From 829992e3d82d9dff34845a29168306bb0fe2612e Mon Sep 17 00:00:00 2001 From: Swarsel Date: Thu, 1 Aug 2024 18:50:10 +0200 Subject: [PATCH] feat: new system --- SwarselSystems.org | 305 +++++++++++++++++++++++-- flake.lock | 16 ++ flake.nix | 32 ++- modules/home/input.nix | 2 +- modules/nixos/default.nix | 2 + modules/nixos/impermanence.nix | 5 + modules/nixos/setup.nix | 5 + profiles/common/home/packages.nix | 1 + profiles/common/nixos/default.nix | 1 + profiles/common/nixos/impermanence.nix | 87 +++++++ profiles/common/nixos/users.nix | 6 +- profiles/nbl-imba-2/default.nix | 105 +++++++++ profiles/optional/home/work.nix | 8 + profiles/optional/nixos/work.nix | 5 + 14 files changed, 552 insertions(+), 28 deletions(-) create mode 100644 modules/nixos/impermanence.nix create mode 100644 modules/nixos/setup.nix create mode 100644 profiles/common/nixos/impermanence.nix create mode 100644 profiles/nbl-imba-2/default.nix create mode 100644 profiles/optional/home/work.nix create mode 100644 profiles/optional/nixos/work.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 73da2c5..8b93db4 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -481,6 +481,9 @@ A short overview over each input and what it does: url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + + impermanence.url = "github:nix-community/impermanence"; + #+end_src *** let :PROPERTIES: @@ -521,6 +524,8 @@ Lastly I define some common module lists that I can simply load depending on the # # NixOS modules that can only be used on NixOS systems nixModules = [ inputs.stylix.nixosModules.stylix + inputs.lanzaboote.nixosModules.lanzaboote + inputs.impermanence.nixosModules.impermanence inputs.sops-nix.nixosModules.sops inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm ./profiles/common/nixos @@ -613,20 +618,27 @@ This section is the biggest pain point of the configuration. For every system, I ]; }; - winters = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; + nbl-imba-2 = lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; modules = nixModules ++ [ - inputs.nixos-hardware.nixosModules.framework-16-inch-7040-amd - ./profiles/winters/nixos.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/winters/home.nix - ]; - } + ./profiles/nbl-imba-2 ]; }; + # winters = nixpkgs.lib.nixosSystem { + # specialArgs = { inherit inputs; }; + # modules = nixModules ++ [ + # inputs.nixos-hardware.nixosModules.framework-16-inch-7040-amd + # ./profiles/winters/nixos.nix + # inputs.home-manager.nixosModules.home-manager + # { + # home-manager.users.swarsel.imports = mixedModules ++ [ + # ./profiles/winters/home.nix + # ]; + # } + # ]; + # }; + nginx = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ @@ -2130,6 +2142,126 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was } +#+end_src + +**** nbl-imba-2 (Framework Laptop 16) +:PROPERTIES: +:CUSTOM_ID: h:6c6e9261-dfa1-42d8-ab2a-8b7c227be6d9 +:END: + +My work machine. + + +#+begin_src nix :tangle profiles/nbl-imba-2/default.nix + + { inputs, outputs, config, pkgs, ... }: + { + + imports = [ + inputs.nixos-hardware.nixosModules.framework-16-7040-amd + + ./hardware-configuration.nix + + ../optional/nixos/steam.nix + # ../optional/nixos/virtualbox.nix + ../optional/nixos/autologin.nix + ../optional/nixos/nswitch-rcm.nix + ../optional/nixos/work.nix + + inputs.home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = outputs.mixedModules ++ [ + ../optional/home/gaming.nix + ../optional/home/work.nix + ] ++ (builtins.attrValues outputs.homeManagerModules); + } + ] ++ (builtins.attrValues outputs.nixosModules); + + + nixpkgs = { + inherit (outputs) overlays; + config = { + allowUnfree = true; + }; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + supportedFilesystems = [ "btrfs" ]; + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "resume_offset=533760" + ]; + resumeDevice = "/dev/disk/by-label/nixos"; + }; + + + networking = { + hostName = "nbl-imba-2"; + fqdn = "nbl-imba-2.imp.univie.ac.at"; + firewall.enable = true; + }; + + hardware.graphics.extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + + services = { + fwupd.enable = true; + }; + + swarselsystems = { + wallpaper = ../../wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + initialSetup = true; + }; + + home-manager.users.swarsel.swarselsystems = { + isLaptop = true; + isNixos = true; + # temperatureHwmon = { + # isAbsolutePath = true; + # path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; + # input-filename = "temp1_input"; + # }; + # ------ ----- + # | DP-4 | |eDP-1| + # ------ ----- + # monitors = { + # main = { + # name = "California Institute of Technology 0x1407 