sourcephile / git / julm / julm-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nixpkgs: update patches
[julm/julm-nix.git] / hosts / aubergine.nix
diff --git a/hosts/aubergine.nix b/hosts/aubergine.nix
index 8551a848b3b56eab76207bbfca982e873d30210d..f7b78377ba8021ffd1bc9f793cc55e28274b74c3 100644 (file)
--- a/hosts/aubergine.nix
+++ b/hosts/aubergine.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, inputs, private, hostName, ... }:
+{ config, pkgs, lib, inputs, hostName, ... }:
 {
 imports = [
   #../nixos/profiles/debug.nix
@@ -13,12 +13,10 @@ imports = [
 # Lower kernel's security for better performances
 boot.kernelParams = [ "mitigations=off" ];
 
-environment.etc.machine-id.source = ../private + "/hosts/${hostName}/root/machine-id";
+environment.etc.machine-id.source = aubergine/machine-id;
 
 home-manager.users.julm = {
   imports = [ ../homes/julm.nix ];
-  # /sys/devices/virtual/dmi/id/product_name
-  host.hardware = [ "apu6" ];
 };
 systemd.services.home-manager-julm.postStart = ''
   ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
@@ -28,7 +26,8 @@ users.users.julm = {
   uid = 1000;
   # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
   # which is already world readable.
-  hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
+  # printf %s $(mkpasswd -m md5crypt)
+  hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
   extraGroups = [
     "adbusers"
     "dialout"
@@ -40,33 +39,33 @@ users.users.julm = {
   # zfs set overlay=yes ${hostName}/home
   createHome = true;
   openssh.authorizedKeys.keys = map lib.readFile [
-    ../private/shared/ssh/julm/losurdo.pub
-    ../private/shared/ssh/julm/oignon.pub
-    ../private/shared/ssh/julm/redmi.pub
+    ../users/root/ssh/losurdo.pub
+    ../users/julm/ssh/losurdo.pub
+    ../users/julm/ssh/oignon.pub
+    ../users/julm/ssh/redmi.pub
   ];
 };
 users.users.root = {
   hashedPassword = "!";
-  openssh.authorizedKeys.keys = map lib.readFile [
-    ../private/shared/ssh/julm/losurdo.pub
-    ../private/shared/ssh/julm/oignon.pub
-    ../private/shared/ssh/julm/redmi.pub
-  ];
+  openssh.authorizedKeys.keys =
+    config.users.users.julm.openssh.authorizedKeys.keys;
 };
 
+#systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
+#  "secret-key-files:" + aubergine/nix/secret-key-files;
 nix = {
   extraOptions = ''
     #secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
-    secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
   '';
   settings = {
     trusted-users = [ config.users.users."julm".name ];
     substituters = [
       #"http://nix-localcache.losurdo.wg"
       #"ssh://nix-ssh@losurdo.wg?priority=30"
+      #"ssh://nix-ssh@oignon.wg?priority=30"
     ];
     trusted-public-keys = map lib.readFile [
-      #../private/shared/nix/losurdo.pub
+      ../users/root/nix/oignon.pub
     ];
   };
   nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
@@ -78,9 +77,9 @@ nix.settings.allowed-users = [ config.users.users."nix-ssh".name ];
 nix.sshServe = {
   enable = true;
   keys = map lib.readFile [
-    ../private/shared/ssh/julm/losurdo.pub
-    ../private/shared/ssh/sevy/patate.pub
-    ../private/shared/ssh/julm/oignon.pub
+    ../users/julm/ssh/losurdo.pub
+    ../users/sevy/ssh/patate.pub
+    ../users/julm/ssh/oignon.pub
   ];
 };
 
julm's NixOS and home-manager configs