]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/courge.nix
pass: add .gpg-id
[julm/julm-nix.git] / hosts / courge.nix
1 { config, pkgs, lib, inputs, hostName, ... }:
2 {
3 imports = [
4 ../nixos/profiles/graphical.nix
5 ../nixos/profiles/lang-fr.nix
6 ../nixos/profiles/printing.nix
7 courge/backup.nix
8 courge/hardware.nix
9 courge/networking.nix
10 ];
11
12 # Lower kernel's security for better performances
13 boot.kernelParams = [ "mitigations=off" ];
14
15 home-manager.users.mo = {
16 imports = [ ../homes/mo.nix ];
17 };
18 systemd.services.home-manager-mo.postStart = ''
19 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/mo/home-manager
20 '';
21 users.users.root = {
22 openssh.authorizedKeys.keys = map lib.readFile [
23 ../users/julm/ssh/oignon.pub
24 ../users/julm/ssh/losurdo.pub
25 ];
26 };
27 users.users.mo = {
28 isNormalUser = true;
29 uid = 1000;
30 # Put the hashedPassword in /nix/store,
31 # though /etc/shadow is not world readable...
32 # printf %s $(mkpasswd -m yescrypt)
33 hashedPassword = lib.readFile courge/users/mo/login/hashedPassword.clear;
34 extraGroups = [
35 "adbusers"
36 "dialout"
37 "lp"
38 "networkmanager"
39 #"plugdev" # For rtl-sdr
40 "scanner"
41 #"tor"
42 "video"
43 "wheel"
44 #"ipfs"
45 #config.services.davfs2.davGroup
46 #"vboxusers"
47 ];
48 # If created, zfs-mount.service would require:
49 # zfs set overlay=yes ${hostName}/home
50 createHome = false;
51 openssh.authorizedKeys.keys = map lib.readFile [
52 ../users/julm/ssh/oignon.pub
53 ../users/julm/ssh/losurdo.pub
54 ];
55 };
56
57 environment.systemPackages = [
58 #pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
59 ];
60
61 boot.extraModulePackages = [
62 ];
63
64 #programs.fuse.userAllowOther = true;
65
66 services.xserver = {
67 desktopManager = {
68 gnome.enable = true;
69 };
70 displayManager = {
71 defaultSession = "gnome";
72 autoLogin = {
73 user = config.users.users.mo.name;
74 };
75 };
76 };
77
78 # This value determines the NixOS release with which your system is to be
79 # compatible, in order to avoid breaking some software such as database
80 # servers. You should change this only after NixOS release notes say you should.
81 system.stateVersion = "23.05"; # Did you read the comment?
82 }