Unknown"; + # mode = "1920x1080"; # TEMPLATE + # scale = "1"; + # position = "2560,0"; + # workspace = "2:二"; + # output = "eDP-1"; + # }; + # homedesktop = { + # name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + # mode = "2560x1440"; + # scale = "1"; + # position = "0,0"; + # workspace = "1:一"; + # output = "DP-4"; + # }; + # }; + # inputs = { + # "1:1:AT_Translated_Set_2_keyboard" = { + # xkb_layout = "us"; + # xkb_options = "grp:win_space_toggle"; + # xkb_variant = "altgr-intl"; + # }; + # }; + keybindings = { + }; + }; + } + + #+end_src **** Winters (Framwork Laptop 16) @@ -4657,6 +4789,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a { wallpaper = import ./wallpaper.nix; hardware = import ./hardware.nix; + setup = import ./setup.nix; + impermanence = import ./impermanence.nix; } #+end_src @@ -4691,6 +4825,26 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a } #+end_src +***** Setup + +#+begin_src nix :tangle modules/nixos/setup.nix + { lib, ... }: + + { + options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; + } +#+end_src + +***** Impermanence + +#+begin_src nix :tangle modules/nixos/impermanence.nix + { lib, ... }: + + { + options.swarselsystems.impermanence = lib.mkEnableOption "use impermanence on this system"; + } +#+end_src + **** home-manager @@ -4830,7 +4984,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a options.swarselsystems.kyria = mkOption { type = types.attrsOf (types.attrsOf types.str ); default = { - "36125:53060:splitkb.com_Kyria_rev3" = { + "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; @@ -4970,6 +5124,7 @@ First, we enable the use of =home-manager= as a NixoS module ./login.nix ./stylix.nix ./power-profiles-daemon.nix + ./impermanence.nix ]; nix.settings.trusted-users = [ "swarsel" ]; @@ -5016,14 +5171,14 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi This ensures that all user-configuration happens here in the config file. #+begin_src nix :tangle profiles/common/nixos/users.nix - { pkgs, config, ... }: + { pkgs, config, lib, ... }: { users = { - mutableUsers = false; + mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; users.swarsel = { isNormalUser = true; description = "Leon S"; - hashedPasswordFile = config.sops.secrets.swarseluser.path; + hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; packages = with pkgs; [ ]; }; @@ -5887,6 +6042,102 @@ This section houses the greetd related settings. I do not really want to use a d ''; } #+end_src + + +**** Impermanence + +#+begin_src nix :tangle profiles/common/nixos/impermanence.nix + { config, lib, ... }: + { + + security.sudo.extraConfig = lib.mkIf config.swarselsystems.impermanence '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; + + # This script does the actual wipe of the system + # So if it doesn't run, the btrfs system effectively acts like a normal system + # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix + + boot.initrd.systemd.services.rollback = lib.mkIf config.swarselsystems.impermanence { + description = "Rollback BTRFS root subvolume to a pristine state"; + wantedBy = ["initrd.target"]; + # make sure it's done after encryption + # i.e. LUKS/TPM process + after = ["systemd-cryptsetup@enc.service"]; + # mount the root fs before clearing + before = ["sysroot.mount"]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvol=/ /dev/mapper/enc /mnt + btrfs subvolume list -o /mnt/root + + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + # btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + # btrfs subvolume delete /mnt/root + + echo "restoring blank /root subvolume..." + # btrfs subvolume snapshot /mnt/root-blank /mnt/root + + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; + }; + + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.impermanence { + directories = + [ + "/.cache/nix/" + "/srv" + "/etc/nixos" + "/etc/nix" + "/etc/NetworkManager/system-connections" + "/etc/secureboot" + "/var/db/sudo/" + "/var/cache/" + "/var/lib/" + ]; + + files = [ + # important state + "/etc/machine-id" + # ssh stuff + /* + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ,*/ + ]; + }; + + } +#+end_src + + + *** Optional **** gaming @@ -5965,6 +6216,16 @@ This section houses the greetd related settings. I do not really want to use a d } #+end_src +**** work + +#+begin_src nix :tangle profiles/optional/nixos/work.nix + { pkgs, ... }: + { + programs._1password.enable = true; + programs._1password-gui.enable = true; + } +#+end_src + ** Home-manager *** Common :PROPERTIES: @@ -6064,6 +6325,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 picard-tools audacity sox + google-chrome # printing cups @@ -7928,6 +8190,21 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+end_src +**** Work + +#+begin_src nix :tangle profiles/optional/home/work.nix + + { pkgs, ... }: + + { + home.packages = with pkgs; [ + teams-for-linux + google-chrome + ]; + } + +#+end_src + ** flake.nix template :PROPERTIES: :CUSTOM_ID: h:aee5ec75-7ca6-40d8-b6ac-a3e7e33a474b diff --git a/flake.lock b/flake.lock index 4bf69d0..d562bcb 100644 --- a/flake.lock +++ b/flake.lock @@ -449,6 +449,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1719091691, + "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -988,6 +1003,7 @@ "disko": "disko", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", + "impermanence": "impermanence", "lanzaboote": "lanzaboote", "nix-alien": "nix-alien", "nix-index-database": "nix-index-database_2", diff --git a/flake.nix b/flake.nix index 882d4d8..62f4b19 100644 --- a/flake.nix +++ b/flake.nix @@ -85,6 +85,9 @@ url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + + impermanence.url = "github:nix-community/impermanence"; + }; outputs = @@ -124,6 +127,8 @@ # # NixOS modules that can only be used on NixOS systems nixModules = [ inputs.stylix.nixosModules.stylix + inputs.lanzaboote.nixosModules.lanzaboote + inputs.impermanence.nixosModules.impermanence inputs.sops-nix.nixosModules.sops inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm ./profiles/common/nixos @@ -212,20 +217,27 @@ ]; }; - winters = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; + nbl-imba-2 = lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; modules = nixModules ++ [ - inputs.nixos-hardware.nixosModules.framework-16-inch-7040-amd - ./profiles/winters/nixos.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/winters/home.nix - ]; - } + ./profiles/nbl-imba-2 ]; }; + # winters = nixpkgs.lib.nixosSystem { + # specialArgs = { inherit inputs; }; + # modules = nixModules ++ [ + # inputs.nixos-hardware.nixosModules.framework-16-inch-7040-amd + # ./profiles/winters/nixos.nix + # inputs.home-manager.nixosModules.home-manager + # { + # home-manager.users.swarsel.imports = mixedModules ++ [ + # ./profiles/winters/home.nix + # ]; + # } + # ]; + # }; + nginx = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ diff --git a/modules/home/input.nix b/modules/home/input.nix index 28f4a5b..4029dd3 100644 --- a/modules/home/input.nix +++ b/modules/home/input.nix @@ -10,7 +10,7 @@ in options.swarselsystems.kyria = mkOption { type = types.attrsOf (types.attrsOf types.str); default = { - "36125:53060:splitkb.com_Kyria_rev3" = { + "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index a580653..178fadd 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,4 +1,6 @@ { wallpaper = import ./wallpaper.nix; hardware = import ./hardware.nix; + setup = import ./setup.nix; + impermanence = import ./impermanence.nix; } diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix new file mode 100644 index 0000000..d6c14d5 --- /dev/null +++ b/modules/nixos/impermanence.nix @@ -0,0 +1,5 @@ +{ lib, ... }: + +{ + options.swarselsystems.impermanence = lib.mkEnableOption "use impermanence on this system"; +} diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix new file mode 100644 index 0000000..ce5ea41 --- /dev/null +++ b/modules/nixos/setup.nix @@ -0,0 +1,5 @@ +{ lib, ... }: + +{ + options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; +} diff --git a/profiles/common/home/packages.nix b/profiles/common/home/packages.nix index fb8c1ae..bbe1da1 100644 --- a/profiles/common/home/packages.nix +++ b/profiles/common/home/packages.nix @@ -12,6 +12,7 @@ picard-tools audacity sox + google-chrome # printing cups diff --git a/profiles/common/nixos/default.nix b/profiles/common/nixos/default.nix index c0a0ab2..63f3cd7 100644 --- a/profiles/common/nixos/default.nix +++ b/profiles/common/nixos/default.nix @@ -25,6 +25,7 @@ ./login.nix ./stylix.nix ./power-profiles-daemon.nix + ./impermanence.nix ]; nix.settings.trusted-users = [ "swarsel" ]; diff --git a/profiles/common/nixos/impermanence.nix b/profiles/common/nixos/impermanence.nix new file mode 100644 index 0000000..daf512a --- /dev/null +++ b/profiles/common/nixos/impermanence.nix @@ -0,0 +1,87 @@ +{ config, lib, ... }: +{ + + security.sudo.extraConfig = lib.mkIf config.swarselsystems.impermanence '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; + + # This script does the actual wipe of the system + # So if it doesn't run, the btrfs system effectively acts like a normal system + # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix + + boot.initrd.systemd.services.rollback = lib.mkIf config.swarselsystems.impermanence { + description = "Rollback