]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/patate.nix
oignon: add openvpn for riseup
[julm/julm-nix.git] / hosts / patate.nix
1 { config, pkgs, lib, inputs, hostName, ... }:
2 let inherit (config.users) users; in
3 {
4 imports = [
5 ../profiles/dnscrypt-proxy2.nix
6 patate/backup.nix
7 patate/hardware.nix
8 ];
9
10 home-manager.users.sevy = {
11 imports = [ ../homes/sevy.nix ];
12 host.name = hostName;
13 host.hardware = ["ThinkPad" "X200"];
14 };
15 systemd.services.home-manager-julm.postStart = ''
16 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
17 '';
18 users.mutableUsers = false;
19 users.users.sevy = {
20 isNormalUser = true;
21 uid = 1000;
22 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
23 # which is already world readable.
24 hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
25 extraGroups = [
26 "adbusers"
27 config.services.davfs2.davGroup
28 "lp"
29 "networkmanager"
30 "scanner"
31 "systemd-journal"
32 "tor"
33 "vboxusers"
34 "video"
35 "wheel"
36 ];
37 };
38
39 nix = {
40 extraOptions = ''
41 auto-optimise-store = true
42 '';
43 gc = {
44 automatic = true;
45 dates = "weekly";
46 options = "--delete-older-than 7d";
47 };
48 nixPath = [
49 "nixpkgs=/etc/nixpkgs"
50 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
51 ];
52 trustedUsers = [ users.sevy.name ];
53 binaryCaches = [
54 "https://nix-localcache.sourcephile.fr"
55 #"ssh://nix-ssh@192.168.0.115" # FIXME: use wireguard
56 ];
57 binaryCachePublicKeys = [
58 "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los="
59 "oignon.sourcephile.fr:slxL7XLsGXlD1r6gvw1imL5uQntW0TTlQgGQt3LBJgQ="
60 ];
61 };
62 services.openssh.passwordAuthentication = false;
63
64 nixpkgs.config = {
65 allowUnfree = true;
66 };
67 environment.etc."nixpkgs".source = pkgs.path;
68 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
69
70 documentation.nixos.enable = true;
71 time.timeZone = "Europe/Paris";
72 i18n.defaultLocale = "fr_FR.UTF-8";
73 console.font = "Lat2-Terminus16";
74 console.keyMap = "fr";
75
76 networking = {
77 hostName = hostName;
78 domain = "localdomain";
79 networkmanager = {
80 enable = true;
81 #dhcp = "dhcpcd";
82 logLevel = "INFO";
83 wifi = {
84 #backend = "iwd";
85 #backend = "wpa_supplicant";
86 powersave = false;
87 };
88 };
89 firewall = {
90 enable = true;
91 allowPing = false;
92 allowedTCPPorts = [
93 51413 # transmission-gtk
94 4662 # edonkey
95 ];
96 allowedUDPPorts = [
97 51413 # transmission-gtk
98 4667 # edonkey
99 4672 # edonkey
100 ];
101 };
102 };
103
104 sound.enable = true;
105 hardware.pulseaudio.enable = true;
106 hardware.sane.enable = true;
107 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
108
109 environment.variables = {
110 EDITOR = "vim -g";
111 PAGER = "less -R";
112 SYSTEMD_LESS = "FKMRX";
113 };
114
115 programs = {
116 bash = {
117 interactiveShellInit = ''
118 bind '"\e[A":history-search-backward'
119 bind '"\e[B":history-search-forward'
120
121 # Ignore duplicate commands, ignore commands starting with a space
122 export HISTCONTROL=erasedups:ignorespace
123 export HISTSIZE=42000
124 # Append to the history instead of overwriting (good for multiple connections)
125 shopt -s histappend
126
127 # Utilities
128 mkcd () { mkdir -p "$1"; cd "$1"; }
129 fan () {
130 if [ $# -gt 0 ]
131 then sudo tee /proc/acpi/ibm/fan <<<"level $1"
132 else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
133 fi
134 acpi -t
135 }
136 '';
137 shellAliases = {
138 cl = "clear";
139 grep = "grep --color";
140 l = "ls -alh";
141 ll = "ls -al";
142 ls = "ls --color=tty";
143 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
144
145 s="sudo systemctl";
146 st="sudo systemctl status";
147 u="systemctl --user";
148 j="sudo journalctl -u";
149 jb="sudo journalctl -b";
150
151 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
152 mv = "mv -i";
153 sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
154 };
155 };
156 dconf.enable = true;
157 mtr.enable = true;
158 };
159
160 services.avahi = {
161 enable = true;
162 nssmdns = true;
163 openFirewall = false;
164 publish = {
165 enable = false;
166 };
167 };
168 services.davfs2 = {
169 enable = true;
170 extraConfig = ''
171 '';
172 };
173 fileSystems."/home/sevy/mnt/ilico/severine" = {
174 device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
175 fsType = "davfs";
176 options =
177 let conf = pkgs.writeText "davfs2.conf" ''
178 backup_dir /home/sevy/Documents/EnTransfert/ilico/severine
179 cache_dir /home/sevy/.cache/davfs2/ilico/severine
180 ''; in
181 [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
182 };
183 services.dbus = {
184 packages = [ pkgs.gnome3.dconf ];
185 };
186 services.gvfs = {
187 enable = true;
188 };
189 services.journald = {
190 extraConfig = ''
191 Compress=true
192 MaxRetentionSec=1month
193 Storage=persistent
194 SystemMaxUse=100M
195 '';
196 };
197 services.physlock = {
198 enable = true;
199 allowAnyUser = true;
200 # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
201 };
202 services.printing = {
203 enable = true;
204 drivers = [
205 pkgs.gutenprint
206 pkgs.hplip
207 ];
208 };
209 services.udev = {
210 packages = [
211 # Allow members of the "adbusers" group to mount Android devices via MTP
212 pkgs.android-udev-rules
213 ];
214 };
215 services.xserver = {
216 enable = true;
217 layout = "fr";
218 xkbOptions = "eurosign:e";
219 libinput.enable = true;
220 desktopManager = {
221 xfce = {
222 enable = true;
223 thunarPlugins = [
224 #pkgs.xfce.thunar-archive-plugin
225 ];
226 };
227 xterm.enable = false;
228 };
229 displayManager = {
230 defaultSession = "xfce";
231 autoLogin = {
232 enable = true;
233 user = users.sevy.name;
234 };
235 };
236 };
237
238 virtualisation.virtualbox.host.enable = true;
239
240 # This value determines the NixOS release with which your system is to be
241 # compatible, in order to avoid breaking some software such as database
242 # servers. You should change this only after NixOS release notes say you should.
243 system.stateVersion = "20.03"; # Did you read the comment?
244 }