{
imports = [
../profiles/dnscrypt-proxy2.nix
+ ../profiles/security.nix
patate/backup.nix
patate/hardware.nix
+ patate/wireguard.nix
];
home-manager.users.sevy = {
imports = [ ../homes/sevy.nix ];
- host.name = hostName;
host.hardware = ["ThinkPad" "X200"];
};
systemd.services.home-manager-julm.postStart = ''
${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
'';
+security.lockKernelModules = false;
users.mutableUsers = false;
users.users.sevy = {
isNormalUser = true;
uid = 1000;
# Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
# which is already world readable.
- hashedPassword = lib.readFile ../secrets/sevy/hashedPassword;
+ hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
extraGroups = [
"adbusers"
+ config.services.davfs2.davGroup
"lp"
"networkmanager"
"scanner"
nix = {
extraOptions = ''
- auto-optimise-store = true
'';
+ autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
"nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
];
trustedUsers = [ users.sevy.name ];
+ binaryCaches = [
+ "https://nix-localcache.sourcephile.fr"
+ #"ssh://nix-ssh@192.168.0.115" # FIXME: use wireguard
+ ];
+ binaryCachePublicKeys = [
+ "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los="
+ "oignon.sourcephile.fr:slxL7XLsGXlD1r6gvw1imL5uQntW0TTlQgGQt3LBJgQ="
+ ];
};
-environment.etc."nixpkgs".source = pkgs.path;
-environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
+services.openssh.passwordAuthentication = false;
nixpkgs.config = {
allowUnfree = true;
};
+environment.etc."nixpkgs".source = pkgs.path;
+environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
+
documentation.nixos.enable = true;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
mtr.enable = true;
};
-services = {
- avahi = {
- enable = true;
- nssmdns = true;
- openFirewall = false;
- publish = {
- enable = false;
- };
- };
- dbus = {
- packages = [ pkgs.gnome3.dconf ];
- };
- gvfs = {
- enable = true;
- };
- journald = {
- extraConfig = ''
- Compress=true
- MaxRetentionSec=1month
- Storage=persistent
- SystemMaxUse=100M
- '';
- };
- physlock = {
- enable = true;
- allowAnyUser = true;
- # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
- };
- printing = {
- enable = true;
- drivers = [
- pkgs.gutenprint
- pkgs.hplip
- ];
+services.avahi = {
+ enable = true;
+ nssmdns = true;
+ openFirewall = false;
+ publish = {
+ enable = false;
};
- udev = {
- packages = [
- # Allow members of the "adbusers" group to mount Android devices via MTP
- pkgs.android-udev-rules
- ];
- };
- xserver = {
- enable = true;
- layout = "fr";
- xkbOptions = "eurosign:e";
- libinput.enable = true;
- desktopManager = {
- xfce = {
- enable = true;
- thunarPlugins = [
- #pkgs.xfce.thunar-archive-plugin
- ];
- };
- xterm.enable = false;
+};
+services.davfs2 = {
+ enable = true;
+ extraConfig = ''
+ '';
+};
+fileSystems."/home/sevy/mnt/ilico/severine" = {
+ device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
+ fsType = "davfs";
+ options =
+ let conf = pkgs.writeText "davfs2.conf" ''
+ backup_dir /home/sevy/Documents/EnTransfert/ilico/severine
+ cache_dir /home/sevy/.cache/davfs2/ilico/severine
+ ''; in
+ [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
+};
+services.dbus = {
+ packages = [ pkgs.gnome3.dconf ];
+};
+services.gvfs = {
+ enable = true;
+};
+services.journald = {
+ extraConfig = ''
+ Compress=true
+ MaxRetentionSec=1month
+ Storage=persistent
+ SystemMaxUse=100M
+ '';
+};
+services.physlock = {
+ enable = true;
+ allowAnyUser = true;
+ # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
+};
+services.printing = {
+ enable = true;
+ drivers = [
+ pkgs.gutenprint
+ pkgs.hplip
+ ];
+};
+services.udev = {
+ packages = [
+ # Allow members of the "adbusers" group to mount Android devices via MTP
+ pkgs.android-udev-rules
+ ];
+};
+services.xserver = {
+ enable = true;
+ layout = "fr";
+ xkbOptions = "eurosign:e";
+ libinput.enable = true;
+ desktopManager = {
+ xfce = {
+ enable = true;
+ thunarPlugins = [
+ #pkgs.xfce.thunar-archive-plugin
+ ];
};
- displayManager = {
- defaultSession = "xfce";
- autoLogin = {
- enable = true;
- user = users.sevy.name;
- };
+ xterm.enable = false;
+ };
+ displayManager = {
+ defaultSession = "xfce";
+ autoLogin = {
+ enable = true;
+ user = users.sevy.name;
};
};
};