1 { config, pkgs, lib, private, hostName, ... }:
 
   3   inherit (config.users) users;
 
   4   inherit (config.services) davfs2;
 
   8   ../profiles/dnscrypt-proxy2.nix
 
   9   ../profiles/security.nix
 
  10   ../networking/wireguard/wg-intra.nix
 
  17 home-manager.users.julm = {
 
  21   host.hardware = ["ThinkPad" "X201"];
 
  23 systemd.services.home-manager-julm.postStart = ''
 
  24   ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
 
  26 security.lockKernelModules = false;
 
  27 users.mutableUsers = false;
 
  31   # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
 
  32   # which is already world readable.
 
  33   hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
 
  46   # If created, zfs-mount.service would require:
 
  47   # zfs set overlay=yes ${hostName}/home
 
  53     secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
 
  55   autoOptimiseStore = true;
 
  59     options = "--delete-older-than 7d";
 
  63     "nixpkgs=/etc/nixpkgs"
 
  64     "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
 
  67   nixPath = lib.mkForce [];
 
  68   trustedUsers = [ users.julm.name ];
 
  69   binaryCaches = [ "http://nix-localcache.losurdo.wg" ];
 
  70   binaryCachePublicKeys = [ "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los=" ];
 
  72 #environment.etc."nixpkgs".source = pkgs.path;
 
  73 #environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
 
  85   keys = [ (lib.readFile ../private/world/julm/losurdo/ssh.pub) ];
 
  87 users.users.julm.openssh.authorizedKeys.keys = [
 
  88   (lib.readFile ../private/world/julm/losurdo/ssh.pub)
 
  90 services.openssh.openFirewall = false;
 
  91 services.openssh.forwardX11 = true;
 
  92 services.openssh.passwordAuthentication = false;
 
  94 time.timeZone = "Europe/Paris";
 
  95 i18n.defaultLocale = "fr_FR.UTF-8";
 
  96 console.font = "Lat2-Terminus16";
 
  97 console.keyMap = "fr";
 
 101   domain = "localdomain";
 
 102   search = [ "sourcephile.fr" ];
 
 109       #backend = "wpa_supplicant";
 
 120 hardware.pulseaudio.enable = true;
 
 121 hardware.sane.enable = true;
 
 122 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
 
 124 environment.variables = {
 
 127   SYSTEMD_LESS = "FKMRX";
 
 129 environment.systemPackages = [
 
 138     interactiveShellInit = ''
 
 139       bind '"\e[A":history-search-backward'
 
 140       bind '"\e[B":history-search-forward'
 
 142       # Ignore duplicate commands, ignore commands starting with a space
 
 143       export HISTCONTROL=erasedups:ignorespace
 
 144       export HISTSIZE=42000
 
 145       # Append to the history instead of overwriting (good for multiple connections)
 
 149       mkcd () { mkdir -p "$1"; cd "$1"; }
 
 152         then sudo tee /proc/acpi/ibm/fan <<<"level $1"
 
 153         else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
 
 160       grep = "grep --color";
 
 163       ls = "ls --color=tty";
 
 164       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 
 167       st="sudo systemctl status";
 
 168       u="systemctl --user";
 
 169       j="sudo journalctl -u";
 
 170       jb="sudo journalctl -b";
 
 172       nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 
 174       sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
 
 184   openFirewall = false;
 
 194 fileSystems."/home/julm/mnt/ilico/severine" = {
 
 195   device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
 
 198     let conf = pkgs.writeText "davfs2.conf" ''
 
 199       backup_dir /home/julm/documents/backup/ilico/severine
 
 200       cache_dir /home/julm/.cache/davfs2/ilico/severine
 
 202     [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
 
 205   packages = [ pkgs.gnome3.dconf ];
 
 212   defaultMode = "online";
 
 215   localDiscovery = false;
 
 217     Datastore.StorageMax = "10GB";
 
 218     Discovery.MDNS.Enabled = false;
 
 221     #Swarm.AddrFilters = null;
 
 223   startWhenNeeded = true;
 
 225 services.journald = {
 
 228     MaxRetentionSec=1month
 
 233 services.printing = {
 
 242     # Allow members of the "adbusers" group to mount Android devices via MTP.
 
 243     pkgs.android-udev-rules
 
 244     # Allow the console user access the Yubikey USB device node,
 
 245     # needed for challenge/response to work correctly.
 
 246     pkgs.yubikey-personalization
 
 252   xkbOptions = "eurosign:e";
 
 253   libinput.enable = true;
 
 256       # Let the session be generated by home-manager
 
 257       { name = "home-manager";
 
 259           ${pkgs.runtimeShell} $HOME/.hm-xsession &
 
 266     defaultSession = "home-manager";
 
 267     #defaultSession = "none+xmonad";
 
 270       user = users.julm.name;
 
 275 systemd.coredump.enable = true;
 
 276 #environment.enableDebugInfo = true;
 
 278 # This value determines the NixOS release with which your system is to be
 
 279 # compatible, in order to avoid breaking some software such as database
 
 280 # servers. You should change this only after NixOS release notes say you should.
 
 281 system.stateVersion = "20.09"; # Did you read the comment?