BiebOS
A NixOS configuration for the public laptops at our library.
Devlog
Commits: 2
Move the guest password clearing logic to guest-session.nix
The BiebOS configuration is modular. Modules are loaded in flake.nix (that's the entry point). All aspects of the guest session should reside in the guest-session module. The configuration.nix file is also a module - kind of a kitchen sink. We should avoid adding more code there, and ideally decompose it into more specialized modules.
index 4ce50de..434c606 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -114,15 +114,6 @@
= };
=
=
-systemd.services.clear-guest-password = {
- description = "Clears the guest password if there is one";
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Type = "oneshot";
- ExecStart = "/run/current-system/sw/bin/bash -c '/run/wrappers/bin/passwd --delete guest'";
- };
-};
-
= # Install firefox.
= programs.firefox.enable = true;
=index ad8ea6d..fb5162c 100644
--- a/guest-session.nix
+++ b/guest-session.nix
@@ -17,5 +17,14 @@
= systemd.tmpfiles.rules = [
= "D! /home/guest 0700 guest users"
= ];
+
+ systemd.services.clear-guest-password = {
+ description = "Clears the guest password if there is one";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "/run/current-system/sw/bin/bash -c '/run/wrappers/bin/passwd --delete guest'";
+ };
+ };
=}
=Simplify guest password clearing command
Systemd will already run the command in a shell. No need to wrap it in another instance of bash.
index fb5162c..98725a9 100644
--- a/guest-session.nix
+++ b/guest-session.nix
@@ -23,7 +23,7 @@
= wantedBy = [ "multi-user.target" ];
= serviceConfig = {
= Type = "oneshot";
- ExecStart = "/run/current-system/sw/bin/bash -c '/run/wrappers/bin/passwd --delete guest'";
+ ExecStart = "/run/wrappers/bin/passwd --delete guest";
= };
= };
=}Commits: 1
added a systemd start-up service to delete any possible guest password
index d1d2f8d..4ce50de 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -114,7 +114,14 @@
= };
=
=
-
+systemd.services.clear-guest-password = {
+ description = "Clears the guest password if there is one";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "/run/current-system/sw/bin/bash -c '/run/wrappers/bin/passwd --delete guest'";
+ };
+};
=
= # Install firefox.
= programs.firefox.enable = true;Commits: 1
Move hardware configuration import to flake.nix
So it's easier to make configurations targetting different hardware, as discussed in https://codeberg.org/foss-for-normies/BiebOS/issues/12
index 173a687..d1d2f8d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -11,11 +11,6 @@
= '';
= };
=
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ];
-
= # Bootloader.
= boot.loader.systemd-boot.enable = true;
= boot.loader.efi.canTouchEfiVariables = true;
@@ -130,7 +125,7 @@
= # List packages installed in system profile. To search, run:
= # $ nix search wget
= environment.systemPackages = with pkgs; [
- neovim
+ neovim
= git
= bat
= httpieindex dcf358d..91d289d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,7 @@
= nixosConfigurations.bieb = nixpkgs.lib.nixosSystem {
= inherit system pkgs;
= modules = [
+ ./hardware-configuration.nix # Include the results of the hardware scan.
= ./configuration.nix
= ./guest-session.nix
= ./flatpak.nixCommits: 2
Install GS connect
Open TCP ports
index 2b5b4ba..dcbac19 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -124,6 +124,11 @@
= # Install firefox.
= programs.firefox.enable = true;
=
+ programs.kdeconnect = {
+ enable = true;
+ package = pkgs.gnomeExtensions.gsconnect;
+};
+
= # List packages installed in system profile. To search, run:
= # $ nix search wget
= environment.systemPackages = with pkgs; [
@@ -149,7 +154,10 @@
= # services.openssh.enable = true;
=
= # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
+ networking.firewall.allowedTCPPorts = [
+ # KDE Connect
+ { from = 1714; to = 1764; }
+];
= # networking.firewall.allowedUDPPorts = [ ... ];
= # Or disable the firewall altogether.
= # networking.firewall.enable = false;Open TCPPortRange
index dcbac19..173a687 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -124,10 +124,8 @@
= # Install firefox.
= programs.firefox.enable = true;
=
- programs.kdeconnect = {
- enable = true;
- package = pkgs.gnomeExtensions.gsconnect;
-};
+ # Install kdeconnect.
