]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ssh: custom config on the LAN
[julm/julm-nix.git] / hosts / oignon.nix
1 { config, pkgs, lib, inputs, private, hostName, ... }:
2 let inherit (config.users) users; in
3 {
4 imports = [
5 ../profiles/dnscrypt-proxy2.nix
6 oignon/hardware.nix
7 oignon/tor.nix
8 oignon/backup.nix
9 ];
10
11 home-manager.users.julm = {
12 imports = [ ../homes/julm.nix ];
13 host.name = hostName;
14 host.hardware = ["ThinkPad" "X201"];
15 };
16 systemd.services.home-manager-julm.postStart = ''
17 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
18 '';
19 users.mutableUsers = false;
20 users.users.julm = {
21 isNormalUser = true;
22 uid = 1000;
23 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
24 # which is already world readable.
25 hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
26 extraGroups = [
27 "adbusers"
28 "lp"
29 "networkmanager"
30 "scanner"
31 "tor"
32 "video"
33 "wheel"
34 "networkmanager"
35 #"vboxusers"
36 ];
37 # If created, zfs-mount.service would require:
38 # zfs set overlay=yes ${hostName}/home
39 createHome = false;
40 };
41
42 nix = {
43 extraOptions = ''
44 auto-optimise-store = true
45 secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
46 '';
47 gc = {
48 automatic = true;
49 dates = "weekly";
50 options = "--delete-older-than 7d";
51 };
52 nixPath = [
53 "nixpkgs=/etc/nixpkgs"
54 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
55 ];
56 trustedUsers = [ users.julm.name ];
57 binaryCaches = [ "https://nix-localcache.sourcephile.fr" ];
58 binaryCachePublicKeys = [ "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los=" ];
59 };
60 nix.sshServe = {
61 enable = true;
62 keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOaag1MS41CRZrAji3K5IDROh5szSo34SDB0HNXGQtX julm@losurdo" ];
63 };
64 services.openssh.passwordAuthentication = false;
65
66 nixpkgs.config = {
67 allowUnfree = true;
68 };
69 environment.etc."nixpkgs".source = pkgs.path;
70 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
71
72 documentation.nixos.enable = true;
73 time.timeZone = "Europe/Paris";
74 i18n.defaultLocale = "fr_FR.UTF-8";
75 console.font = "Lat2-Terminus16";
76 console.keyMap = "fr";
77
78 networking = {
79 hostName = hostName;
80 domain = "localdomain";
81 search = [ "sourcephile.fr" ];
82 networkmanager = {
83 enable = true;
84 #dhcp = "dhcpcd";
85 logLevel = "INFO";
86 wifi = {
87 #backend = "iwd";
88 #backend = "wpa_supplicant";
89 powersave = false;
90 };
91 };
92 firewall = {
93 enable = true;
94 allowPing = false;
95 };
96 };
97
98 sound.enable = true;
99 hardware.pulseaudio.enable = true;
100 hardware.sane.enable = true;
101 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
102
103 environment.variables = {
104 EDITOR = "vim";
105 PAGER = "less -R";
106 SYSTEMD_LESS = "FKMRX";
107 };
108 environment.systemPackages = [
109 pkgs.gdb
110 ];
111
112 programs = {
113 bash = {
114 interactiveShellInit = ''
115 bind '"\e[A":history-search-backward'
116 bind '"\e[B":history-search-forward'
117
118 # Ignore duplicate commands, ignore commands starting with a space
119 export HISTCONTROL=erasedups:ignorespace
120 export HISTSIZE=42000
121 # Append to the history instead of overwriting (good for multiple connections)
122 shopt -s histappend
123
124 # Utilities
125 mkcd () { mkdir -p "$1"; cd "$1"; }
126 fan () {
127 if [ $# -gt 0 ]
128 then sudo tee /proc/acpi/ibm/fan <<<"level $1"
129 else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
130 fi
131 acpi -t
132 }
133 '';
134 shellAliases = {
135 cl = "clear";
136 grep = "grep --color";
137 l = "ls -alh";
138 ll = "ls -al";
139 ls = "ls --color=tty";
140 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
141
142 s="sudo systemctl";
143 st="sudo systemctl status";
144 u="systemctl --user";
145 j="sudo journalctl -u";
146 jb="sudo journalctl -b";
147
148 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
149 mv = "mv -i";
150 sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
151 };
152 };
153 dconf.enable = true;
154 mtr.enable = true;
155 };
156
157 services = {
158 avahi = {
159 enable = true;
160 nssmdns = true;
161 openFirewall = false;
162 publish = {
163 enable = false;
164 };
165 };
166 dbus = {
167 packages = [ pkgs.gnome3.dconf ];
168 };
169 gvfs = {
170 enable = true;
171 };
172 journald = {
173 extraConfig = ''
174 Compress=true
175 MaxRetentionSec=1month
176 Storage=persistent
177 SystemMaxUse=100M
178 '';
179 };
180 printing = {
181 enable = true;
182 drivers = [
183 pkgs.gutenprint
184 pkgs.hplip
185 ];
186 };
187 udev = {
188 packages = [
189 # Allow members of the "adbusers" group to mount Android devices via MTP
190 pkgs.android-udev-rules
191 ];
192 };
193 xserver = {
194 enable = true;
195 layout = "fr";
196 xkbOptions = "eurosign:e";
197 libinput.enable = true;
198 desktopManager = {
199 session = [
200 # Let the session be generated by home-manager
201 { name = "home-manager";
202 start = ''
203 ${pkgs.runtimeShell} $HOME/.hm-xsession &
204 waitPID=$!
205 '';
206 }
207 ];
208 };
209 displayManager = {
210 defaultSession = "home-manager";
211 #defaultSession = "none+xmonad";
212 autoLogin = {
213 enable = true;
214 user = users.julm.name;
215 };
216 };
217 };
218 };
219
220 systemd.coredump.enable = true;
221 #environment.enableDebugInfo = true;
222
223 # This value determines the NixOS release with which your system is to be
224 # compatible, in order to avoid breaking some software such as database
225 # servers. You should change this only after NixOS release notes say you should.
226 system.stateVersion = "20.09"; # Did you read the comment?
227 }
julm's NixOS and home-manager configs