]> Git — Sourcephile - julm/julm-nix.git/blob - homes/julm.nix
nix: security: add doc
[julm/julm-nix.git] / homes / julm.nix
1 { pkgs, lib, config, hostName, ... }:
2 {
3 imports = [
4 ../home-manager/profiles/essential.nix
5 ../home-manager/profiles/vim.nix
6 ../home-manager/options.nix
7 julm/mutt.nix
8 (import (julm/hosts + "/${hostName}.nix"))
9 ];
10 programs.bash.shellAliases = {
11 firefox-calyx = "sudo systemd-run -P -p JoinsNamespaceOf=netns-calyx.service -p PrivateNetwork=true -p BindReadOnlyPaths=/etc/netns/calyx/resolv.conf:/etc/resolv.conf -E DISPLAY=$DISPLAY -p User=julm -E DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS -E LANG=$LANG -E LOCALE_ARCHIVE=$LOCALE_ARCHIVE -E PATH=$PATH -- firefox -P calyx";
12 };
13 programs.browserpass.enable = config.programs.firefox.enable;
14 programs.firefox.profiles =
15 let
16 defaultProfile = {
17 settings = {
18 "browser.bookmarks.showMobileBookmarks" = true;
19 "browser.compactmode.show" = true;
20 "browser.search.isUS" = false;
21 "browser.search.region" = "FR";
22 "distribution.searchplugins.defaultLocale" = "fr-FR";
23 "dom.security.https_first" = true;
24 "dom.security.https_only_mode" = true;
25 "general.useragent.locale" = "fr-FR";
26 "privacy.globalprivacycontrol.enabled" = true;
27 "privacy.globalprivacycontrol.functionality.enabled" = true;
28 "security.identityblock.show_extended_validation" = true;
29 "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
30 #"privacy.firstparty.isolate" = true;
31 };
32 userChrome = lib.readFile ../home-manager/profiles/firefox/userChrome.css;
33 };
34 in
35 {
36 "0yplujgj.2022" = lib.mkMerge [
37 defaultProfile
38 {
39 id = 0;
40 name = "2022";
41 settings = {
42 "browser.startup.homepage" = "https://democracynow.org";
43 };
44 }
45 ];
46 "8y3d28fa.tor" = lib.mkMerge [
47 defaultProfile
48 {
49 id = 1;
50 name = "tor";
51 settings = {
52 "browser.startup.homepage" = "https://check.torproject.org";
53 "privacy.firstparty.isolate" = true;
54 };
55 }
56 ];
57 "zqa1ck7d.calyx" = lib.mkMerge [
58 defaultProfile
59 {
60 id = 2;
61 name = "calyx";
62 settings = {
63 "browser.startup.homepage" = "https://icanhazip.com";
64 "privacy.firstparty.isolate" = true;
65 };
66 }
67 ];
68 };
69 home.file."${config.programs.gpg.homedir}/gpg.conf".text = ''
70 # julm@autogeree.net
71 trusted-key 0xD15AF7F467E8299B
72 # julm@sourcephile.fr (2021-08-12)
73 trusted-key 0xA58CD81C3863926F
74 '';
75 services.gpg-agent.sshKeys = [
76 # julm@autogeree.net
77 "D275EBA09C7E1FFBFB47F6EEF164E6D56FB24AB2"
78 # julm@sourcephile.fr (2021-08-12)
79 "3D94D14514F1EA2B6D62F1275D888897B082415D"
80 # Ed25519 key added on: 2021-10-31 06:48:49
81 # Fingerprints: MD5:fe:fe:81:79:d8:7f:e4:ff:64:ac:f3:1c:bd:65:24:3a
82 # SHA256:bCfwfC8MQTjm6c1HcMLtzvGpnWRdqLwe/bvbh2jsNaA
83 "F6CCA60CF05FADAE911CFBEC0BCDED22F40A19FD"
84 ];
85 programs.irssi.extraConfig = lib.readFile julm/irssi/config;
86 xdg.configFile."doom/config.el".text = lib.readFile julm/emacs/config.el;
87 home.file.".irssi/passwd" = lib.mkIf config.programs.irssi.enable {
88 text = ''
89 FreeNode : ${pkgs.pass}/bin/pass freenode.net/irc/julm
90 GeekNode : ${pkgs.pass}/bin/pass geeknode.org/irc/julm
91 IndyMedia : ${pkgs.pass}/bin/pass indymedia.org/irc/julm
92 Libera : ${pkgs.pass}/bin/pass libera.chat/irc/julm
93 OFTC : ${pkgs.pass}/bin/pass oftc.net/irc/julm
94 ToileLibre : ${pkgs.pass}/bin/pass toile-libre.org/irc/julm
95 '';
96 };
97 programs.ssh.matchBlocks =
98 {
99 "aubergine.sp" = {
100 compression = true; # Helps to get a better framerate with forwardX11
101 forwardAgent = true;
102 forwardX11 = true;
103 forwardX11Trusted = true;
104 serverAliveInterval = 15;
105 };
106 "patate.sp" = {
107 user = "sevy";
108 #proxyJump = "mermet.sp";
109 };
110 "courge.sp" = {
111 user = "mo";
112 #proxyJump = "mermet.sp";
113 };
114 } //
115 lib.genAttrs [ "lan.losurdo.sourcephile.fr" "losurdo.sp" ]
116 (_: {
117 compression = true; # Helps to get a better framerate with forwardX11
118 forwardX11 = true;
119 forwardX11Trusted = true;
120 serverAliveInterval = 15;
121 });
122 programs.git = {
123 userName = "Julien Moutinho";
124 userEmail = "julm@sourcephile.fr";
125 signing.key = "0x4FE467034C11017B429BAC53A58CD81C3863926F";
126 signing.signByDefault = false;
127 extraConfig = {
128 sendemail.smtpEncryption = "ssl"; # Yes, "ssl", not "tls" which does not work because it expects STARTTLS.
129 sendemail.smtpServer = "mail.sourcephile.fr";
130 sendemail.smtpServerPort = "465";
131 sendemail.smtpUser = "julm@sourcephile.fr";
132 };
133 };
134 }