+ programs.kdeconnect.enable = true;
=
= # List packages installed in system profile. To search, run:
= # $ nix search wget
@@ -138,6 +136,7 @@
= httpie
= jq
= emacs
+ gnomeExtensions.gsconnect
= ];
=
= # Some programs need SUID wrappers, can be configured further or are
@@ -154,7 +153,7 @@
= # services.openssh.enable = true;
=
= # Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [
+ networking.firewall.allowedTCPPortRanges = [
= # KDE Connect
= { from = 1714; to = 1764; }
=];Commits: 3
added arleen as admin
index 5d6f014..467d7b3 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -105,6 +105,15 @@
= extraGroups = [ "networkmanager" "wheel" ];
= };
=
+ users.user.arleen = {
+ isNormalUser = true;
+ description = "Arleen";
+ extraGroups = [ "networkmanager" "wheel" ];
+ };
+
+
+
+
= # Install firefox.
= programs.firefox.enable = true;
=added arleen as admin
index 467d7b3..4287c5b 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -105,7 +105,7 @@
= extraGroups = [ "networkmanager" "wheel" ];
= };
=
- users.user.arleen = {
+ users.users.arleen = {
= isNormalUser = true;
= description = "Arleen";
= extraGroups = [ "networkmanager" "wheel" ];Add user account for Fana
index 4287c5b..2b5b4ba 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -111,6 +111,13 @@
= extraGroups = [ "networkmanager" "wheel" ];
= };
=
+
+ users.users.fana = {
+ isNormalUser = true;
+ description = "Fana";
+ extraGroups = [ "networkmanager" "wheel" ];
+ };
+
=
=
=Commits: 3
Setup automatic NixOS configuration synchronization
All BiebOS laptops will automatically switch to whatever configuration is in the remote repository.
For now I set the schedule on every quarter so I can test if and how it works. Eventually we want to only run it daily.
new file mode 100644
index 0000000..3a010d5
--- /dev/null
+++ b/config-sync.nix
@@ -0,0 +1,17 @@
+# This module enables periodic synchronization of the configuration.
+#
+# Once in a while, each laptop will switch to the configuration from the remote
+# repository, so when we change it, we don't have to manually switch them.
+
+{ config, pkgs, ... }:
+
+{
+ system.autoUpgrade = {
+ enable = true;
+ flake = "git+https://codeberg.org/foss-for-normies/biebos";
+ dates = "*:0/15"; # Every quarter - just for testing. Comment out this line to switch to a daily schedule.
+ runGarbageCollection = true;
+ };
+
+ nix.gc.options = "--delete-older-than 14d";
+}index 3a0fc7d..dcf358d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,6 +16,7 @@
= ./configuration.nix
= ./guest-session.nix
= ./flatpak.nix
+ ./config-sync.nix
= ];
= };
= };Add Emacs
Mostly to check if config-sync works, but also because I want it. x
index b23ae0e..5d6f014 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -116,6 +116,7 @@
= bat
= httpie
= jq
+ emacs
= ];
=
= # Some programs need SUID wrappers, can be configured further or areSwitch config synchronization to a daily schedule
It seems to be working fine on all laptops, including the garbage collection and wiping of profile history.
index 3a010d5..d10eee6 100644
--- a/config-sync.nix
+++ b/config-sync.nix
@@ -9,7 +9,7 @@
= system.autoUpgrade = {
= enable = true;
= flake = "git+https://codeberg.org/foss-for-normies/biebos";
- dates = "*:0/15"; # Every quarter - just for testing. Comment out this line to switch to a daily schedule.
+ # dates = "*:0/5"; # Every 5 minutes. Useful for testing. Comment out this line to switch to a daily schedule.
= runGarbageCollection = true;
= };
=Commits: 2
Add an administrator account for Hans
index 263075b..de5a152 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -99,6 +99,12 @@
= extraGroups = [ "networkmanager" "wheel" ];
= };
=
+ users.users.hans = {
+ isNormalUser = true;
+ description = "Hans";
+ extraGroups = [ "networkmanager" "wheel" ];
+ };
+
= # Install firefox.
= programs.firefox.enable = true;
=Change the keyboard to US / NL
index de5a152..b23ae0e 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -57,12 +57,12 @@
=
= # Configure keymap in X11
= services.xserver.xkb = {
- layout = "gb";
- variant = "";
+ layout = "nl";
+ variant = "us";
= };
=
= # Configure console keymap
- console.keyMap = "uk";
+ console.keyMap = "nl";
=
= # Enable CUPS to print documents.
