diff options
Diffstat (limited to 'sys/hardware')
| -rw-r--r-- | sys/hardware/altera.nix | 25 | ||||
| -rw-r--r-- | sys/hardware/apc.nix | 33 | ||||
| -rw-r--r-- | sys/hardware/bluetooth.nix | 19 | ||||
| -rw-r--r-- | sys/hardware/default.nix | 12 | ||||
| -rw-r--r-- | sys/hardware/epson.nix | 38 | ||||
| -rw-r--r-- | sys/hardware/laptop.nix | 19 | ||||
| -rw-r--r-- | sys/hardware/printing.nix | 50 | ||||
| -rw-r--r-- | sys/hardware/thinkpad.nix | 42 | ||||
| -rw-r--r-- | sys/hardware/yubico.nix | 62 |
9 files changed, 300 insertions, 0 deletions
diff --git a/sys/hardware/altera.nix b/sys/hardware/altera.nix new file mode 100644 index 0000000..fddd722 --- /dev/null +++ b/sys/hardware/altera.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.hardware.altera; +in { + options.local.hardware.altera = { + enable = mkEnableOption "Altera USB Blaster"; + }; + + config = mkIf cfg.enable { + services.udev.extraRules = '' + # USB-Blaster + ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6001", MODE="660", GROUP="users", TAG+="uaccess" + ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6002", MODE="660", GROUP="users", TAG+="uaccess" + ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6003", MODE="660", GROUP="users", TAG+="uaccess" + + # USB-Blaster II + ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6010", MODE="660", GROUP="users", TAG+="uaccess" + ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6810", MODE="660", GROUP="users", TAG+="uaccess" + ''; + }; +} diff --git a/sys/hardware/apc.nix b/sys/hardware/apc.nix new file mode 100644 index 0000000..97a5bb0 --- /dev/null +++ b/sys/hardware/apc.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.hardware.apc; +in { + options.local.hardware.apc = { + enable = mkEnableOption "APC UPS support"; + }; + + config = mkIf cfg.enable { + services.apcupsd = { + enable = true; + + configText = concatStrings (mapAttrsToList (k: v: "${k} ${v}\n") { + UPSMODE = "disable"; + UPSTYPE = "usb"; + UPSCABLE = "usb"; + UPSCLASS = "standalone"; + + NISIP = "127.0.0.1"; + NETSERVER = "on"; + + MINUTES = "5"; + BATTERYLEVEL = "10"; + + NOLOGON = "disable"; + }); + }; + }; +} diff --git a/sys/hardware/bluetooth.nix b/sys/hardware/bluetooth.nix new file mode 100644 index 0000000..63e3f0c --- /dev/null +++ b/sys/hardware/bluetooth.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.hardware.bluetooth; +in { + options.local.hardware.bluetooth = { + enable = mkEnableOption "bluetooth services"; + }; + + config = mkIf cfg.enable { + hardware.bluetooth = { + enable = true; + powerOnBoot = mkDefault false; + }; + }; +} diff --git a/sys/hardware/default.nix b/sys/hardware/default.nix new file mode 100644 index 0000000..10bdece --- /dev/null +++ b/sys/hardware/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./altera.nix + ./apc.nix + ./bluetooth.nix + ./epson.nix + ./laptop.nix + ./printing.nix + ./thinkpad.nix + ./yubico.nix + ]; +} diff --git a/sys/hardware/epson.nix b/sys/hardware/epson.nix new file mode 100644 index 0000000..30b1303 --- /dev/null +++ b/sys/hardware/epson.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.hardware.epson; +in { + options.local.hardware.epson = { + enable = mkEnableOption "Epson printers and scanners"; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = config.local.hardware.printing.enable; + message = "epson requires printing"; + } + ]; + + hardware.sane = { + enable = true; + + extraBackends = [ + pkgs.epkowa + ]; + }; + + services.printing = { + enable = true; + + drivers = [ + pkgs.epson_201207w + ]; + }; + }; +} diff --git a/sys/hardware/laptop.nix b/sys/hardware/laptop.nix new file mode 100644 index 0000000..3b5b772 --- /dev/null +++ b/sys/hardware/laptop.