hosts/patate.nix

   1 { config, pkgs, lib, inputs, hostName, ... }:
   2 let inherit (config.users) users; in
   3 {
   4 imports = [
   5   ../profiles/dnscrypt-proxy2.nix
   6   ../profiles/security.nix
   7   patate/backup.nix
   8   patate/hardware.nix
   9   patate/wireguard.nix
  10 ];
  11
  12 home-manager.users.sevy = {
  13   imports = [ ../homes/sevy.nix ];
  14   host.name = hostName;
  15   host.hardware = ["ThinkPad" "X200"];
  16 };
  17 systemd.services.home-manager-julm.postStart = ''
  18   ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
  19 '';
  20 security.lockKernelModules = false;
  21 users.mutableUsers = false;
  22 users.users.sevy = {
  23   isNormalUser = true;
  24   uid = 1000;
  25   # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
  26   # which is already world readable.
  27   hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
  28   extraGroups = [
  29     "adbusers"
  30     config.services.davfs2.davGroup
  31     "lp"
  32     "networkmanager"
  33     "scanner"
  34     "systemd-journal"
  35     "tor"
  36     "vboxusers"
  37     "video"
  38     "wheel"
  39   ];
  40 };
  41
  42 nix = {
  43   extraOptions = ''
  44   '';
  45   autoOptimiseStore = true;
  46   gc = {
  47     automatic = true;
  48     dates = "weekly";
  49     options = "--delete-older-than 7d";
  50   };
  51   nixPath = [
  52     "nixpkgs=/etc/nixpkgs"
  53     "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  54   ];
  55   trustedUsers = [ users.sevy.name ];
  56   binaryCaches = [
  57     "https://nix-localcache.sourcephile.fr"
  58     #"ssh://nix-ssh@192.168.0.115" # FIXME: use wireguard
  59   ];
  60   binaryCachePublicKeys = [
  61     "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los="
  62     "oignon.sourcephile.fr:slxL7XLsGXlD1r6gvw1imL5uQntW0TTlQgGQt3LBJgQ="
  63   ];
  64 };
  65 services.openssh.passwordAuthentication = false;
  66
  67 nixpkgs.config = {
  68   allowUnfree = true;
  69 };
  70 environment.etc."nixpkgs".source = pkgs.path;
  71 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
  72
  73 documentation.nixos.enable = true;
  74 time.timeZone = "Europe/Paris";
  75 i18n.defaultLocale = "fr_FR.UTF-8";
  76 console.font = "Lat2-Terminus16";
  77 console.keyMap = "fr";
  78
  79 networking = {
  80   hostName = hostName;
  81   domain = "localdomain";
  82   networkmanager = {
  83     enable = true;
  84     #dhcp = "dhcpcd";
  85     logLevel = "INFO";
  86     wifi = {
  87       #backend = "iwd";
  88       #backend = "wpa_supplicant";
  89       powersave = false;
  90     };
  91   };
  92   firewall = {
  93     enable = true;
  94     allowPing = false;
  95     allowedTCPPorts = [
  96       51413 # transmission-gtk
  97       4662 # edonkey
  98     ];
  99     allowedUDPPorts = [
 100       51413 # transmission-gtk
 101       4667 # edonkey
 102       4672 # edonkey
 103     ];
 104   };
 105 };
 106
 107 sound.enable = true;
 108 hardware.pulseaudio.enable = true;
 109 hardware.sane.enable = true;
 110 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
 111
 112 environment.variables = {
 113   EDITOR = "vim -g";
 114   PAGER  = "less -R";
 115   SYSTEMD_LESS = "FKMRX";
 116 };
 117
 118 programs = {
 119   bash = {
 120     interactiveShellInit = ''
 121       bind '"\e[A":history-search-backward'
 122       bind '"\e[B":history-search-forward'
 123
 124       # Ignore duplicate commands, ignore commands starting with a space
 125       export HISTCONTROL=erasedups:ignorespace
 126       export HISTSIZE=42000
 127       # Append to the history instead of overwriting (good for multiple connections)
 128       shopt -s histappend
 129
 130       # Utilities
 131       mkcd () { mkdir -p "$1"; cd "$1"; }
 132       fan () {
 133         if [ $# -gt 0 ]
 134         then sudo tee /proc/acpi/ibm/fan <<<"level $1"
 135         else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
 136         fi
 137         acpi -t
 138       }
 139     '';
 140     shellAliases = {
 141       cl = "clear";
 142       grep = "grep --color";
 143       l  = "ls -alh";
 144       ll = "ls -al";
 145       ls = "ls --color=tty";
 146       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 147
 148       s="sudo systemctl";
 149       st="sudo systemctl status";
 150       u="systemctl --user";
 151       j="sudo journalctl -u";
 152       jb="sudo journalctl -b";
 153
 154       nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 155       mv = "mv -i";
 156       sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
 157     };
 158   };
 159   dconf.enable = true;
 160   mtr.enable = true;
 161 };
 162
 163 services.avahi = {
 164   enable  = true;
 165   nssmdns = true;
 166   openFirewall = false;
 167   publish = {
 168     enable = false;
 169   };
 170 };
 171 services.davfs2 = {
 172   enable = true;
 173   extraConfig = ''
 174   '';
 175 };
 176 fileSystems."/home/sevy/mnt/ilico/severine" = {
 177   device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
 178   fsType = "davfs";
 179   options =
 180     let conf = pkgs.writeText "davfs2.conf" ''
 181       backup_dir /home/sevy/Documents/EnTransfert/ilico/severine
 182       cache_dir /home/sevy/.cache/davfs2/ilico/severine
 183     ''; in
 184     [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
 185 };
 186 services.dbus = {
 187   packages = [ pkgs.gnome3.dconf ];
 188 };
 189 services.gvfs = {
 190   enable = true;
 191 };
 192 services.journald = {
 193   extraConfig = ''
 194     Compress=true
 195     MaxRetentionSec=1month
 196     Storage=persistent
 197     SystemMaxUse=100M
 198   '';
 199 };
 200 services.physlock = {
 201   enable = true;
 202   allowAnyUser = true;
 203   # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
 204 };
 205 services.printing = {
 206   enable = true;
 207   drivers = [
 208     pkgs.gutenprint
 209     pkgs.hplip
 210   ];
 211 };
 212 services.udev = {
 213   packages = [
 214     # Allow members of the "adbusers" group to mount Android devices via MTP
 215     pkgs.android-udev-rules
 216   ];
 217 };
 218 services.xserver = {
 219   enable = true;
 220   layout = "fr";
 221   xkbOptions = "eurosign:e";
 222   libinput.enable = true;
 223   desktopManager = {
 224     xfce = {
 225       enable = true;
 226       thunarPlugins = [
 227         #pkgs.xfce.thunar-archive-plugin
 228       ];
 229     };
 230     xterm.enable = false;
 231   };
 232   displayManager = {
 233     defaultSession = "xfce";
 234     autoLogin = {
 235       enable = true;
 236       user = users.sevy.name;
 237     };
 238   };
 239 };
 240
 241 virtualisation.virtualbox.host.enable = true;
 242
 243 # This value determines the NixOS release with which your system is to be
 244 # compatible, in order to avoid breaking some software such as database
 245 # servers. You should change this only after NixOS release notes say you should.
 246 system.stateVersion = "20.03"; # Did you read the comment?
 247 }