= services.printing.enable = true;Commits: 2
Update readme with new URL and detailed instructions
index 9dcd9ec..2b4752e 100644
--- a/README.md
+++ b/README.md
@@ -3,20 +3,37 @@
=To apply this configuration, run:
=
=``` shell
-sudo nixos-rebuild switch --flake git+https://codeberg.org/foss-for-normies/library-laptops-configuration
+sudo nixos-rebuild switch --flake git+https://codeberg.org/foss-for-normies/biebos
=```
=
=
=## Changing the configuration
=
-Clone this repository on one of the laptops. Change whatever you need. Switch to a new configuration:
+1. Clone this repository on one of the laptops.
+
+ If it was already cloned before, **remember to `git pull`**, so we don't get conflicts.
+
+2. Change whatever you need.
+
+ Edit the files in the repository.
+
+3. Switch to a new configuration:
=
-``` shell
-sudo nixos-rebuild switch --flake .
-```
+ ``` shell
+ sudo nixos-rebuild switch --flake .
+ ```
+
+4. Reboot and make sure everything works as expected.
+
+ Take your time to carefully evaluate not only your intended change, but also that nothing else got broken.
+
+5. Commit your changes
+
+ Explain what and **why** you did. What problem does it solve? If there is a related issue, mention it, like this: `Solves #123: foo not showing in bar`.
=
-Reboot and make sure everything works as expected. Then push to the upstream repository for the new configuration to be applied.
+6. Push to the upstream repository for the new configuration to be applied on other laptops.
=
+ We practice trunk based development, i.e. if your change is not controversial (e.g. an upgrade or something previously agreed on) just push it to the `main` branch. Only use branches if you want to share and discuss some experiments.
=
=## Updating the OS
=Upgrade Nixpkgs
index 3c14379..5c26949 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
= "nodes": {
= "nixpkgs": {
= "locked": {
- "lastModified": 1766902085,
- "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+ "lastModified": 1769018530,
+ "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
= "owner": "nixos",
= "repo": "nixpkgs",
- "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+ "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
= "type": "github"
= },
= "original": {Commits: 1
Set language to Dutch for all accounts x
index 2eefe82..263075b 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -34,7 +34,7 @@
= time.timeZone = "Europe/Amsterdam";
=
= # Select internationalisation properties.
- i18n.defaultLocale = "en_GB.UTF-8";
+ i18n.defaultLocale = "nl_NL.UTF-8";
=
= i18n.extraLocaleSettings = {
= LC_ADDRESS = "nl_NL.UTF-8";Commits: 3
Implement #5: each user gets to install applications from Flathub
As usual, NixOS provides an easy solution. Turns out we can create
a user service for every user of the service with options under
systemd.user.services.
The flakiness of the WiFi in the library complicated the matter a bit, but I solved it by making the service re-try every 30s if it fails. It seems to work fine.
As desired, whatever Guest installs is wiped out on reboot.
Currently guests can add other sources than flathub. I'm not sure how big of a problem this is.
Also, I don't yet have a solution for slow installation of first app. I guess the problem is mostly caused by slow network in the library. Installing something like Inkscape takes about 60 seconds, so maybe I'm just spoiled and it's not really that bad?
index e5e2184..a800e62 100644
--- a/flake.nix
+++ b/flake.nix
@@ -15,6 +15,7 @@
= modules = [
= ./configuration.nix
= ./guest-session.nix
+ ./flatpak.nix
= ];
= };
= };new file mode 100644
index 0000000..1603eef
--- /dev/null
+++ b/flatpak.nix
@@ -0,0 +1,23 @@
+
+{ config, pkgs, ... }:
+
+{
+ services.flatpak.enable = true;
+ environment.systemPackages = with pkgs; [
+ flatpak
+ gnome-software
+ ];
+ systemd.user.services.flatpak-repo = {
+ enable = true;
+ path = [ pkgs.flatpak ];
+ wantedBy = ["default.target"];
+ script = ''
+ flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+ '';
+ serviceConfig = {
+ Restart = "on-failure";
+ RestartSec = 30;
+ };
+ };
+}
+Remove TODO.md in favor of Codeberg issues
Issues allow for discussion, including outside contributors.
deleted file mode 100644
index 01c4873..0000000
--- a/TODO.md
+++ /dev/null
@@ -1,14 +0,0 @@
-Things to make and do:
-
- - [ ] Automatic synchronization of configuration
- - see https://discourse.nixos.org/t/managing-a-fleet-of-nixos-desktop-machines/55150/4
- - [ ] Accounts for individual staff members
- - How to manage passwords?