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.hardware.laptop; +in { + options.local.hardware.laptop = { + enable = mkEnableOption "laptop stuff"; + }; + + config = mkIf cfg.enable { + services = { + tlp.enable = true; + upower.enable = true; + }; + }; +} diff --git a/sys/hardware/printing.nix b/sys/hardware/printing.nix new file mode 100644 index 0000000..e11a016 --- /dev/null +++ b/sys/hardware/printing.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.hardware.printing; + inherit (config.local.net) dhcpInterface; +in { + options.local.hardware.printing = { + enable = mkEnableOption "print and scan services"; + + users = mkOption { + type = with types; listOf str; + default = []; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = config.local.net.enable; + message = "Printing requires net"; + } + ]; + + services.avahi = { + enable = true; + nssmdns4 = true; + + # Abre 5353 en todas las interfaces (!!!) + openFirewall = false; + }; + + hardware.sane.enable = true; + + networking.firewall.interfaces = mkIf (dhcpInterface != null) { + ${dhcpInterface}.allowedUDPPorts = [5353]; + }; + + services.printing.enable = true; + + users.users = listToAttrs (map + (user: { + name = user; + value.extraGroups = ["scanner" "lp"]; + }) + cfg.users); + }; +} diff --git a/sys/hardware/thinkpad.nix b/sys/hardware/thinkpad.nix new file mode 100644 index 0000000..ab18694 --- /dev/null +++ b/sys/hardware/thinkpad.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.hardware.thinkpad; +in { + options.local.hardware.thinkpad = { + enable = mkEnableOption "Thinkpad hardware support"; + }; + + config = mkIf cfg.enable { + # For suspending to RAM to work, set Config -> Power -> Sleep State to "Linux" in EFI. + # See https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Suspend_issues + # Fingerprint sensor requires a firmware-update to work. + + boot = { + extraModulePackages = with config.boot.kernelPackages; [acpi_call]; + extraModprobeConfig = "options iwlwifi 11n_disable=1 wd_disable=1"; + + # acpi_call makes tlp work for newer thinkpads + kernelModules = ["acpi_call"]; + + # Force use of the thinkpad_acpi driver for backlight control. + # This allows the backlight save/load systemd service to work. + kernelParams = ["acpi_backlight=native"]; + }; + + hardware.firmware = [pkgs.sof-firmware]; + + local.hardware.laptop.enable = true; + + services = { + fprintd.enable = true; + thinkfan.enable = true; + tlp.enable = true; + tp-auto-kbbl.enable = true; + }; + }; +} diff --git a/sys/hardware/yubico.nix b/sys/hardware/yubico.nix new file mode 100644 index 0000000..1c77675 --- /dev/null +++ b/sys/hardware/yubico.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.hardware.yubico; +in { + options = { + local.hardware.yubico = { + enable = mkEnableOption "Yubico hardware support"; + + pamAuth = mkOption { + type = lib.types.bool; + default = false; + }; + }; + + security.pam.services = mkOption { + type = with lib.types; + attrsOf (submodule { + config.u2fAuth = lib.mkDefault false; + }); + }; + }; + + config = mkIf cfg.enable { + environment.etc."pkcs11/modules/ykcs11".text = '' + module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so + ''; + + security.pam = mkIf cfg.pamAuth { + u2f = { + enable = true; + control = "sufficient"; + + settings = { + authfile = "/var/trust/pam_u2f_keys"; + cue = true; + pinverification = 1; + userpresence = 0; + userverification = 0; + }; + }; + + services = { + gtklock.u2fAuth = true; + login.u2fAuth = true; + su.u2fAuth = true; + sudo.u2fAuth = true; + systemd-run0.u2fAuth = true; + vlock.u2fAuth = true; + }; + }; + + services = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + }; + }; +} |