]> Git — Sourcephile - julm/julm-nix.git/blob - machines/oignon.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
oignon: tor: add as client
[julm/julm-nix.git] / machines / oignon.nix
1 { config, pkgs, inputs, machineName, ... }:
2 let
3 inherit (config.users) users;
4 in
5 {
6 imports = [
7 oignon/hardware.nix
8 oignon/tor.nix
9 ];
10
11 documentation.nixos.enable = true;
12
13 users.mutableUsers = false;
14 users.users.julm = {
15 isNormalUser = true;
16 uid = 1000;
17 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
18 # which is already world readable.
19 hashedPassword = builtins.readFile ../secrets/julm/hashedPassword;
20 extraGroups = [
21 "wheel"
22 "networkmanager"
23 "video"
24 "adbusers"
25 "tor"
26 #"vboxusers"
27 ];
28 # If created, zfs-mount.service would require:
29 # zfs set overlay=yes ${machineName}/home
30 createHome = false;
31 };
32
33 nix = {
34 extraOptions = ''
35 auto-optimise-store = true
36 '';
37 gc = {
38 automatic = true;
39 dates = "weekly";
40 options = "--delete-older-than 7d";
41 };
42 nixPath = [
43 "nixpkgs=/etc/nixpkgs"
44 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
45 ];
46 trustedUsers = [ users.julm.name ];
47 };
48 environment.etc."nixpkgs".source = pkgs.path;
49 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
50
51 nixpkgs.config = {
52 allowUnfree = false;
53 };
54
55 time.timeZone = "Europe/Paris";
56 i18n.defaultLocale = "fr_FR.UTF-8";
57 console.font = "Lat2-Terminus16";
58 console.keyMap = "fr";
59
60 networking = {
61 hostName = machineName;
62 domain = "localdomain";
63 networkmanager = {
64 enable = true;
65 #dhcp = "dhcpcd";
66 logLevel = "INFO";
67 wifi = {
68 #backend = "iwd";
69 #backend = "wpa_supplicant";
70 powersave = false;
71 };
72 };
73 firewall = {
74 enable = true;
75 };
76 };
77
78 sound.enable = true;
79 hardware.pulseaudio.enable = true;
80
81 environment.variables = {
82 EDITOR = "vim";
83 PAGER = "less -R";
84 SYSTEMD_LESS = "FKMRX";
85 };
86 environment.systemPackages = with pkgs; [
87 acpi
88 binutils
89 bmon
90 coreutils
91 cryptsetup
92 curl
93 direnv
94 dstat
95 e2fsprogs
96 file
97 glib # gio
98 gvfs
99 gnumake
100 gnupg
101 gparted
102 hicolor-icon-theme
103 home-manager
104 htop
105 less
106 libfaketime
107 lm_sensors
108 lsof
109 lsscsi
110 man
111 miniupnpc
112 mosh
113 ncdu
114 ncurses
115 nmon
116 ntfs3g
117 parted
118 pasystray
119 pavucontrol
120 pciutils
121 powertop
122 procps
123 python
124 rdfind
125 smartmontools
126 sudo
127 tig
128 tmux
129 tree
130 usbutils
131 utillinux
132 vim
133 wget
134 which
135 xdg_utils
136 xsel
137 zfs
138 ];
139
140 programs = {
141 bash = {
142 interactiveShellInit = ''
143 bind '"\e[A":history-search-backward'
144 bind '"\e[B":history-search-forward'
145
146 # Ignore duplicate commands, ignore commands starting with a space
147 export HISTCONTROL=erasedups:ignorespace
148 export HISTSIZE=42000
149 # Append to the history instead of overwriting (good for multiple connections)
150 shopt -s histappend
151
152 # Utilities
153 mkcd () { mkdir -p "$1"; cd "$1"; }
154 '';
155 shellAliases = {
156 cl = "clear";
157 l = "ls -alh";
158 ll = "ls -al";
159 ls = "ls --color=tty";
160 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
161
162 s="sudo systemctl";
163 st="sudo systemctl status";
164 s-u="systemctl --user";
165 j="sudo journalctl -u";
166 jb="sudo journalctl -b";
167
168 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
169 mv = "mv -i";
170 sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
171 };
172 };
173 dconf.enable = true;
174 gnupg.agent = {
175 enable = true;
176 enableSSHSupport = true;
177 };
178 mtr.enable = true;
179 };
180
181 services = {
182 avahi = {
183 enable = true;
184 nssmdns = true;
185 };
186 dbus = {
187 packages = [ pkgs.gnome3.dconf ];
188 };
189 gvfs = {
190 enable = true;
191 };
192 journald = {
193 extraConfig = ''
194 Compress=true
195 MaxRetentionSec=1month
196 Storage=persistent
197 SystemMaxUse=100M
198 '';
199 };
200 physlock = {
201 enable = true;
202 allowAnyUser = true;
203 # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
204 };
205 printing = {
206 enable = true;
207 drivers = [
208 pkgs.gutenprint
209 pkgs.hplip
210 ];
211 };
212 sanoid = {
213 enable = true;
214 extraArgs = [ "--verbose" ];
215 datasets = {
216 "${machineName}/home" = {
217 autosnap = true;
218 autoprune = true;
219 hourly = 12;
220 daily = 7;
221 monthly = 0;
222 yearly = 0;
223 recursive = true;
224 };
225 "${machineName}/var" = {
226 autosnap = true;
227 autoprune = true;
228 hourly = 12;
229 daily = 7;
230 monthly = 0;
231 yearly = 0;
232 recursive = true;
233 };
234 };
235 };
236 udev = {
237 packages = [
238 # Allow members of the "adbusers" group to mount Android devices via MTP
239 pkgs.android-udev-rules
240 ];
241 };
242 xserver = {
243 enable = true;
244 layout = "fr";
245 xkbOptions = "eurosign:e";
246 libinput.enable = true;
247 desktopManager = {
248 session = [
249 # Let the session be generated by home-manager
250 { name = "home-manager";
251 start = ''
252 ${pkgs.runtimeShell} $HOME/.hm-xsession &
253 waitPID=$!
254 '';
255 }
256 ];
257 xfce = {
258 enable = false;
259 /*
260 thunarPlugins = [
261 pkgs.xfce.thunar-archive-plugin
262 ];
263 */
264 };
265 xterm.enable = false;
266 };
267 displayManager = {
268 defaultSession = "home-manager";
269 #defaultSession = "none+xmonad";
270 autoLogin = {
271 enable = true;
272 user = users.julm.name;
273 };
274 };
275 };
276 };
277
278 #virtualisation.virtualbox.host.enable = true;
279
280 # This value determines the NixOS release with which your system is to be
281 # compatible, in order to avoid breaking some software such as database
282 # servers. You should change this only after NixOS release notes say you should.
283 system.stateVersion = "20.09"; # Did you read the comment?
284 }
julm's NixOS and home-manager configs