]> Git — Sourcephile - julm/julm-nix.git/blob - homes/julm.nix
nix: use @wheel for trusted-users
[julm/julm-nix.git] / homes / julm.nix
1 { pkgs, lib, config, hostName, ... }:
2 {
3 imports = [
4 ../home-manager/profiles/essential.nix
5 ../home-manager/profiles/vim.nix
6 ../home-manager/options.nix
7 julm/mutt.nix
8 (import (julm/hosts + "/${hostName}.nix"))
9 ];
10 programs.bash.shellAliases = {
11 firefox-calyx = "sudo systemd-run -P -p JoinsNamespaceOf=netns-calyx.service -p PrivateNetwork=true -p BindReadOnlyPaths=/etc/netns/calyx/resolv.conf:/etc/resolv.conf -E DISPLAY=$DISPLAY -p User=julm -E DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS -E LANG=$LANG -E LOCALE_ARCHIVE=$LOCALE_ARCHIVE -E PATH=$PATH -- firefox -P calyx";
12 };
13 programs.firefox.profiles =
14 let
15 defaultProfile = {
16 settings = {
17 "browser.bookmarks.showMobileBookmarks" = true;
18 "browser.compactmode.show" = true;
19 "browser.search.isUS" = false;
20 "browser.search.region" = "FR";
21 "distribution.searchplugins.defaultLocale" = "fr-FR";
22 "dom.security.https_first" = true;
23 "dom.security.https_only_mode" = true;
24 "general.useragent.locale" = "fr-FR";
25 "privacy.globalprivacycontrol.enabled" = true;
26 "privacy.globalprivacycontrol.functionality.enabled" = true;
27 "security.identityblock.show_extended_validation" = true;
28 "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
29 #"privacy.firstparty.isolate" = true;
30 };
31 userChrome = lib.readFile ../home-manager/profiles/firefox/userChrome.css;
32 };
33 in
34 {
35 "0yplujgj.2022" = lib.mkMerge [
36 defaultProfile
37 {
38 id = 0;
39 name = "2022";
40 settings = {
41 "browser.startup.homepage" = "https://democracynow.org";
42 };
43 }
44 ];
45 "8y3d28fa.tor" = lib.mkMerge [
46 defaultProfile
47 {
48 id = 1;
49 name = "tor";
50 settings = {
51 "browser.startup.homepage" = "https://check.torproject.org";
52 "privacy.firstparty.isolate" = true;
53 };
54 }
55 ];
56 "zqa1ck7d.calyx" = lib.mkMerge [
57 defaultProfile
58 {
59 id = 2;
60 name = "calyx";
61 settings = {
62 "browser.startup.homepage" = "https://icanhazip.com";
63 "privacy.firstparty.isolate" = true;
64 };
65 }
66 ];
67 };
68 home.file."${config.programs.gpg.homedir}/gpg.conf".text = ''
69 # julm@autogeree.net
70 trusted-key 0xD15AF7F467E8299B
71 # julm@sourcephile.fr (2021-08-12)
72 trusted-key 0xA58CD81C3863926F
73 '';
74 services.gpg-agent.sshKeys = [
75 # julm@autogeree.net
76 "D275EBA09C7E1FFBFB47F6EEF164E6D56FB24AB2"
77 # julm@sourcephile.fr (2021-08-12)
78 "3D94D14514F1EA2B6D62F1275D888897B082415D"
79 # Ed25519 key added on: 2021-10-31 06:48:49
80 # Fingerprints: MD5:fe:fe:81:79:d8:7f:e4:ff:64:ac:f3:1c:bd:65:24:3a
81 # SHA256:bCfwfC8MQTjm6c1HcMLtzvGpnWRdqLwe/bvbh2jsNaA
82 "F6CCA60CF05FADAE911CFBEC0BCDED22F40A19FD"
83 ];
84 programs.irssi.extraConfig = lib.readFile julm/irssi/config;
85 xdg.configFile."doom/config.el".text = lib.readFile julm/emacs/config.el;
86 home.file.".irssi/passwd".text = ''
87 FreeNode : ${pkgs.pass}/bin/pass freenode.net/irc/julm
88 GeekNode : ${pkgs.pass}/bin/pass geeknode.org/irc/julm
89 IndyMedia : ${pkgs.pass}/bin/pass indymedia.org/irc/julm
90 Libera : ${pkgs.pass}/bin/pass libera.chat/irc/julm
91 OFTC : ${pkgs.pass}/bin/pass oftc.net/irc/julm
92 ToileLibre : ${pkgs.pass}/bin/pass toile-libre.org/irc/julm
93 '';
94 programs.ssh.matchBlocks =
95 {
96 "aubergine.wg" = {
97 compression = true; # Helps to get a better framerate with forwardX11
98 forwardAgent = true;
99 forwardX11 = true;
100 forwardX11Trusted = true;
101 serverAliveInterval = 15;
102 };
103 "patate.wg" = {
104 user = "sevy";
105 #proxyJump = "mermet.wg";
106 };
107 } //
108 lib.genAttrs [ "lan.losurdo.sourcephile.fr" "losurdo.wg" ]
109 (_: {
110 compression = true; # Helps to get a better framerate with forwardX11
111 forwardX11 = true;
112 forwardX11Trusted = true;
113 serverAliveInterval = 15;
114 });
115 programs.git = {
116 userName = "Julien Moutinho";
117 userEmail = "julm@sourcephile.fr";
118 signing.key = "0x4FE467034C11017B429BAC53A58CD81C3863926F";
119 signing.signByDefault = false;
120 extraConfig = {
121 sendemail.smtpEncryption = "ssl"; # Yes, "ssl", not "tls" which does not work because it expects STARTTLS.
122 sendemail.smtpServer = "mail.sourcephile.fr";
123 sendemail.smtpServerPort = "465";
124 sendemail.smtpUser = "julm@sourcephile.fr";
125 };
126 };
127 }