{ config, pkgs, lib, inputs, hostName, ... }:
let inherit (config.users) users; in
{
imports = [
../profiles/dnscrypt-proxy2.nix
../profiles/security.nix
patate/backup.nix
patate/hardware.nix
patate/wireguard.nix
];
home-manager.users.sevy = {
imports = [ ../homes/sevy.nix ];
host.name = hostName;
host.hardware = ["ThinkPad" "X200"];
};
systemd.services.home-manager-julm.postStart = ''
${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
'';
security.lockKernelModules = false;
users.mutableUsers = false;
users.users.sevy = {
isNormalUser = true;
uid = 1000;
# Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
# which is already world readable.
hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
extraGroups = [
"adbusers"
config.services.davfs2.davGroup
"lp"
"networkmanager"
"scanner"
"systemd-journal"
"tor"
"vboxusers"
"video"
"wheel"
];
};
nix = {
extraOptions = ''
'';
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
nixPath = [
"nixpkgs=/etc/nixpkgs"
"nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
];
trustedUsers = [ users.sevy.name ];
binaryCaches = [
"https://nix-localcache.sourcephile.fr"
#"ssh://nix-ssh@192.168.0.115" # FIXME: use wireguard
];
binaryCachePublicKeys = [
"losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los="
"oignon.sourcephile.fr:slxL7XLsGXlD1r6gvw1imL5uQntW0TTlQgGQt3LBJgQ="
];
};
services.openssh.passwordAuthentication = false;
nixpkgs.config = {
allowUnfree = true;
};
environment.etc."nixpkgs".source = pkgs.path;
environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
documentation.nixos.enable = true;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
console.font = "Lat2-Terminus16";
console.keyMap = "fr";
networking = {
hostName = hostName;
domain = "localdomain";
networkmanager = {
enable = true;
#dhcp = "dhcpcd";
logLevel = "INFO";
wifi = {
#backend = "iwd";
#backend = "wpa_supplicant";
powersave = false;
};
};
firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
51413 # transmission-gtk
4662 # edonkey
];
allowedUDPPorts = [
51413 # transmission-gtk
4667 # edonkey
4672 # edonkey
];
};
};
sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
environment.variables = {
EDITOR = "vim -g";
PAGER = "less -R";
SYSTEMD_LESS = "FKMRX";
};
programs = {
bash = {
interactiveShellInit = ''
bind '"\e[A":history-search-backward'
bind '"\e[B":history-search-forward'
# Ignore duplicate commands, ignore commands starting with a space
export HISTCONTROL=erasedups:ignorespace
export HISTSIZE=42000
# Append to the history instead of overwriting (good for multiple connections)
shopt -s histappend
# Utilities
mkcd () { mkdir -p "$1"; cd "$1"; }
fan () {
if [ $# -gt 0 ]
then sudo tee /proc/acpi/ibm/fan <<<"level $1"
else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
fi
acpi -t
}
'';
shellAliases = {
cl = "clear";
grep = "grep --color";
l = "ls -alh";
ll = "ls -al";
ls = "ls --color=tty";
mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
s="sudo systemctl";
st="sudo systemctl status";
u="systemctl --user";
j="sudo journalctl -u";
jb="sudo journalctl -b";
nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
mv = "mv -i";
sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
};
};
dconf.enable = true;
mtr.enable = true;
};
services.avahi = {
enable = true;
nssmdns = true;
openFirewall = false;
publish = {
enable = false;
};
};
services.davfs2 = {
enable = true;
extraConfig = ''
'';
};
fileSystems."/home/sevy/mnt/ilico/severine" = {
device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
fsType = "davfs";
options =
let conf = pkgs.writeText "davfs2.conf" ''
backup_dir /home/sevy/Documents/EnTransfert/ilico/severine
cache_dir /home/sevy/.cache/davfs2/ilico/severine
''; in
[ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
};
services.dbus = {
packages = [ pkgs.gnome3.dconf ];
};
services.gvfs = {
enable = true;
};
services.journald = {
extraConfig = ''
Compress=true
MaxRetentionSec=1month
Storage=persistent
SystemMaxUse=100M
'';
};
services.physlock = {
enable = true;
allowAnyUser = true;
# NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
};
services.printing = {
enable = true;
drivers = [
pkgs.gutenprint
pkgs.hplip
];
};
services.udev = {
packages = [
# Allow members of the "adbusers" group to mount Android devices via MTP
pkgs.android-udev-rules
];
};
services.xserver = {
enable = true;
layout = "fr";
xkbOptions = "eurosign:e";
libinput.enable = true;
desktopManager = {
xfce = {
enable = true;
thunarPlugins = [
#pkgs.xfce.thunar-archive-plugin
];
};
xterm.enable = false;
};
displayManager = {
defaultSession = "xfce";
autoLogin = {
enable = true;
user = users.sevy.name;
};
};
};
virtualisation.virtualbox.host.enable = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you should.
system.stateVersion = "20.03"; # Did you read the comment?
}