]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
oignon: add davfs2 support
[julm/julm-nix.git] / hosts / oignon.nix
1 { config, pkgs, lib, inputs, private, hostName, ... }:
2 let
3 inherit (config.users) users;
4 inherit (config.services) davfs2;
5 in
6 {
7 imports = [
8 ../profiles/dnscrypt-proxy2.nix
9 oignon/hardware.nix
10 oignon/tor.nix
11 oignon/backup.nix
12 ];
13
14 home-manager.users.julm = {
15 imports = [ ../homes/julm.nix ];
16 host.name = hostName;
17 host.hardware = ["ThinkPad" "X201"];
18 };
19 systemd.services.home-manager-julm.postStart = ''
20 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
21 '';
22 users.mutableUsers = false;
23 users.users.julm = {
24 isNormalUser = true;
25 uid = 1000;
26 # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
27 # which is already world readable.
28 hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
29 extraGroups = [
30 "adbusers"
31 "lp"
32 "networkmanager"
33 "scanner"
34 "tor"
35 "video"
36 "wheel"
37 davfs2.davGroup
38 #"vboxusers"
39 ];
40 # If created, zfs-mount.service would require:
41 # zfs set overlay=yes ${hostName}/home
42 createHome = false;
43 };
44
45 nix = {
46 extraOptions = ''
47 auto-optimise-store = true
48 secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
49 '';
50 gc = {
51 automatic = true;
52 dates = "weekly";
53 options = "--delete-older-than 7d";
54 };
55 nixPath = [
56 "nixpkgs=/etc/nixpkgs"
57 "nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
58 ];
59 trustedUsers = [ users.julm.name ];
60 binaryCaches = [ "https://nix-localcache.sourcephile.fr" ];
61 binaryCachePublicKeys = [ "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los=" ];
62 };
63 nix.sshServe = {
64 enable = true;
65 keys = [ (lib.readFile ../private/world/julm/losurdo/ssh.pub) ];
66 };
67 users.users.julm.openssh.authorizedKeys.keys = [
68 (lib.readFile ../private/world/julm/losurdo/ssh.pub)
69 ];
70 services.openssh.forwardX11 = true;
71 services.openssh.passwordAuthentication = false;
72
73 nixpkgs.config = {
74 allowUnfree = true;
75 };
76 environment.etc."nixpkgs".source = pkgs.path;
77 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
78
79 documentation.nixos.enable = true;
80 time.timeZone = "Europe/Paris";
81 i18n.defaultLocale = "fr_FR.UTF-8";
82 console.font = "Lat2-Terminus16";
83 console.keyMap = "fr";
84
85 networking = {
86 hostName = hostName;
87 domain = "localdomain";
88 search = [ "sourcephile.fr" ];
89 networkmanager = {
90 enable = true;
91 #dhcp = "dhcpcd";
92 logLevel = "INFO";
93 wifi = {
94 #backend = "iwd";
95 #backend = "wpa_supplicant";
96 powersave = false;
97 };
98 };
99 firewall = {
100 enable = true;
101 allowPing = false;
102 };
103 };
104
105 sound.enable = true;
106 hardware.pulseaudio.enable = true;
107 hardware.sane.enable = true;
108 hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
109
110 environment.variables = {
111 EDITOR = "vim";
112 PAGER = "less -R";
113 SYSTEMD_LESS = "FKMRX";
114 };
115 environment.systemPackages = [
116 pkgs.mkpasswd
117 pkgs.gdb
118 ];
119
120 programs = {
121 bash = {
122 interactiveShellInit = ''
123 bind '"\e[A":history-search-backward'
124 bind '"\e[B":history-search-forward'
125
126 # Ignore duplicate commands, ignore commands starting with a space
127 export HISTCONTROL=erasedups:ignorespace
128 export HISTSIZE=42000
129 # Append to the history instead of overwriting (good for multiple connections)
130 shopt -s histappend
131
132 # Utilities
133 mkcd () { mkdir -p "$1"; cd "$1"; }
134 fan () {
135 if [ $# -gt 0 ]
136 then sudo tee /proc/acpi/ibm/fan <<<"level $1"
137 else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
138 fi
139 acpi -t
140 }
141 '';
142 shellAliases = {
143 cl = "clear";
144 grep = "grep --color";
145 l = "ls -alh";
146 ll = "ls -al";
147 ls = "ls --color=tty";
148 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
149
150 s="sudo systemctl";
151 st="sudo systemctl status";
152 u="systemctl --user";
153 j="sudo journalctl -u";
154 jb="sudo journalctl -b";
155
156 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
157 mv = "mv -i";
158 sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
159 };
160 };
161 dconf.enable = true;
162 mtr.enable = true;
163 };
164
165 services.avahi = {
166 enable = true;
167 nssmdns = true;
168 openFirewall = false;
169 publish = {
170 enable = false;
171 };
172 };
173 services.davfs2 = {
174 enable = true;
175 extraConfig = ''
176 '';
177 };
178 fileSystems."/home/julm/mnt/ilico/severine" = {
179 device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
180 fsType = "davfs";
181 options =
182 let conf = pkgs.writeText "davfs2.conf" ''
183 backup_dir /home/julm/documents/backup/ilico/severine
184 cache_dir /home/julm/.cache/davfs2/ilico/severine
185 ''; in
186 [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
187 };
188 security.wrappers."mount.davfs" = {
189 program = "mount.davfs";
190 source = "${pkgs.davfs2}/bin/mount.davfs";
191 owner = "root";
192 group = davfs2.davGroup;
193 setuid = true;
194 permissions = "u+rx,g+x";
195 };
196 security.wrappers."umount.davfs" = {
197 program = "umount.davfs";
198 source = "${pkgs.davfs2}/bin/umount.davfs";
199 owner = "root";
200 group = davfs2.davGroup;
201 setuid = true;
202 permissions = "u+rx,g+x";
203 };
204 services.dbus = {
205 packages = [ pkgs.gnome3.dconf ];
206 };
207 services.gvfs = {
208 enable = true;
209 };
210 services.journald = {
211 extraConfig = ''
212 Compress=true
213 MaxRetentionSec=1month
214 Storage=persistent
215 SystemMaxUse=100M
216 '';
217 };
218 services.printing = {
219 enable = true;
220 drivers = [
221 pkgs.gutenprint
222 pkgs.hplip
223 ];
224 };
225 services.udev = {
226 packages = [
227 # Allow members of the "adbusers" group to mount Android devices via MTP
228 pkgs.android-udev-rules
229 ];
230 };
231 services.xserver = {
232 enable = true;
233 layout = "fr";
234 xkbOptions = "eurosign:e";
235 libinput.enable = true;
236 desktopManager = {
237 session = [
238 # Let the session be generated by home-manager
239 { name = "home-manager";
240 start = ''
241 ${pkgs.runtimeShell} $HOME/.hm-xsession &
242 waitPID=$!
243 '';
244 }
245 ];
246 };
247 displayManager = {
248 defaultSession = "home-manager";
249 #defaultSession = "none+xmonad";
250 autoLogin = {
251 enable = true;
252 user = users.julm.name;
253 };
254 };
255 };
256
257 systemd.coredump.enable = true;
258 #environment.enableDebugInfo = true;
259
260 # This value determines the NixOS release with which your system is to be
261 # compatible, in order to avoid breaking some software such as database
262 # servers. You should change this only after NixOS release notes say you should.
263 system.stateVersion = "20.09"; # Did you read the comment?
264 }
julm's NixOS and home-manager configs