- - Synchronize the particular configuration (language, keyboard, etc.)
- - See https://discourse.nixos.org/t/gnome-user-specific-locales/50593/8
- - Propagate SSH keys?
- - [ ] Flatpak, esp. for the guest account
- - [ ] Set language to Dutch for guest account
- - [ ] Put Firefox on the launcher bar for guest account
- - [ ] Read https://discourse.nixos.org/t/nixos-for-class-room-pcs-using-pxe/58488/2 for hints
- - [ ] Turn this into Codeberg issues?Format code in flake.nix (tabs -> spaces) x:
index a800e62..3a0fc7d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,8 +14,8 @@
= inherit system pkgs;
= modules = [
= ./configuration.nix
- ./guest-session.nix
- ./flatpak.nix
+ ./guest-session.nix
+ ./flatpak.nix
= ];
= };
= };Commits: 1
Change the hostname to "bieb"
index 790f188..2eefe82 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -20,7 +20,7 @@
= boot.loader.systemd-boot.enable = true;
= boot.loader.efi.canTouchEfiVariables = true;
=
- networking.hostName = "nixos"; # Define your hostname.
+ networking.hostName = "bieb"; # Define your hostname.
= # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
=
= # Configure network proxy if necessaryindex d9c1ec4..e5e2184 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,7 +10,7 @@
= system = "x86_64-linux";
= pkgs = import nixpkgs { inherit system; };
= in {
- nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+ nixosConfigurations.bieb = nixpkgs.lib.nixosSystem {
= inherit system pkgs;
= modules = [
= ./configuration.nixCommits: 4
Write initial configuration for Bieb laptops
Featuring:
- Guest session erased after shutdown
- My (Tad) account
- General Bieb staff account (likely to be removed in favor of individual accounts)
Signed-off-by: Tad Lispy hello@tad-lispy.com
new file mode 100644
index 0000000..c4a847d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/resultnew file mode 100644
index 0000000..4761b9b
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,138 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ nix = {
+ extraOptions = ''
+ experimental-features = nix-command flakes
+ '';
+ };
+
+ imports =
+ [ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
+
+ # Bootloader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostName = "nixos"; # Define your hostname.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Configure network proxy if necessary
+ # networking.proxy.default = "http://user:password@proxy:port/";
+ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+ # Enable networking
+ networking.networkmanager.enable = true;
+
+ # Set your time zone.
+ time.timeZone = "Europe/Amsterdam";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_GB.UTF-8";
+
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "nl_NL.UTF-8";
+ LC_IDENTIFICATION = "nl_NL.UTF-8";
+ LC_MEASUREMENT = "nl_NL.UTF-8";
+ LC_MONETARY = "nl_NL.UTF-8";
+ LC_NAME = "nl_NL.UTF-8";
+ LC_NUMERIC = "nl_NL.UTF-8";
+ LC_PAPER = "nl_NL.UTF-8";
+ LC_TELEPHONE = "nl_NL.UTF-8";
+ LC_TIME = "nl_NL.UTF-8";
+ };
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+
+ # Enable the GNOME Desktop Environment.
+ services.displayManager.gdm.enable = true;
+ services.desktopManager.gnome.enable = true;
+
+ # Configure keymap in X11
+ services.xserver.xkb = {
+ layout = "gb";
+ variant = "";
+ };
+
+ # Configure console keymap
+ console.keyMap = "uk";
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+
+ # Enable sound with pipewire.
+ services.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ # If you want to use JACK applications, uncomment this
+ #jack.enable = true;
+
+ # use the example session manager (no others are packaged yet so this is enabled by default,
+ # no need to redefine it in your config for now)
+ #media-session.enable = true;
+ };
+
+ # Enable touchpad support (enabled default in most desktopManager).
