machines/oignon.nix

   1 { config, pkgs, lib, inputs, machineName, ... }:
   2 let
   3   inherit (config.users) users;
   4 in
   5 {
   6 imports = [
   7   oignon/hardware.nix
   8   oignon/tor.nix
   9   oignon/dnscrypt-proxy2.nix
  10 ];
  11
  12 documentation.nixos.enable = true;
  13
  14 users.mutableUsers = false;
  15 users.users.julm = {
  16   isNormalUser = true;
  17   uid = 1000;
  18   # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
  19   # which is already world readable.
  20   hashedPassword = builtins.readFile ../secrets/julm/hashedPassword;
  21   extraGroups = [
  22     "wheel"
  23     "networkmanager"
  24     "video"
  25     "adbusers"
  26     "tor"
  27     #"vboxusers"
  28   ];
  29   # If created, zfs-mount.service would require:
  30   # zfs set overlay=yes ${machineName}/home
  31   createHome = false;
  32 };
  33
  34 nix = {
  35   extraOptions = ''
  36     auto-optimise-store = true
  37   '';
  38   gc = {
  39     automatic = true;
  40     dates = "weekly";
  41     options = "--delete-older-than 7d";
  42   };
  43   nixPath = [
  44     "nixpkgs=/etc/nixpkgs"
  45     "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  46   ];
  47   trustedUsers = [ users.julm.name ];
  48 };
  49 environment.etc."nixpkgs".source = pkgs.path;
  50 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
  51
  52 nixpkgs.config = {
  53   allowUnfree = false;
  54 };
  55
  56 time.timeZone = "Europe/Paris";
  57 i18n.defaultLocale = "fr_FR.UTF-8";
  58 console.font = "Lat2-Terminus16";
  59 console.keyMap = "fr";
  60
  61 networking = {
  62   hostName = machineName;
  63   domain = "localdomain";
  64   search = [ "sourcephile.fr" ];
  65   networkmanager = {
  66     enable = true;
  67     #dhcp = "dhcpcd";
  68     logLevel = "INFO";
  69     wifi = {
  70       #backend = "iwd";
  71       #backend = "wpa_supplicant";
  72       powersave = false;
  73     };
  74   };
  75   firewall = {
  76     enable = true;
  77   };
  78 };
  79
  80 sound.enable = true;
  81 hardware.pulseaudio.enable = true;
  82
  83 environment.variables = {
  84   EDITOR = "vim";
  85   PAGER  = "less -R";
  86   SYSTEMD_LESS = "FKMRX";
  87 };
  88 environment.systemPackages = with pkgs; [
  89   acpi
  90   binutils
  91   bmon
  92   coreutils
  93   cryptsetup
  94   curl
  95   direnv
  96   #dnsutils
  97   dstat
  98   e2fsprogs
  99   file
 100   glib # gio
 101   gnumake
 102   gnupg
 103   gparted
 104   gvfs
 105   hicolor-icon-theme
 106   home-manager
 107   htop
 108   less
 109   libfaketime
 110   lm_sensors
 111   lsof
 112   lsscsi
 113   man
 114   miniupnpc
 115   mosh
 116   ncdu
 117   ncurses
 118   nmon
 119   ntfs3g
 120   parted
 121   pasystray
 122   pavucontrol
 123   pciutils
 124   powertop
 125   procps
 126   python
 127   rdfind
 128   smartmontools
 129   sudo
 130   tcpdump
 131   tig
 132   tmux
 133   tree
 134   usbutils
 135   utillinux
 136   vim
 137   wget
 138   which
 139   xdg_utils
 140   xsel
 141   zfs
 142 ];
 143
 144 programs = {
 145   bash = {
 146     interactiveShellInit = ''
 147       bind '"\e[A":history-search-backward'
 148       bind '"\e[B":history-search-forward'
 149
 150       # Ignore duplicate commands, ignore commands starting with a space
 151       export HISTCONTROL=erasedups:ignorespace
 152       export HISTSIZE=42000
 153       # Append to the history instead of overwriting (good for multiple connections)
 154       shopt -s histappend
 155
 156       # Utilities
 157       mkcd () { mkdir -p "$1"; cd "$1"; }
 158     '';
 159     shellAliases = {
 160       cl = "clear";
 161       l  = "ls -alh";
 162       ll = "ls -al";
 163       ls = "ls --color=tty";
 164       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 165
 166       s="sudo systemctl";
 167       st="sudo systemctl status";
 168       s-u="systemctl --user";
 169       j="sudo journalctl -u";
 170       jb="sudo journalctl -b";
 171
 172       nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 173       mv = "mv -i";
 174       sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
 175     };
 176   };
 177   dconf.enable = true;
 178   /*
 179   gnupg.agent = {
 180     enable = true;
 181     enableSSHSupport = true;
 182   };
 183   */
 184   mtr.enable = true;
 185 };
 186
 187 services = {
 188   avahi = {
 189     enable  = true;
 190     nssmdns = true;
 191   };
 192   dbus = {
 193     packages = [ pkgs.gnome3.dconf ];
 194   };
 195   gvfs = {
 196     enable = true;
 197   };
 198   journald = {
 199     extraConfig = ''
 200       Compress=true
 201       MaxRetentionSec=1month
 202       Storage=persistent
 203       SystemMaxUse=100M
 204     '';
 205   };
 206   /*
 207   physlock = {
 208     enable = true;
 209     allowAnyUser = true;
 210     # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
 211   };
 212   */
 213   printing = {
 214     enable = true;
 215     drivers = [
 216       pkgs.gutenprint
 217       pkgs.hplip
 218     ];
 219   };
 220   sanoid = {
 221     enable = true;
 222     extraArgs = [ "--verbose" ];
 223     datasets = {
 224       "${machineName}/home" = {
 225         autosnap = true;
 226         autoprune = true;
 227         hourly = 12;
 228         daily = 7;
 229         monthly = 0;
 230         yearly = 0;
 231         recursive = true;
 232       };
 233       "${machineName}/var" = {
 234         autosnap = true;
 235         autoprune = true;
 236         hourly = 12;
 237         daily = 7;
 238         monthly = 0;
 239         yearly = 0;
 240         recursive = true;
 241       };
 242     };
 243   };
 244   udev = {
 245     packages = [
 246       # Allow members of the "adbusers" group to mount Android devices via MTP
 247       pkgs.android-udev-rules
 248     ];
 249   };
 250   xserver = {
 251     enable = true;
 252     layout = "fr";
 253     xkbOptions = "eurosign:e";
 254     libinput.enable = true;
 255     desktopManager = {
 256       session = [
 257         # Let the session be generated by home-manager
 258         { name = "home-manager";
 259           start = ''
 260             ${pkgs.runtimeShell} $HOME/.hm-xsession &
 261             waitPID=$!
 262           '';
 263         }
 264       ];
 265       xfce = {
 266         enable = false;
 267         /*
 268         thunarPlugins = [
 269           pkgs.xfce.thunar-archive-plugin
 270         ];
 271         */
 272       };
 273       xterm.enable = false;
 274     };
 275     displayManager = {
 276       defaultSession = "home-manager";
 277       #defaultSession = "none+xmonad";
 278       autoLogin = {
 279         enable = true;
 280         user = users.julm.name;
 281       };
 282     };
 283   };
 284 };
 285
 286 #virtualisation.virtualbox.host.enable = true;
 287
 288 # This value determines the NixOS release with which your system is to be
 289 # compatible, in order to avoid breaking some software such as database
 290 # servers. You should change this only after NixOS release notes say you should.
 291 system.stateVersion = "20.09"; # Did you read the comment?
 292 }