hosts/courge.nix

   1 { config, pkgs, lib, inputs, hostName, ... }:
   2 {
   3   imports = [
   4     ../nixos/profiles/graphical.nix
   5     ../nixos/profiles/lang-fr.nix
   6     ../nixos/profiles/printing.nix
   7     courge/backup.nix
   8     courge/hardware.nix
   9     courge/networking.nix
  10   ];
  11
  12   # Lower kernel's security for better performances
  13   boot.kernelParams = [ "mitigations=off" ];
  14
  15   home-manager.users.mo = {
  16     imports = [ ../homes/mo.nix ];
  17   };
  18   users.users.root = {
  19     openssh.authorizedKeys.keys = map lib.readFile [
  20       ../users/julm/ssh/oignon.pub
  21       ../users/julm/ssh/losurdo.pub
  22     ];
  23   };
  24   users.users.mo = {
  25     isNormalUser = true;
  26     uid = 1000;
  27     # Put the hashedPassword in /nix/store,
  28     # though /etc/shadow is not world readable...
  29     # printf %s $(mkpasswd -m yescrypt)
  30     hashedPassword = lib.readFile courge/users/mo/login/hashedPassword.clear;
  31     extraGroups = [
  32       "adbusers"
  33       "dialout"
  34       "lp"
  35       "networkmanager"
  36       #"plugdev" # For rtl-sdr
  37       "scanner"
  38       #"tor"
  39       "video"
  40       "wheel"
  41       #"ipfs"
  42       #config.services.davfs2.davGroup
  43       #"vboxusers"
  44     ];
  45     # If created, zfs-mount.service would require:
  46     # zfs set overlay=yes ${hostName}/home
  47     createHome = false;
  48     openssh.authorizedKeys.keys = map lib.readFile [
  49       ../users/julm/ssh/oignon.pub
  50       ../users/julm/ssh/losurdo.pub
  51     ];
  52   };
  53
  54   environment.systemPackages = [
  55     #pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
  56   ];
  57
  58   boot.extraModulePackages = [
  59   ];
  60
  61   #programs.fuse.userAllowOther = true;
  62
  63   services.xserver = {
  64     desktopManager = {
  65       gnome.enable = true;
  66     };
  67     displayManager = {
  68       defaultSession = "gnome";
  69       gdm.enable = true;
  70       autoLogin = {
  71         user = config.users.users.mo.name;
  72       };
  73     };
  74   };
  75
  76   # This value determines the NixOS release with which your system is to be
  77   # compatible, in order to avoid breaking some software such as database
  78   # servers. You should change this only after NixOS release notes say you should.
  79   system.stateVersion = "23.05"; # Did you read the comment?
  80 }