BTRFS root subvolume to a pristine state"; + wantedBy = [ "initrd.target" ]; + # make sure it's done after encryption + # i.e. LUKS/TPM process + after = [ "systemd-cryptsetup@enc.service" ]; + # mount the root fs before clearing + before = [ "sysroot.mount" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvol=/ /dev/mapper/enc /mnt + btrfs subvolume list -o /mnt/root + + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + # btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + # btrfs subvolume delete /mnt/root + + echo "restoring blank /root subvolume..." + # btrfs subvolume snapshot /mnt/root-blank /mnt/root + + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; + }; + + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.impermanence { + directories = + [ + "/.cache/nix/" + "/srv" + "/etc/nixos" + "/etc/nix" + "/etc/NetworkManager/system-connections" + "/etc/secureboot" + "/var/db/sudo/" + "/var/cache/" + "/var/lib/" + ]; + + files = [ + # important state + "/etc/machine-id" + # ssh stuff + /* + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + */ + ]; + }; + +} diff --git a/profiles/common/nixos/users.nix b/profiles/common/nixos/users.nix index 45f8046..fb9c3de 100644 --- a/profiles/common/nixos/users.nix +++ b/profiles/common/nixos/users.nix @@ -1,11 +1,11 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { users = { - mutableUsers = false; + mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; users.swarsel = { isNormalUser = true; description = "Leon S"; - hashedPasswordFile = config.sops.secrets.swarseluser.path; + hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; packages = with pkgs; [ ]; }; diff --git a/profiles/nbl-imba-2/default.nix b/profiles/nbl-imba-2/default.nix new file mode 100644 index 0000000..5767e43 --- /dev/null +++ b/profiles/nbl-imba-2/default.nix @@ -0,0 +1,105 @@ +{ inputs, outputs, config, pkgs, ... }: +{ + + imports = [ + inputs.nixos-hardware.nixosModules.framework-16-7040-amd + + ./hardware-configuration.nix + + ../optional/nixos/steam.nix + # ../optional/nixos/virtualbox.nix + ../optional/nixos/autologin.nix + ../optional/nixos/nswitch-rcm.nix + ../optional/nixos/work.nix + + inputs.home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = outputs.mixedModules ++ [ + ../optional/home/gaming.nix + ../optional/home/work.nix + ] ++ (builtins.attrValues outputs.homeManagerModules); + } + ] ++ (builtins.attrValues outputs.nixosModules); + + + nixpkgs = { + inherit (outputs) overlays; + config = { + allowUnfree = true; + }; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + supportedFilesystems = [ "btrfs" ]; + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "resume_offset=533760" + ]; + resumeDevice = "/dev/disk/by-label/nixos"; + }; + + + networking = { + hostName = "nbl-imba-2"; + fqdn = "nbl-imba-2.imp.univie.ac.at"; + firewall.enable = true; + }; + + hardware.graphics.extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + + services = { + fwupd.enable = true; + }; + + swarselsystems = { + wallpaper = ../../wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + initialSetup = true; + }; + + home-manager.users.swarsel.swarselsystems = { + isLaptop = true; + isNixos = true; + # temperatureHwmon = { + # isAbsolutePath = true; + # path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; + # input-filename = "temp1_input"; + # }; + # ------ ----- + # | DP-4 | |eDP-1| + # ------ ----- + # monitors = { + # main = { + # name = "California Institute of Technology 0x1407 Unknown"; + # mode = "1920x1080"; # TEMPLATE + # scale = "1"; + # position = "2560,0"; + # workspace = "2:二"; + # output = "eDP-1"; + # }; + # homedesktop = { + # name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + # mode = "2560x1440"; + # scale = "1"; + # position = "0,0"; + # workspace = "1:一"; + # output = "DP-4"; + # }; + # }; + # inputs = { + # "1:1:AT_Translated_Set_2_keyboard" = { + # xkb_layout = "us"; + # xkb_options = "grp:win_space_toggle"; + # xkb_variant = "altgr-intl"; + # }; + # }; + keybindings = { }; + }; +} diff --git a/profiles/optional/home/work.nix b/profiles/optional/home/work.nix new file mode 100644 index 0000000..beb6071 --- /dev/null +++ b/profiles/optional/home/work.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + home.packages = with pkgs; [ + teams-for-linux + google-chrome + ]; +} diff --git a/profiles/optional/nixos/work.nix b/profiles/optional/nixos/work.nix new file mode 100644 index 0000000..cbae7b8 --- /dev/null +++ b/profiles/optional/nixos/work.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: +{ + programs._1password.enable = true; + programs._1password-gui.enable = true; +}