]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/courge.nix
aubergine: sftp: do not bind on off2
[julm/julm-nix.git] / hosts / courge.nix
1 { config, pkgs, lib, inputs, hostName, ... }:
2 {
3 imports = [
4 ../nixos/profiles/graphical.nix
5 ../nixos/profiles/lang-fr.nix
6 ../nixos/profiles/laptop.nix
7 ../nixos/profiles/printing.nix
8 courge/backup.nix
9 courge/hardware.nix
10 courge/networking.nix
11 ];
12
13 # Lower kernel's security for better performances
14 security.kernel.mitigations = "off";
15
16 home-manager.users.mo = {
17 imports = [ ../homes/mo.nix ];
18 };
19 users.users.root = {
20 openssh.authorizedKeys.keys = map lib.readFile [
21 ../users/julm/ssh/oignon.pub
22 ../users/julm/ssh/losurdo.pub
23 ];
24 };
25 users.users.mo = {
26 isNormalUser = true;
27 uid = 1000;
28 # Put the hashedPassword in /nix/store,
29 # though /etc/shadow is not world readable...
30 # printf %s $(mkpasswd -m yescrypt)
31 hashedPassword = lib.readFile courge/users/mo/login/hashedPassword.clear;
32 extraGroups = [
33 "adbusers"
34 "dialout"
35 "lp"
36 "networkmanager"
37 #"plugdev" # For rtl-sdr
38 "scanner"
39 #"tor"
40 "video"
41 "wheel"
42 #"ipfs"
43 #config.services.davfs2.davGroup
44 #"vboxusers"
45 ];
46 # If created, zfs-mount.service would require:
47 # zfs set overlay=yes ${hostName}/home
48 createHome = false;
49 openssh.authorizedKeys.keys = map lib.readFile [
50 ../users/julm/ssh/oignon.pub
51 ../users/julm/ssh/losurdo.pub
52 ];
53 };
54
55 environment.systemPackages = [
56 #pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
57 ];
58
59 boot.extraModulePackages = [
60 ];
61
62 #programs.fuse.userAllowOther = true;
63
64 services.xserver = {
65 desktopManager = {
66 gnome.enable = true;
67 };
68 displayManager = {
69 gdm.enable = true;
70 };
71 };
72
73 services.displayManager = {
74 defaultSession = "gnome";
75 autoLogin = {
76 user = config.users.users.mo.name;
77 };
78 };
79
80 # This value determines the NixOS release with which your system is to be
81 # compatible, in order to avoid breaking some software such as database
82 # servers. You should change this only after NixOS release notes say you should.
83 system.stateVersion = "23.05"; # Did you read the comment?
84 }