pumpkin: syncoid: exclude Downloads

[julm/julm-nix.git] / hosts / aubergine.nix

diff --git a/hosts/aubergine.nix b/hosts/aubergine.nix
index 1c12cb9918fb5ee622306316bdc248a785c63562..fa1d40454df362e5651063f829badcdf9b3afc5f 100644 (file)
--- a/hosts/aubergine.nix
+++ b/hosts/aubergine.nix
@@ -1,26 +1,33 @@
-{ config, pkgs, lib, inputs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
 {
   imports = [
-    ../nixos/profiles/server.nix
+    ../nixos/profiles/router.nix
     #../nixos/profiles/debug.nix
     ../nixos/profiles/lang-fr.nix
     #../nixos/profiles/tor.nix
+    ../nixos/profiles/networking/remote.nix
+    ../nixos/profiles/home.nix
     aubergine/hardware.nix
+    aubergine/nebula.nix
     aubergine/networking.nix
+    aubergine/printing.nix
     aubergine/nginx.nix
     aubergine/backup.nix
     aubergine/sftp.nix
   ];
 
   # Lower kernel's security for better performances
-  boot.kernelParams = [ "mitigations=off" ];
+  security.kernel.mitigations = "off";
 
   home-manager.users.julm = {
     imports = [ ../homes/julm.nix ];
   };
-  systemd.services.home-manager-julm.postStart = ''
-    ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
-  '';
   users = {
     users.julm = {
       isNormalUser = true;
@@ -31,25 +38,26 @@
       hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
       extraGroups = [
         "adbusers"
+        "audio"
         "dialout"
         "networkmanager"
         "tor"
+        "video"
         "wheel"
+        "wireshark"
       ];
-      # If created, zfs-mount.service would require:
-      # zfs set overlay=yes ${hostName}/home
       createHome = true;
       openssh.authorizedKeys.keys = map lib.readFile [
         ../users/root/ssh/losurdo.pub
         ../users/julm/ssh/losurdo.pub
         ../users/julm/ssh/oignon.pub
+        ../users/julm/ssh/pumpkin.pub
         ../users/julm/ssh/redmi.pub
       ];
     };
     users.root = {
       hashedPassword = "!";
-      openssh.authorizedKeys.keys =
-        config.users.users.julm.openssh.authorizedKeys.keys;
+      openssh.authorizedKeys.keys = config.users.users.julm.openssh.authorizedKeys.keys;
     };
     users.sevy = {
       isNormalUser = true;
@@ -57,8 +65,6 @@
       hashedPassword = "!";
       extraGroups = [
       ];
-      # If created, zfs-mount.service would require:
-      # zfs set overlay=yes ${hostName}/home
       createHome = true;
       openssh.authorizedKeys.keys = map lib.readFile [
         ../users/sevy/ssh/patate.pub
@@ -79,7 +85,8 @@
         #"ssh://nix-ssh@oignon.wg?priority=30"
       ];
       trusted-public-keys = map lib.readFile [
-        ../users/root/nix/oignon.pub
+        #../users/root/nix/oignon.pub
+        #../users/root/nix/pumpkin.pub
       ];
     };
     nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
@@ -94,6 +101,7 @@
       ../users/julm/ssh/losurdo.pub
       ../users/sevy/ssh/patate.pub
       ../users/julm/ssh/oignon.pub
+      ../users/julm/ssh/pumpkin.pub
     ];
   };