julm: firefox: change homepage

[julm/julm-nix.git] / hosts / oignon.nix

diff --git a/hosts/oignon.nix b/hosts/oignon.nix
index 2d4942b8b6b8c0ad679b161f238c7895e7d3865a..e55df74ae1ba07a7898f2ec150b7f15ce39eca5d 100644 (file)
--- a/hosts/oignon.nix
+++ b/hosts/oignon.nix
@@ -1,22 +1,23 @@
 { config, pkgs, lib, inputs, private, hostName, ... }:
 {
 imports = [
+  ../nixos/profiles/builder.nix
   ../nixos/profiles/debug.nix
-  ../nixos/profiles/dnscrypt-proxy2.nix
   ../nixos/profiles/graphical.nix
   ../nixos/profiles/lang-fr.nix
-  ../nixos/profiles/networking.nix
   ../nixos/profiles/printing.nix
   ../nixos/profiles/security.nix
   ../nixos/profiles/system.nix
   ../nixos/profiles/tor.nix
   ../nixos/profiles/irssi.nix
-  ../nixos/profiles/wireguard/wg-intra.nix
   oignon/backup.nix
   oignon/hardware.nix
-  oignon/wireguard.nix
+  oignon/networking.nix
 ];
 
+# Lower kernel's security for better performances
+boot.kernelParams = [ "mitigations=off" ];
+
 home-manager.users.julm = {
   imports = [ ../homes/julm.nix ];
   host.hardware = [ "ThinkPad" "X201" ];
@@ -24,6 +25,11 @@ home-manager.users.julm = {
 systemd.services.home-manager-julm.postStart = ''
   ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
 '';
+users.users.root = {
+  openssh.authorizedKeys.keys = map lib.readFile [
+    ../private/shared/ssh/julm/oignon.pub
+  ];
+};
 users.users.julm = {
   isNormalUser = true;
   uid = 1000;
@@ -32,6 +38,7 @@ users.users.julm = {
   hashedPassword = lib.readFile ../private/world/julm/hashedPassword;
   extraGroups = [
     "adbusers"
+    "dialout"
     "lp"
     "networkmanager"
     "scanner"
@@ -52,6 +59,7 @@ users.users.julm = {
 
 nix = {
   extraOptions = ''
+    #secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
     secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
   '';
   settings = {