uid = 1000;
# Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
# which is already world readable.
- hashedPassword = lib.readFile ../secrets/sevy/hashedPassword;
+ hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
extraGroups = [
"adbusers"
"lp"
"nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
];
trustedUsers = [ users.sevy.name ];
+ binaryCaches = [
+ "https://nix-localcache.sourcephile.fr"
+ "ssh://nix-ssh@192.168.0.115" # FIXME: use wireguard
+ ];
+ binaryCachePublicKeys = [
+ "losurdo.sourcephile.fr-1:XGeaIE2AA2mZskSZ5bIDrfx53q+TDDWJOUEpZDX7los="
+ "oignon.sourcephile.fr:slxL7XLsGXlD1r6gvw1imL5uQntW0TTlQgGQt3LBJgQ="
+ ];
};
-environment.etc."nixpkgs".source = pkgs.path;
-environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
+services.openssh.passwordAuthentication = false;
nixpkgs.config = {
allowUnfree = true;
};
+environment.etc."nixpkgs".source = pkgs.path;
+environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
+
documentation.nixos.enable = true;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
};
firewall = {
enable = true;
+ allowPing = false;
allowedTCPPorts = [
51413 # transmission-gtk
4662 # edonkey
avahi = {
enable = true;
nssmdns = true;
+ openFirewall = false;
+ publish = {
+ enable = false;
+ };
};
dbus = {
packages = [ pkgs.gnome3.dconf ];