pumpkin: shipwright: install

[julm/julm-nix.git] / hosts / oignon.nix

diff --git a/hosts/oignon.nix b/hosts/oignon.nix
index 1a2679749bf807bda2dc5815efbd690704f924b4..0668eaac057ec952e5ea6a079252caf03b1f971f 100644 (file)
--- a/hosts/oignon.nix
+++ b/hosts/oignon.nix
@@ -1,4 +1,11 @@
-{ config, pkgs, lib, inputs, hostName, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  hostName,
+  ...
+}:
 {
   imports = [
     ../nixos/profiles/debug.nix
@@ -9,11 +16,11 @@
     ../nixos/profiles/printing.nix
     ../nixos/profiles/radio.nix
     ../nixos/profiles/tor.nix
+    ../nixos/profiles/bluetooth.nix
     oignon/backup.nix
     oignon/hardware.nix
     oignon/nebula.nix
     oignon/networking.nix
-    oignon/wireguard.nix
   ];
 
   # Lower kernel's security for better performances
@@ -57,8 +64,11 @@
     ];
   };
 
-  systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
-    [ ("${hostName}.key:${inputs.self}/hosts/${hostName}/nix/secret-key-files.priv.pem.cred") ];
+  systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted = [
+    "${hostName}.key:${
+      builtins.path { path = ./. + "/${hostName}/nix/secret-key-files.priv.pem.cred"; }
+    }"
+  ];
   nix = {
     extraOptions = ''
       secret-key-files = /run/credentials/nix-daemon.service/${hostName}.key
@@ -100,39 +110,40 @@
   services.davfs2.enable = true;
 
   systemd.automounts = [
-    { where = "/mnt/aubergine"; automountConfig.TimeoutIdleSec = "5 min"; }
+    {
+      where = "/mnt/aubergine";
+      automountConfig.TimeoutIdleSec = "5 min";
+    }
   ];
   fileSystems =
     let
       # Use the user's gpg-agent session to query
       # for the password of the SSH key when auto-mounting.
-      sshAsUser =
-        pkgs.writeScript "sshAsUser" ''
-          user="$1"; shift
-          exec ${pkgs.sudo}/bin/sudo -i -u "$user" \
-            ${pkgs.openssh}/bin/ssh "$@"
-        '';
-      options =
-        [
-          "user"
-          "uid=julm"
-          "gid=users"
-          "allow_other"
-          "exec" # Override "user"'s noexec
-          "noatime"
-          "nosuid"
-          "_netdev"
-          "ssh_command=${sshAsUser}\\040julm"
-          "noauto"
-          "x-gvfs-hide"
-          "x-systemd.automount"
-          #"Compression=yes" # YMMV
-          # Disconnect approximately 2*15=30 seconds after a network failure
-          "ServerAliveCountMax=1"
-          "ServerAliveInterval=15"
-          "dir_cache=no"
-          #"reconnect"
-        ];
+      sshAsUser = pkgs.writeScript "sshAsUser" ''
+        user="$1"; shift
+        exec ${pkgs.sudo}/bin/sudo -i -u "$user" \
+          ${pkgs.openssh}/bin/ssh "$@"
+      '';
+      options = [
+        "user"
+        "uid=julm"
+        "gid=users"
+        "allow_other"
+        "exec" # Override "user"'s noexec
+        "noatime"
+        "nosuid"
+        "_netdev"
+        "ssh_command=${sshAsUser}\\040julm"
+        "noauto"
+        "x-gvfs-hide"
+        "x-systemd.automount"
+        #"Compression=yes" # YMMV
+        # Disconnect approximately 2*15=30 seconds after a network failure
+        "ServerAliveCountMax=1"
+        "ServerAliveInterval=15"
+        "dir_cache=no"
+        #"reconnect"
+      ];
     in
     {
       "/mnt/aubergine" = {
@@ -204,7 +215,9 @@
   ];
 
   services.xserver = {
-    layout = "fr,us(altgr-intl)";
+    xkb = {
+      layout = "fr,us(altgr-intl)";
+    };
     desktopManager = {
       session = [
         # Let the session be generated by home-manager
@@ -217,14 +230,15 @@
         }
       ];
     };
-    displayManager = {
-      defaultSession = "home-manager";
-      #defaultSession = "none+xmonad";
-      #defaultSession = "mate";
-      #defaultSession = "cinnamon";
-      autoLogin = {
-        user = config.users.users.julm.name;
-      };
+  };
+
+  services.displayManager = {
+    defaultSession = "home-manager";
+    #defaultSession = "none+xmonad";
+    #defaultSession = "mate";
+    #defaultSession = "cinnamon";
+    autoLogin = {
+      user = config.users.users.julm.name;
     };
   };