hosts/patate.nix

   1 { config, pkgs, lib, inputs, hostName, ... }:
   2 let inherit (config.users) users; in
   3 {
   4 imports = [
   5   ../profiles/dnscrypt-proxy2.nix
   6   patate/backup.nix
   7   patate/hardware.nix
   8 ];
   9
  10 home-manager.users.sevy = {
  11   imports = [ ../homes/sevy.nix ];
  12   host.name = hostName;
  13   host.hardware = ["ThinkPad" "X200"];
  14 };
  15 systemd.services.home-manager-julm.postStart = ''
  16   ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
  17 '';
  18 users.mutableUsers = false;
  19 users.users.sevy = {
  20   isNormalUser = true;
  21   uid = 1000;
  22   # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
  23   # which is already world readable.
  24   hashedPassword = lib.readFile ../secrets/sevy/hashedPassword;
  25   extraGroups = [
  26     "adbusers"
  27     "lp"
  28     "networkmanager"
  29     "scanner"
  30     "systemd-journal"
  31     "tor"
  32     "vboxusers"
  33     "video"
  34     "wheel"
  35   ];
  36 };
  37
  38 nix = {
  39   extraOptions = ''
  40     auto-optimise-store = true
  41   '';
  42   gc = {
  43     automatic = true;
  44     dates = "weekly";
  45     options = "--delete-older-than 7d";
  46   };
  47   nixPath = [
  48     "nixpkgs=/etc/nixpkgs"
  49     "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  50   ];
  51   trustedUsers = [ users.sevy.name ];
  52 };
  53 environment.etc."nixpkgs".source = pkgs.path;
  54 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
  55
  56 nixpkgs.config = {
  57   allowUnfree = true;
  58 };
  59 documentation.nixos.enable = true;
  60 time.timeZone = "Europe/Paris";
  61 i18n.defaultLocale = "fr_FR.UTF-8";
  62 console.font = "Lat2-Terminus16";
  63 console.keyMap = "fr";
  64
  65 networking = {
  66   hostName = hostName;
  67   domain = "localdomain";
  68   networkmanager = {
  69     enable = true;
  70     #dhcp = "dhcpcd";
  71     logLevel = "INFO";
  72     wifi = {
  73       #backend = "iwd";
  74       #backend = "wpa_supplicant";
  75       powersave = false;
  76     };
  77   };
  78   firewall = {
  79     enable = true;
  80     allowedTCPPorts = [
  81       51413 # transmission-gtk
  82       4662 # edonkey
  83     ];
  84     allowedUDPPorts = [
  85       51413 # transmission-gtk
  86       4667 # edonkey
  87       4672 # edonkey
  88     ];
  89   };
  90 };
  91
  92 sound.enable = true;
  93 hardware.pulseaudio.enable = true;
  94 hardware.sane.enable = true;
  95 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
  96
  97 environment.variables = {
  98   EDITOR = "vim -g";
  99   PAGER  = "less -R";
 100   SYSTEMD_LESS = "FKMRX";
 101 };
 102
 103 programs = {
 104   bash = {
 105     interactiveShellInit = ''
 106       bind '"\e[A":history-search-backward'
 107       bind '"\e[B":history-search-forward'
 108
 109       # Ignore duplicate commands, ignore commands starting with a space
 110       export HISTCONTROL=erasedups:ignorespace
 111       export HISTSIZE=42000
 112       # Append to the history instead of overwriting (good for multiple connections)
 113       shopt -s histappend
 114
 115       # Utilities
 116       mkcd () { mkdir -p "$1"; cd "$1"; }
 117       fan () {
 118         if [ $# -gt 0 ]
 119         then sudo tee /proc/acpi/ibm/fan <<<"level $1"
 120         else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
 121         fi
 122         acpi -t
 123       }
 124     '';
 125     shellAliases = {
 126       cl = "clear";
 127       grep = "grep --color";
 128       l  = "ls -alh";
 129       ll = "ls -al";
 130       ls = "ls --color=tty";
 131       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 132
 133       s="sudo systemctl";
 134       st="sudo systemctl status";
 135       u="systemctl --user";
 136       j="sudo journalctl -u";
 137       jb="sudo journalctl -b";
 138
 139       nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 140       mv = "mv -i";
 141       sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
 142     };
 143   };
 144   dconf.enable = true;
 145   mtr.enable = true;
 146 };
 147
 148 services = {
 149   avahi = {
 150     enable  = true;
 151     nssmdns = true;
 152     openFirewall = false;
 153     publish = {
 154       enable = false;
 155     };
 156   };
 157   dbus = {
 158     packages = [ pkgs.gnome3.dconf ];
 159   };
 160   gvfs = {
 161     enable = true;
 162   };
 163   journald = {
 164     extraConfig = ''
 165       Compress=true
 166       MaxRetentionSec=1month
 167       Storage=persistent
 168       SystemMaxUse=100M
 169     '';
 170   };
 171   physlock = {
 172     enable = true;
 173     allowAnyUser = true;
 174     # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
 175   };
 176   printing = {
 177     enable = true;
 178     drivers = [
 179       pkgs.gutenprint
 180       pkgs.hplip
 181     ];
 182   };
 183   udev = {
 184     packages = [
 185       # Allow members of the "adbusers" group to mount Android devices via MTP
 186       pkgs.android-udev-rules
 187     ];
 188   };
 189   xserver = {
 190     enable = true;
 191     layout = "fr";
 192     xkbOptions = "eurosign:e";
 193     libinput.enable = true;
 194     desktopManager = {
 195       xfce = {
 196         enable = true;
 197         thunarPlugins = [
 198           #pkgs.xfce.thunar-archive-plugin
 199         ];
 200       };
 201       xterm.enable = false;
 202     };
 203     displayManager = {
 204       defaultSession = "xfce";
 205       autoLogin = {
 206         enable = true;
 207         user = users.sevy.name;
 208       };
 209     };
 210   };
 211 };
 212
 213 virtualisation.virtualbox.host.enable = true;
 214
 215 # This value determines the NixOS release with which your system is to be
 216 # compatible, in order to avoid breaking some software such as database
 217 # servers. You should change this only after NixOS release notes say you should.
 218 system.stateVersion = "20.03"; # Did you read the comment?
 219 }