]> Git — Sourcephile - julm/julm-nix.git/blob - machines/oignon.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
oignon: move dnscrypt-proxy2.nix to profiles/
[julm/julm-nix.git] / machines / oignon.nix
1 { config, pkgs, lib, inputs, machineName, ... }:
2 let
3 inherit (config.users) users;
4 in
5 {
6 imports = [
7 oignon/hardware.nix
8 oignon/tor.nix
9 oignon/dnscrypt-proxy2.nix
10 ];
11
12 documentation.nixos.enable = true;
13
14 users.mutableUsers = false;
15 users.users.julm = {
16 isNormalUser = true;
17 uid = 1000;
18 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
19 # which is already world readable.
20 hashedPassword = builtins.readFile ../secrets/julm/hashedPassword;
21 extraGroups = [
22 "wheel"
23 "networkmanager"
24 "video"
25 "adbusers"
26 "tor"
27 #"vboxusers"
28 ];
29 # If created, zfs-mount.service would require:
30 # zfs set overlay=yes ${machineName}/home
31 createHome = false;
32 };
33
34 nix = {
35 extraOptions = ''
36 auto-optimise-store = true
37 '';
38 gc = {
39 automatic = true;
40 dates = "weekly";
41 options = "--delete-older-than 7d";
42 };
43 nixPath = [
44 "nixpkgs=/etc/nixpkgs"
45 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
46 ];
47 trustedUsers = [ users.julm.name ];
48 };
49 environment.etc."nixpkgs".source = pkgs.path;
50 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
51
52 nixpkgs.config = {
53 allowUnfree = false;
54 };
55
56 time.timeZone = "Europe/Paris";
57 i18n.defaultLocale = "fr_FR.UTF-8";
58 console.font = "Lat2-Terminus16";
59 console.keyMap = "fr";
60
61 networking = {
62 hostName = machineName;
63 domain = "localdomain";
64 search = [ "sourcephile.fr" ];
65 networkmanager = {
66 enable = true;
67 #dhcp = "dhcpcd";
68 logLevel = "INFO";
69 wifi = {
70 #backend = "iwd";
71 #backend = "wpa_supplicant";
72 powersave = false;
73 };
74 };
75 firewall = {
76 enable = true;
77 };
78 };
79
80 sound.enable = true;
81 hardware.pulseaudio.enable = true;
82
83 environment.variables = {
84 EDITOR = "vim";
85 PAGER = "less -R";
86 SYSTEMD_LESS = "FKMRX";
87 };
88 environment.systemPackages = with pkgs; [
89 acpi
90 binutils
91 bmon
92 coreutils
93 cryptsetup
94 curl
95 direnv
96 #dnsutils
97 dstat
98 e2fsprogs
99 file
100 glib # gio
101 gnumake
102 gnupg
103 gparted
104 gvfs
105 hicolor-icon-theme
106 home-manager
107 htop
108 less
109 libfaketime
110 lm_sensors
111 lsof
112 lsscsi
113 man
114 miniupnpc
115 mosh
116 ncdu
117 ncurses
118 nmon
119 ntfs3g
120 parted
121 pasystray
122 pavucontrol
123 pciutils
124 powertop
125 procps
126 python
127 rdfind
128 smartmontools
129 sudo
130 tcpdump
131 tig
132 tmux
133 tree
134 usbutils
135 utillinux
136 vim
137 wget
138 which
139 xdg_utils
140 xsel
141 zfs
142 ];
143
144 programs = {
145 bash = {
146 interactiveShellInit = ''
147 bind '"\e[A":history-search-backward'
148 bind '"\e[B":history-search-forward'
149
150 # Ignore duplicate commands, ignore commands starting with a space
151 export HISTCONTROL=erasedups:ignorespace
152 export HISTSIZE=42000
153 # Append to the history instead of overwriting (good for multiple connections)
154 shopt -s histappend
155
156 # Utilities
157 mkcd () { mkdir -p "$1"; cd "$1"; }
158 '';
159 shellAliases = {
160 cl = "clear";
161 l = "ls -alh";
162 ll = "ls -al";
163 ls = "ls --color=tty";
164 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
165
166 s="sudo systemctl";
167 st="sudo systemctl status";
168 s-u="systemctl --user";
169 j="sudo journalctl -u";
170 jb="sudo journalctl -b";
171
172 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
173 mv = "mv -i";
174 sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
175 };
176 };
177 dconf.enable = true;
178 mtr.enable = true;
179 };
180
181 services = {
182 avahi = {
183 enable = true;
184 nssmdns = true;
185 };
186 dbus = {
187 packages = [ pkgs.gnome3.dconf ];
188 };
189 gvfs = {
190 enable = true;
191 };
192 journald = {
193 extraConfig = ''
194 Compress=true
195 MaxRetentionSec=1month
196 Storage=persistent
197 SystemMaxUse=100M
198 '';
199 };
200 /*
201 physlock = {
202 enable = true;
203 allowAnyUser = true;
204 # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
205 };
206 */
207 printing = {
208 enable = true;
209 drivers = [
210 pkgs.gutenprint
211 pkgs.hplip
212 ];
213 };
214 sanoid = {
215 enable = true;
216 extraArgs = [ "--verbose" ];
217 datasets = {
218 "${machineName}/home" = {
219 autosnap = true;
220 autoprune = true;
221 hourly = 12;
222 daily = 7;
223 monthly = 0;
224 yearly = 0;
225 recursive = true;
226 };
227 "${machineName}/var" = {
228 autosnap = true;
229 autoprune = true;
230 hourly = 12;
231 daily = 7;
232 monthly = 0;
233 yearly = 0;
234 recursive = true;
235 };
236 };
237 };
238 udev = {
239 packages = [
240 # Allow members of the "adbusers" group to mount Android devices via MTP
241 pkgs.android-udev-rules
242 ];
243 };
244 xserver = {
245 enable = true;
246 layout = "fr";
247 xkbOptions = "eurosign:e";
248 libinput.enable = true;
249 desktopManager = {
250 session = [
251 # Let the session be generated by home-manager
252 { name = "home-manager";
253 start = ''
254 ${pkgs.runtimeShell} $HOME/.hm-xsession &
255 waitPID=$!
256 '';
257 }
258 ];
259 xfce = {
260 enable = false;
261 /*
262 thunarPlugins = [
263 pkgs.xfce.thunar-archive-plugin
264 ];
265 */
266 };
267 xterm.enable = false;
268 };
269 displayManager = {
270 defaultSession = "home-manager";
271 #defaultSession = "none+xmonad";
272 autoLogin = {
273 enable = true;
274 user = users.julm.name;
275 };
276 };
277 };
278 };
279
280 #virtualisation.virtualbox.host.enable = true;
281
282 # This value determines the NixOS release with which your system is to be
283 # compatible, in order to avoid breaking some software such as database
284 # servers. You should change this only after NixOS release notes say you should.
285 system.stateVersion = "20.09"; # Did you read the comment?
286 }
julm's NixOS and home-manager configs