]> Git — Sourcephile - julm/julm-nix.git/blob - machines/oignon.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
zfs: decrypt only the root zpool
[julm/julm-nix.git] / machines / oignon.nix
1 { config, pkgs, inputs, machineName, ... }:
2 let
3 inherit (config.users) users;
4 in
5 {
6 imports = [
7 oignon/hardware.nix
8 ];
9
10 users.mutableUsers = false;
11 users.users.julm = {
12 isNormalUser = true;
13 uid = 1000;
14 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
15 # which is already world readable.
16 hashedPassword = builtins.readFile ../secrets/julm/hashedPassword;
17 extraGroups = [
18 "wheel"
19 "networkmanager"
20 "video"
21 "adbusers"
22 #"vboxusers"
23 ];
24 # If created, zfs-mount.service would require:
25 # zfs set overlay=yes ${machineName}/home
26 createHome = false;
27 };
28
29 nix = {
30 extraOptions = ''
31 auto-optimise-store = true
32 '';
33 gc = {
34 automatic = true;
35 dates = "weekly";
36 options = "--delete-older-than 7d";
37 };
38 nixPath = [
39 "nixpkgs=/etc/nixpkgs"
40 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
41 ];
42 trustedUsers = [ users.julm.name ];
43 };
44 environment.etc."nixpkgs".source = pkgs.path;
45 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
46
47 nixpkgs.config = {
48 allowUnfree = false;
49 };
50
51 time.timeZone = "Europe/Paris";
52 i18n.defaultLocale = "fr_FR.UTF-8";
53 console.font = "Lat2-Terminus16";
54 console.keyMap = "fr";
55
56 networking = {
57 hostName = machineName;
58 domain = "localdomain";
59 networkmanager = {
60 enable = true;
61 #dhcp = "dhcpcd";
62 logLevel = "INFO";
63 wifi = {
64 #backend = "iwd";
65 #backend = "wpa_supplicant";
66 powersave = false;
67 };
68 };
69 firewall = {
70 enable = true;
71 };
72 };
73
74 sound.enable = true;
75 hardware.pulseaudio.enable = true;
76
77 environment.variables = {
78 EDITOR = "vim";
79 PAGER = "less -R";
80 SYSTEMD_LESS = "FKMRX";
81 };
82 environment.systemPackages = with pkgs; [
83 acpi
84 binutils
85 bmon
86 coreutils
87 cryptsetup
88 curl
89 direnv
90 dstat
91 e2fsprogs
92 file
93 glib # gio
94 gvfs
95 gnumake
96 gnupg
97 gparted
98 hicolor-icon-theme
99 home-manager
100 htop
101 less
102 libfaketime
103 lm_sensors
104 lsof
105 lsscsi
106 man
107 miniupnpc
108 mosh
109 ncdu
110 ncurses
111 nmon
112 ntfs3g
113 parted
114 pasystray
115 pavucontrol
116 pciutils
117 powertop
118 procps
119 python
120 rdfind
121 smartmontools
122 sudo
123 tig
124 tmux
125 tree
126 usbutils
127 utillinux
128 vim
129 wget
130 which
131 xdg_utils
132 xsel
133 zfs
134 ];
135
136 programs = {
137 bash = {
138 interactiveShellInit = ''
139 bind '"\e[A":history-search-backward'
140 bind '"\e[B":history-search-forward'
141
142 # Ignore duplicate commands, ignore commands starting with a space
143 export HISTCONTROL=erasedups:ignorespace
144 export HISTSIZE=42000
145 # Append to the history instead of overwriting (good for multiple connections)
146 shopt -s histappend
147
148 # Utilities
149 mkcd () { mkdir -p "$1"; cd "$1"; }
150 '';
151 shellAliases = {
152 cl = "clear";
153 l = "ls -alh";
154 ll = "ls -al";
155 ls = "ls --color=tty";
156 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
157
158 s="sudo systemctl";
159 st="sudo systemctl status";
160 s-u="systemctl --user";
161 j="sudo journalctl -u";
162
163 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
164 };
165 };
166 dconf.enable = true;
167 gnupg.agent = {
168 enable = true;
169 enableSSHSupport = true;
170 };
171 mtr.enable = true;
172 };
173
174 services = {
175 avahi = {
176 enable = true;
177 nssmdns = true;
178 };
179 dbus = {
180 packages = [ pkgs.gnome3.dconf ];
181 };
182 gvfs = {
183 enable = true;
184 };
185 journald = {
186 extraConfig = ''
187 Compress=true
188 MaxRetentionSec=1month
189 Storage=persistent
190 SystemMaxUse=100M
191 '';
192 };
193 physlock = {
194 enable = true;
195 allowAnyUser = true;
196 # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
197 };
198 printing = {
199 enable = true;
200 drivers = [
201 pkgs.gutenprint
202 pkgs.hplip
203 ];
204 };
205 sanoid = {
206 enable = true;
207 extraArgs = [ "--verbose" ];
208 datasets = {
209 "${machineName}/home" = {
210 autosnap = true;
211 autoprune = true;
212 hourly = 12;
213 daily = 7;
214 monthly = 0;
215 yearly = 0;
216 recursive = true;
217 };
218 "${machineName}/var" = {
219 autosnap = true;
220 autoprune = true;
221 hourly = 12;
222 daily = 7;
223 monthly = 0;
224 yearly = 0;
225 recursive = true;
226 };
227 };
228 };
229 udev = {
230 packages = [
231 # Allow members of the "adbusers" group to mount Android devices via MTP
232 pkgs.android-udev-rules
233 ];
234 };
235 xserver = {
236 enable = true;
237 layout = "fr";
238 xkbOptions = "eurosign:e";
239 libinput.enable = true;
240 desktopManager = {
241 session = [
242 # Let the session be generated by home-manager
243 { name = "home-manager";
244 start = ''
245 ${pkgs.runtimeShell} $HOME/.hm-xsession &
246 waitPID=$!
247 '';
248 }
249 ];
250 xfce = {
251 enable = false;
252 /*
253 thunarPlugins = [
254 pkgs.xfce.thunar-archive-plugin
255 ];
256 */
257 };
258 xterm.enable = false;
259 };
260 displayManager = {
261 defaultSession = "home-manager";
262 #defaultSession = "none+xmonad";
263 autoLogin = {
264 enable = true;
265 user = users.julm.name;
266 };
267 };
268 };
269 };
270
271 #virtualisation.virtualbox.host.enable = true;
272
273 # This value determines the NixOS release with which your system is to be
274 # compatible, in order to avoid breaking some software such as database
275 # servers. You should change this only after NixOS release notes say you should.
276 system.stateVersion = "20.09"; # Did you read the comment?
277 }
julm's NixOS and home-manager configs