+ # services.xserver.libinput.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.users.bieb = {
+ isNormalUser = true;
+ description = "Bibliotheek Gooi+";
+ extraGroups = [ "networkmanager" "wheel" ];
+ };
+
+ users.users.tad = {
+ isNormalUser = true;
+ description = "Tad Lispy";
+ extraGroups = [ "networkmanager" "wheel" ];
+ };
+
+ # Install firefox.
+ programs.firefox.enable = true;
+
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ neovim
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = {
+ # enable = true;
+ # enableSSHSupport = true;
+ # };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ # services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "25.11"; # Did you read the comment?
+
+}new file mode 100644
index 0000000..3c14379
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+ "nodes": {
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1766902085,
+ "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nixpkgs": "nixpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}new file mode 100644
index 0000000..d9c1ec4
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,21 @@
+{
+ description = "A very basic flake";
+
+ inputs = {
+ nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+ };
+
+ outputs = { self, nixpkgs }:
+ let
+ system = "x86_64-linux";
+ pkgs = import nixpkgs { inherit system; };
+ in {
+ nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+ inherit system pkgs;
+ modules = [
+ ./configuration.nix
+ ./guest-session.nix
+ ];
+ };
+ };
+}new file mode 100644
index 0000000..ad8ea6d
--- /dev/null
+++ b/guest-session.nix
@@ -0,0 +1,21 @@
+
+{ config, pkgs, ... }:
+
+{
+ users.users.guest = {
+ isNormalUser = true;
+ description = "Gast";
+ extraGroups = [ "networkmanager" ];
+ packages = with pkgs; [
+ # thunderbird
+ ];
+ };
+
+ services.displayManager.autoLogin.enable = true;
+ services.displayManager.autoLogin.user = "guest";
+
+ systemd.tmpfiles.rules = [
+ "D! /home/guest 0700 guest users"
+ ];
+}
+new file mode 100644
index 0000000..10ccfd4
--- /dev/null
+++ b/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-label/root";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-partlabel/EFI";
+ fsType = "vfat";
+ options = [ "fmask=0077" "dmask=0077" ];
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-label/swap"; }
+ ];
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}Add some useful utilities
- git
- httpie
- jq
- bat
index 4761b9b..790f188 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -106,6 +106,10 @@
= # $ nix search wget
= environment.systemPackages = with pkgs; [
= neovim
+ git
+ bat
+ httpie
+ jq
= ];
=
= # Some programs need SUID wrappers, can be configured further or areWrite a readme
new file mode 100644
index 0000000..9dcd9ec
--- /dev/null
+++ b/README.md
@@ -0,0 +1,36 @@
+# Configuration for the library laptops
+
+To apply this configuration, run:
+
+``` shell
+sudo nixos-rebuild switch --flake git+https://codeberg.org/foss-for-normies/library-laptops-configuration
+```
+
+
+## Changing the configuration
+
+Clone this repository on one of the laptops. Change whatever you need. Switch to a new configuration:
+
+``` shell
+sudo nixos-rebuild switch --flake .
+```
+
+Reboot and make sure everything works as expected. Then push to the upstream repository for the new configuration to be applied.
+
+
+## Updating the OS
+
+Similar to changing the configuration:
+
+``` shell
+nix flake update
+sudo nixos-rebuild switch --flake .
+```
+
+Then reboot and check if everything still works. If so, push:
+
+``` shell
+git add flake.lock
+git commit --message "Update NixOS"
+git push
+```Dump some tasks to TODO.md
Probably we want them in an issue tracker, so we can have discussion and outside input, but as a quick solution I just wrote them in a file.
new file mode 100644
index 0000000..01c4873
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,14 @@
+Things to make and do:
+
+ - [ ] Automatic synchronization of configuration
+ - see https://discourse.nixos.org/t/managing-a-fleet-of-nixos-desktop-machines/55150/4
+ - [ ] Accounts for individual staff members
+ - How to manage passwords?
+ - Synchronize the particular configuration (language, keyboard, etc.)
+ - See https://discourse.nixos.org/t/gnome-user-specific-locales/50593/8
+ - Propagate SSH keys?
+ - [ ] Flatpak, esp. for the guest account
+ - [ ] Set language to Dutch for guest account
+ - [ ] Put Firefox on the launcher bar for guest account
+ - [ ] Read https://discourse.nixos.org/t/nixos-for-class-room-pcs-using-pxe/58488/2 for hints
+ - [ ] Turn this into Codeberg issues?