-{ config, pkgs, lib, inputs, private, hostName, ... }:
+{ config, pkgs, lib, inputs, ... }:
{
-imports = [
- #../nixos/profiles/debug.nix
- ../nixos/profiles/lang-fr.nix
- ../nixos/profiles/security.nix
- ../nixos/profiles/system.nix
- #../nixos/profiles/tor.nix
- aubergine/hardware.nix
- aubergine/networking.nix
-];
-
-# Lower kernel's security for better performances
-boot.kernelParams = [ "mitigations=off" ];
-
-environment.etc.machine-id.source = ../private + "/hosts/${hostName}/root/machine-id";
-
-home-manager.users.julm = {
- imports = [ ../homes/julm.nix ];
- # /sys/devices/virtual/dmi/id/product_name
- host.hardware = [ "apu6" ];
-};
-systemd.services.home-manager-julm.postStart = ''
- ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
-'';
-users.users.julm = {
- isNormalUser = true;
- uid = 1000;
- # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
- # which is already world readable.
- hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
- extraGroups = [
- "adbusers"
- "dialout"
- "networkmanager"
- "tor"
- "wheel"
- ];
- # If created, zfs-mount.service would require:
- # zfs set overlay=yes ${hostName}/home
- createHome = true;
- openssh.authorizedKeys.keys = map lib.readFile [
- ../private/shared/ssh/root/losurdo.pub
- ../private/shared/ssh/julm/losurdo.pub
- ../private/shared/ssh/julm/oignon.pub
- ../private/shared/ssh/julm/redmi.pub
+ imports = [
+ #../nixos/profiles/debug.nix
+ ../nixos/profiles/lang-fr.nix
+ #../nixos/profiles/tor.nix
+ aubergine/hardware.nix
+ aubergine/networking.nix
+ aubergine/nginx.nix
+ aubergine/backup.nix
];
-};
-users.users.root = {
- hashedPassword = "!";
- openssh.authorizedKeys.keys = map lib.readFile [
- ../private/shared/ssh/root/losurdo.pub
- ../private/shared/ssh/julm/losurdo.pub
- ../private/shared/ssh/julm/oignon.pub
- ../private/shared/ssh/julm/redmi.pub
- ];
-};
-nix = {
- extraOptions = ''
- #secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
- #secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
+ # Lower kernel's security for better performances
+ boot.kernelParams = [ "mitigations=off" ];
+
+ home-manager.users.julm = {
+ imports = [ ../homes/julm.nix ];
+ };
+ systemd.services.home-manager-julm.postStart = ''
+ ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
'';
- settings = {
- trusted-users = [ config.users.users."julm".name ];
- substituters = [
- #"http://nix-localcache.losurdo.wg"
- #"ssh://nix-ssh@losurdo.wg?priority=30"
+ users.users.julm = {
+ isNormalUser = true;
+ uid = 1000;
+ # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
+ # which is already world readable.
+ # printf %s $(mkpasswd -m md5crypt)
+ hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
+ extraGroups = [
+ "adbusers"
+ "dialout"
+ "networkmanager"
+ "tor"
+ "wheel"
];
- trusted-public-keys = map lib.readFile [
- #../private/shared/nix/losurdo.pub
+ # If created, zfs-mount.service would require:
+ # zfs set overlay=yes ${hostName}/home
+ createHome = true;
+ openssh.authorizedKeys.keys = map lib.readFile [
+ ../users/root/ssh/losurdo.pub
+ ../users/julm/ssh/losurdo.pub
+ ../users/julm/ssh/oignon.pub
+ ../users/julm/ssh/redmi.pub
];
};
- nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
-};
-#environment.etc."nixpkgs".source = pkgs.path;
-#environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
+ users.users.root = {
+ hashedPassword = "!";
+ openssh.authorizedKeys.keys =
+ config.users.users.julm.openssh.authorizedKeys.keys;
+ };
-nix.settings.allowed-users = [ config.users.users."nix-ssh".name ];
-nix.sshServe = {
- enable = true;
- keys = map lib.readFile [
- ../private/shared/ssh/julm/losurdo.pub
- ../private/shared/ssh/sevy/patate.pub
- ../private/shared/ssh/julm/oignon.pub
- ];
-};
+ #systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
+ # "secret-key-files:" + aubergine/nix/secret-key-files;
+ nix = {
+ extraOptions = ''
+ #secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
+ '';
+ settings = {
+ trusted-users = [ config.users.users."julm".name ];
+ substituters = [
+ #"http://nix-localcache.losurdo.wg"
+ #"ssh://nix-ssh@losurdo.wg?priority=30"
+ #"ssh://nix-ssh@oignon.wg?priority=30"
+ ];
+ trusted-public-keys = map lib.readFile [
+ ../users/root/nix/oignon.pub
+ ];
+ };
+ nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
+ };
+ #environment.etc."nixpkgs".source = pkgs.path;
+ #environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
-environment.systemPackages = [
-];
+ nix.settings.allowed-users = [ config.users.users."nix-ssh".name ];
+ nix.sshServe = {
+ enable = true;
+ keys = map lib.readFile [
+ ../users/julm/ssh/losurdo.pub
+ ../users/sevy/ssh/patate.pub
+ ../users/julm/ssh/oignon.pub
+ ];
+ };
-boot.extraModulePackages = [
- #config.boot.kernelPackages.v4l2loopback
-];
+ environment.systemPackages = [
+ ];
+
+ boot.extraModulePackages = [
+ #config.boot.kernelPackages.v4l2loopback
+ ];
-# This value determines the NixOS release with which your system is to be
-# compatible, in order to avoid breaking some software such as database
-# servers. You should change this only after NixOS release notes say you should.
-system.stateVersion = "22.11"; # Did you read the comment?
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you should.
+ system.stateVersion = "22.11"; # Did you read the comment?
}