UTF-8";
+    LC_TIME = "nl_NL.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the GNOME Desktop Environment.
+  services.displayManager.gdm.enable = true;
+  services.desktopManager.gnome.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "gb";
+    variant = "";
+  };
+
+  # Configure console keymap
+  console.keyMap = "uk";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.bieb = {
+    isNormalUser = true;
+    description = "Bibliotheek Gooi+";
+    extraGroups = [ "networkmanager" "wheel" ];
+  };
+
+  users.users.tad = {
+    isNormalUser = true;
+    description = "Tad Lispy";
+    extraGroups = [ "networkmanager" "wheel" ];
+  };
+
+  # Install firefox.
+  programs.firefox.enable = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim 
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+}

new file mode 100644
index 0000000..3c14379
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1766902085,
+        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

new file mode 100644
index 0000000..d9c1ec4
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,21 @@
+{
+  description = "A very basic flake";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs }:
+  let
+    system = "x86_64-linux";
+    pkgs = import nixpkgs { inherit system; };
+  in {
+    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+      inherit system pkgs;
+      modules = [
+        ./configuration.nix
+	./guest-session.nix
+      ];
+    };
+  };
+}

new file mode 100644
index 0000000..ad8ea6d
--- /dev/null
+++ b/guest-session.nix
@@ -0,0 +1,21 @@
+
+{ config, pkgs, ... }:
+
+{
+	users.users.guest = {
+		isNormalUser = true;
+		description = "Gast";
+		extraGroups = [ "networkmanager" ];
+		packages = with pkgs; [
+			# thunderbird
+		];
+	};
+
+	services.displayManager.autoLogin.enable = true;
+	services.displayManager.autoLogin.user = "guest";
+
+	systemd.tmpfiles.rules = [
+		"D! /home/guest 0700 guest users"
+	];
+}
+

new file mode 100644
index 0000000..10ccfd4
--- /dev/null
+++ b/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-partlabel/EFI";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-label/swap"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

Add some useful utilities

• git
  • httpie
  • jq
  • bat

index 4761b9b..790f188 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -106,6 +106,10 @@
=  # $ nix search wget
=  environment.systemPackages = with pkgs; [
=    neovim 
+    git
+    bat
+    httpie
+    jq
=  ];
=
=  # Some programs need SUID wrappers, can be configured further or are

Write a readme

new file mode 100644
index 0000000..9dcd9ec
--- /dev/null
+++ b/README.md
@@ -0,0 +1,36 @@
+# Configuration for the library laptops
+
+To apply this configuration, run:
+
+``` shell
+sudo nixos-rebuild switch --flake git+https://codeberg.org/foss-for-normies/library-laptops-configuration
+```
+
+
+## Changing the configuration
+
+Clone this repository on one of the laptops. Change whatever you need. Switch to a new configuration:
+ 
+``` shell
+sudo nixos-rebuild switch --flake .
+```
+
+Reboot and make sure everything works as expected. Then push to the upstream repository for the new configuration to be applied.
+
+
+## Updating the OS
+
+Similar to changing the configuration:
+
+``` shell
+nix flake update
+sudo nixos-rebuild switch --flake .
+```
+
+Then reboot and check if everything still works. If so, push:
+
+``` shell
+git add flake.lock
+git commit --message "Update NixOS"
+git push
+```

Dump some tasks to TODO.md

Probably we want them in an issue tracker, so we can have discussion and outside input, but as a quick solution I just wrote them in a file.

new file mode 100644
index 0000000..01c4873
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,14 @@
+Things to make and do:
+
+  - [ ] Automatic synchronization of configuration 
+    - see https://discourse.nixos.org/t/managing-a-fleet-of-nixos-desktop-machines/55150/4
+  - [ ] Accounts for individual staff members
+    - How to manage passwords?
+    - Synchronize the particular configuration (language, keyboard, etc.)
+    - See https://discourse.nixos.org/t/gnome-user-specific-locales/50593/8
+    - Propagate SSH keys?
+  - [ ] Flatpak, esp. for the guest account
+  - [ ] Set language to Dutch for guest account
+  - [ ] Put Firefox on the launcher bar for guest account
+  - [ ] Read https://discourse.nixos.org/t/nixos-for-class-room-pcs-using-pxe/58488/2 for hints
+  - [ ] Turn this into Codeberg issues?