home-manager.users.julm = {
imports = [ ../homes/julm.nix ];
- # /sys/devices/virtual/dmi/id/product_name
- host.hardware = [ "apu6" ];
};
systemd.services.home-manager-julm.postStart = ''
${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
# Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
# which is already world readable.
# printf %s $(mkpasswd -m md5crypt)
- hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword;
+ hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
extraGroups = [
"adbusers"
"dialout"
config.users.users.julm.openssh.authorizedKeys.keys;
};
-systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
- "secret-key-files:" + aubergine/nix/secret-key-files;
+#systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
+# "secret-key-files:" + aubergine/nix/secret-key-files;
nix = {
extraOptions = ''
#secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
substituters = [
#"http://nix-localcache.losurdo.wg"
#"ssh://nix-ssh@losurdo.wg?priority=30"
+ #"ssh://nix-ssh@oignon.wg?priority=30"
];
trusted-public-keys = map lib.readFile [
- #../private/shared/nix/losurdo.pub
+ ../users/root/nix/oignon.pub
];
};
nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
nix.sshServe = {
enable = true;
keys = map lib.readFile [
- ../private/shared/ssh/julm/losurdo.pub
- ../private/shared/ssh/sevy/patate.pub
- ../private/shared/ssh/julm/oignon.pub
+ ../users/julm/ssh/losurdo.pub
+ ../users/sevy/ssh/patate.pub
+ ../users/julm/ssh/oignon.pub
];
};
sourcephile / git / julm / julm-nix.git / blobdiff