Add 1 git-crypt collaborator

[julm/julm-nix.git] / hosts / patate.nix

{ config, pkgs, lib, inputs, hostName, ... }:
let inherit (config.users) users; in
{
imports = [
  ../profiles/dnscrypt-proxy2.nix
  patate/hardware.nix
];

home-manager.users.sevy = {
  imports = [ ../homes/sevy.nix ];
  host.name = hostName;
  host.hardware = ["ThinkPad" "X200"];
};
systemd.services.home-manager-julm.postStart = ''
  ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
'';
users.mutableUsers = false;
users.users.sevy = {
  isNormalUser = true;
  uid = 1000;
  # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
  # which is already world readable.
  hashedPassword = lib.readFile ../secrets/sevy/hashedPassword;
  extraGroups = [
    "adbusers"
    "lp"
    "networkmanager"
    "scanner"
    "tor"
    "video"
    "wheel"
    "networkmanager"
    "vboxusers"
  ];
};

nix = {
  extraOptions = ''
    auto-optimise-store = true
  '';
  gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 7d";
  };
  nixPath = [
    "nixpkgs=/etc/nixpkgs"
    "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  ];
  trustedUsers = [ users.sevy.name ];
};
environment.etc."nixpkgs".source = pkgs.path;
environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";

nixpkgs.config = {
  allowUnfree = true;
};
documentation.nixos.enable = true;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
console.font = "Lat2-Terminus16";
console.keyMap = "fr";

networking = {
  hostName = hostName;
  domain = "localdomain";
  networkmanager = {
    enable = true;
    #dhcp = "dhcpcd";
    logLevel = "INFO";
    wifi = {
      #backend = "iwd";
      #backend = "wpa_supplicant";
      powersave = false;
    };
  };
  firewall = {
    enable = true;
    allowedTCPPorts = [
      51413 # transmission-gtk
      4662 # edonkey
    ];
    allowedUDPPorts = [
      51413 # transmission-gtk
      4667 # edonkey
      4672 # edonkey
    ];
  };
};

sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];

environment.variables = {
  EDITOR = "vim -g";
  PAGER  = "less -R";
  SYSTEMD_LESS = "FKMRX";
};

programs = {
  bash = {
    interactiveShellInit = ''
      bind '"\e[A":history-search-backward'
      bind '"\e[B":history-search-forward'

      # Ignore duplicate commands, ignore commands starting with a space
      export HISTCONTROL=erasedups:ignorespace
      export HISTSIZE=42000
      # Append to the history instead of overwriting (good for multiple connections)
      shopt -s histappend

      # Utilities
      mkcd () { mkdir -p "$1"; cd "$1"; }
      fan () {
        if [ $# -gt 0 ]
        then sudo tee /proc/acpi/ibm/fan <<<"level $1"
        else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
        fi
        acpi -t
      }
    '';
    shellAliases = {
      cl = "clear";
      grep = "grep --color";
      l  = "ls -alh";
      ll = "ls -al";
      ls = "ls --color=tty";
      mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";

      s="sudo systemctl";
      st="sudo systemctl status";
      u="systemctl --user";
      j="sudo journalctl -u";
      jb="sudo journalctl -b";

      nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
      mv = "mv -i";
      sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
    };
  };
  dconf.enable = true;
  mtr.enable = true;
};

services = {
  avahi = {
    enable  = true;
    nssmdns = true;
  };
  dbus = {
    packages = [ pkgs.gnome3.dconf ];
  };
  gvfs = {
    enable = true;
  };
  journald = {
    extraConfig = ''
      Compress=true
      MaxRetentionSec=1month
      Storage=persistent
      SystemMaxUse=100M
    '';
  };
  physlock = {
    enable = true;
    allowAnyUser = true;
    # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
  };
  printing = {
    enable = true;
    drivers = [
      pkgs.gutenprint
      pkgs.hplip
    ];
  };
  sanoid = {
    enable = true;
    extraArgs = [ "--verbose" ];
    datasets = {
      "${hostName}/home/documents" = {
        autosnap = true;
        autoprune = true;
        hourly = 12;
        daily = 31;
        monthly = 0;
        yearly = 0;
      };
    };
  };
  udev = {
    packages = [
      # Allow members of the "adbusers" group to mount Android devices via MTP
      pkgs.android-udev-rules
    ];
  };
  xserver = {
    enable = true;
    layout = "fr";
    xkbOptions = "eurosign:e";
    libinput.enable = true;
    desktopManager = {
      xfce = {
        enable = true;
        thunarPlugins = [
          pkgs.xfce.thunar-archive-plugin
        ];
      };
      xterm.enable = false;
    };
    displayManager = {
      defaultSession = "xfce";
      lightdm = {
        autoLogin = {
          enable = true;
          user = users.sevy.name;
        };
      };
    };
  };
};

virtualisation.virtualbox.host.enable = true;

# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you should.
system.stateVersion = "20.03"; # Did you read the comment?
}