]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon.nix
Add 1 git-crypt collaborator
[julm/julm-nix.git] / hosts / oignon.nix
1 { config, pkgs, lib, inputs, hostName, ... }:
2 let inherit (config.users) users; in
3 {
4 imports = [
5 ../profiles/dnscrypt-proxy2.nix
6 oignon/hardware.nix
7 oignon/tor.nix
8 ];
9
10 home-manager.users.julm = {
11 imports = [ ../homes/julm.nix ];
12 host.name = hostName;
13 host.hardware = ["ThinkPad" "X201"];
14 };
15 systemd.services.home-manager-julm.postStart = ''
16 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
17 '';
18 users.mutableUsers = false;
19 users.users.julm = {
20 isNormalUser = true;
21 uid = 1000;
22 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
23 # which is already world readable.
24 hashedPassword = lib.readFile ../secrets/julm/hashedPassword;
25 extraGroups = [
26 "adbusers"
27 "lp"
28 "networkmanager"
29 "scanner"
30 "tor"
31 "video"
32 "wheel"
33 "networkmanager"
34 #"vboxusers"
35 ];
36 # If created, zfs-mount.service would require:
37 # zfs set overlay=yes ${hostName}/home
38 createHome = false;
39 };
40
41 nix = {
42 extraOptions = ''
43 auto-optimise-store = true
44 '';
45 gc = {
46 automatic = true;
47 dates = "weekly";
48 options = "--delete-older-than 7d";
49 };
50 nixPath = [
51 "nixpkgs=/etc/nixpkgs"
52 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
53 ];
54 trustedUsers = [ users.julm.name ];
55 };
56 environment.etc."nixpkgs".source = pkgs.path;
57 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
58
59 nixpkgs.config = {
60 allowUnfree = true;
61 };
62 documentation.nixos.enable = true;
63 time.timeZone = "Europe/Paris";
64 i18n.defaultLocale = "fr_FR.UTF-8";
65 console.font = "Lat2-Terminus16";
66 console.keyMap = "fr";
67
68 networking = {
69 hostName = hostName;
70 domain = "localdomain";
71 search = [ "sourcephile.fr" ];
72 networkmanager = {
73 enable = true;
74 #dhcp = "dhcpcd";
75 logLevel = "INFO";
76 wifi = {
77 #backend = "iwd";
78 #backend = "wpa_supplicant";
79 powersave = false;
80 };
81 };
82 firewall = {
83 enable = true;
84 };
85 };
86
87 sound.enable = true;
88 hardware.pulseaudio.enable = true;
89 hardware.sane.enable = true;
90 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
91
92 environment.variables = {
93 EDITOR = "vim";
94 PAGER = "less -R";
95 SYSTEMD_LESS = "FKMRX";
96 };
97
98 programs = {
99 bash = {
100 interactiveShellInit = ''
101 bind '"\e[A":history-search-backward'
102 bind '"\e[B":history-search-forward'
103
104 # Ignore duplicate commands, ignore commands starting with a space
105 export HISTCONTROL=erasedups:ignorespace
106 export HISTSIZE=42000
107 # Append to the history instead of overwriting (good for multiple connections)
108 shopt -s histappend
109
110 # Utilities
111 mkcd () { mkdir -p "$1"; cd "$1"; }
112 fan () {
113 if [ $# -gt 0 ]
114 then sudo tee /proc/acpi/ibm/fan <<<"level $1"
115 else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
116 fi
117 acpi -t
118 }
119 '';
120 shellAliases = {
121 cl = "clear";
122 grep = "grep --color";
123 l = "ls -alh";
124 ll = "ls -al";
125 ls = "ls --color=tty";
126 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
127
128 s="sudo systemctl";
129 st="sudo systemctl status";
130 u="systemctl --user";
131 j="sudo journalctl -u";
132 jb="sudo journalctl -b";
133
134 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
135 mv = "mv -i";
136 sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
137 };
138 };
139 dconf.enable = true;
140 mtr.enable = true;
141 };
142
143 services = {
144 avahi = {
145 enable = true;
146 nssmdns = true;
147 };
148 dbus = {
149 packages = [ pkgs.gnome3.dconf ];
150 };
151 gvfs = {
152 enable = true;
153 };
154 journald = {
155 extraConfig = ''
156 Compress=true
157 MaxRetentionSec=1month
158 Storage=persistent
159 SystemMaxUse=100M
160 '';
161 };
162 printing = {
163 enable = true;
164 drivers = [
165 pkgs.gutenprint
166 pkgs.hplip
167 ];
168 };
169 sanoid = {
170 enable = true;
171 extraArgs = [ "--verbose" ];
172 datasets = {
173 "${hostName}/home" = {
174 autosnap = true;
175 autoprune = true;
176 hourly = 12;
177 daily = 7;
178 monthly = 0;
179 yearly = 0;
180 recursive = true;
181 };
182 "${hostName}/var" = {
183 autosnap = true;
184 autoprune = true;
185 hourly = 12;
186 daily = 7;
187 monthly = 0;
188 yearly = 0;
189 recursive = true;
190 };
191 };
192 };
193 udev = {
194 packages = [
195 # Allow members of the "adbusers" group to mount Android devices via MTP
196 pkgs.android-udev-rules
197 ];
198 };
199 xserver = {
200 enable = true;
201 layout = "fr";
202 xkbOptions = "eurosign:e";
203 libinput.enable = true;
204 desktopManager = {
205 session = [
206 # Let the session be generated by home-manager
207 { name = "home-manager";
208 start = ''
209 ${pkgs.runtimeShell} $HOME/.hm-xsession &
210 waitPID=$!
211 '';
212 }
213 ];
214 };
215 displayManager = {
216 defaultSession = "home-manager";
217 #defaultSession = "none+xmonad";
218 autoLogin = {
219 enable = true;
220 user = users.julm.name;
221 };
222 };
223 };
224 };
225
226 # This value determines the NixOS release with which your system is to be
227 # compatible, in order to avoid breaking some software such as database
228 # servers. You should change this only after NixOS release notes say you should.
229 system.stateVersion = "20.09"; # Did you read the comment?
230 }