1 { config, pkgs, lib, private, hostName, ... }:
4 ../nixos/profiles/dnscrypt-proxy2.nix
5 ../nixos/profiles/security.nix
6 ../nixos/profiles/wireguard/wg-intra.nix
13 home-manager.users.julm = {
14 imports = [ ../homes/julm.nix ];
15 host.hardware = [ "ThinkPad" "X201" ];
17 systemd.services.home-manager-julm.postStart = ''
18 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
20 security.lockKernelModules = false;
21 users.mutableUsers = false;
25 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
26 # which is already world readable.
27 hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
37 config.services.davfs2.davGroup
40 # If created, zfs-mount.service would require:
41 # zfs set overlay=yes ${hostName}/home
47 secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
49 autoOptimiseStore = true;
52 gc.options = "--delete-older-than 7d";
53 nixPath = lib.mkForce [];
54 trustedUsers = [ config.users.users.julm.name ];
56 "http://nix-localcache.losurdo.wg"
58 binaryCachePublicKeys = map lib.readFile [
59 ../private/shared/nix/losurdo.pub
62 #environment.etc."nixpkgs".source = pkgs.path;
63 #environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
74 nix.allowedUsers = [ config.users.users."nix-ssh".name ];
77 keys = map lib.readFile [
78 ../private/shared/ssh/julm/losurdo.pub
79 ../private/shared/ssh/sevy/patate.pub
80 ../private/shared/ssh/julm/oignon.pub
83 users.users.julm.openssh.authorizedKeys.keys = map lib.readFile [
84 ../private/shared/ssh/julm/losurdo.pub
87 time.timeZone = "Europe/Paris";
88 i18n.defaultLocale = "fr_FR.UTF-8";
89 console.font = "Lat2-Terminus16";
90 console.keyMap = "fr";
94 domain = "localdomain";
95 search = [ "sourcephile.fr" ];
102 #backend = "wpa_supplicant";
113 hardware.pulseaudio.enable = true;
114 hardware.sane.enable = true;
115 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
117 environment.variables = {
120 SYSTEMD_LESS = "FKMRX";
123 programs.bash.interactiveShellInit = ''
126 then sudo tee /proc/acpi/ibm/fan <<<"level $1"
127 else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
132 programs.dconf.enable = true;
133 programs.mtr.enable = true;
138 openFirewall = false;
143 services.davfs2.enable = true;
144 fileSystems."/home/julm/mnt/ilico/severine" = {
145 device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
148 let conf = pkgs.writeText "davfs2.conf" ''
149 backup_dir /home/julm/documents/backup/ilico/severine
150 cache_dir /home/julm/.cache/davfs2/ilico/severine
152 [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
154 environment.systemPackages = [
155 pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
157 programs.fuse.userAllowOther = true;
158 fileSystems."/mnt/losurdo" = {
159 device = "${pkgs.sshfsFuse}/bin/sshfs#julm@losurdo.wg:/";
162 # Use the user's gpg-agent session to query
163 # for the password of the SSH key when auto-mounting.
164 let sshAsUser = user:
165 pkgs.writeScript "sshAsUser-${user}" ''
166 exec ${pkgs.sudo}/bin/sudo -i -u ${user} \
167 ${pkgs.openssh}/bin/ssh "$@"
170 "noatime" "noexec" "nosuid"
171 "user" "uid=julm" "gid=users" "allow_other"
172 "_netdev" "ssh_command=${sshAsUser "julm"}" # "reconnect"
173 "noauto" "x-gvfs-hide" "x-systemd.automount"
174 #"Compression=yes" # YMMV
175 # Disconnect approximately 2*15=30 seconds after a network failure
176 "ServerAliveCountMax=1"
177 "ServerAliveInterval=15"
181 packages = [ pkgs.gnome3.dconf ];
183 services.gvfs.enable = true;
186 defaultMode = "online";
189 localDiscovery = false;
191 Datastore.StorageMax = "10GB";
192 Discovery.MDNS.Enabled = false;
195 #Swarm.AddrFilters = null;
197 startWhenNeeded = true;
203 services.printing = {
212 # Allow members of the "adbusers" group to mount Android devices via MTP.
213 pkgs.android-udev-rules
214 # Allow the console user access the Yubikey USB device node,
215 # needed for challenge/response to work correctly.
216 pkgs.yubikey-personalization
222 xkbOptions = "eurosign:e";
223 libinput.enable = true;
226 # Let the session be generated by home-manager
227 { name = "home-manager";
229 ${pkgs.runtimeShell} $HOME/.hm-xsession &
236 defaultSession = "home-manager";
237 #defaultSession = "none+xmonad";
240 user = config.users.users.julm.name;
245 systemd.coredump.enable = true;
246 #environment.enableDebugInfo = true;
248 # This value determines the NixOS release with which your system is to be
249 # compatible, in order to avoid breaking some software such as database
250 # servers. You should change this only after NixOS release notes say you should.
251 system.stateVersion = "20.09"; # Did you read the comment?