commit 9a6f5543ab4d0e2284fc3578c0807c2dfe54a00a
Author: Sebastien Bourdeauducq <sb@m-labs.hk>
Date:   Tue Mar 15 17:51:21 2022 +0800

    initial commit

diff --git a/README b/README
new file mode 100644
index 0000000..28477dd
--- /dev/null
+++ b/README
@@ -0,0 +1,4 @@
+After installation is finalized:
+* copy device database to ~/artiq
+* set timezone
+* comment out openssh.authorizedKeys.keys
diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..64829ff
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,121 @@
+{ config, pkgs, artiq, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.memtest86.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_5_15;
+  hardware.cpu.intel.updateMicrocode = true;
+  
+  networking.hostName = "artiq";
+  networking.networkmanager.enable = true;
+
+  systemd.suppressedSystemUnits = [
+    "hibernate.target"
+    "suspend.target"
+    "suspend-then-hibernate.target"
+    "sleep.target"
+    "hybrid-sleep.target"
+    "systemd-hibernate.service"
+    "systemd-hybrid-sleep.service"
+    "systemd-suspend.service"
+    "systemd-suspend-then-hibernate.service"
+  ];
+
+  # Select internationalisation properties.
+  console.font = "Lat2-Terminus16";
+  console.keyMap = "us";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # Set your time zone.
+  time.timeZone = "Asia/Hong_Kong";
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  nixpkgs.config.allowUnfree = true;
+  environment.systemPackages = with pkgs; [
+    wget
+    vim
+    gitAndTools.gitFull
+    usbutils
+    pciutils
+    vlc
+    file
+    lm_sensors
+    acpi
+    imagemagick
+    firefox
+    chromium
+    (python3.withPackages(ps: with ps; [ numpy scipy matplotlib jupyter pyserial artiq.packages.x86_64-linux.artiq ]))
+    texlive.combined.scheme-full
+    psmisc
+    xc3sprog
+    gtkwave
+    unzip
+    zip
+    pavucontrol
+    rink
+    gimp
+    gnome3.gnome-tweaks
+    libreoffice-fresh
+    vscode
+  ];
+  programs.wireshark.enable = true;
+  programs.wireshark.package = pkgs.wireshark;
+
+  hardware.opengl.driSupport = true;
+
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.package = pkgs.pulseaudioFull;
+
+  services.xserver.enable = true;
+  services.xserver.layout = "us";
+
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "rabi";
+  # https://github.com/NixOS/nixpkgs/issues/103746
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@tty1".enable = false;
+  services.xserver.desktopManager.gnome.enable = true;
+  environment.gnome.excludePackages = [ pkgs.epiphany pkgs.gnome3.geary ];
+
+  programs.fish.enable = true;
+  programs.command-not-found.enable = false;  # broken with flakes, https://github.com/NixOS/nixpkgs/issues/39789
+  users.mutableUsers = true;
+  users.defaultUserShell = pkgs.fish;
+  users.extraGroups.plugdev = { };
+  users.extraUsers.rabi = {
+    isNormalUser = true;
+    extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
+    ];
+  };
+  security.sudo.wheelNeedsPassword = false;
+  services.udev.packages = [ pkgs.openocd ];
+
+  nix.package = pkgs.nix_2_4;
+  nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
+  nix.binaryCaches = ["https://nixbld.m-labs.hk" "https://cache.nixos.org"];
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+  nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "21.11"; # Did you read the comment?
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..96a8760
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,11 @@
+{
+  inputs.artiq.url = git+https://github.com/m-labs/artiq.git;
+  outputs = { self, artiq }: {
+    nixosConfigurations.artiq = artiq.inputs.nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = { inherit artiq; };
+      modules = [ ./configuration.nix ];
+    };
+  };
+}
+