git: tweak GUI config
[julm/julm-nix.git] / hosts / patate.nix
index 2bc92c1c8a02f76c8160dce29145bcb422978f18..91ef3aa8e5d66665453c5c0715f96ae6c666e7fa 100644 (file)
@@ -1,90 +1,89 @@
 { config, pkgs, lib, ... }:
 {
-imports = [
-  ../nixos/profiles/dnscrypt-proxy2.nix
-  ../nixos/profiles/graphical.nix
-  ../nixos/profiles/lang-fr.nix
-  ../nixos/profiles/networking.nix
-  ../nixos/profiles/printing.nix
-  ../nixos/profiles/security.nix
-  ../nixos/profiles/system.nix
-  ../nixos/profiles/wireguard/wg-intra.nix
-  patate/backup.nix
-  patate/hardware.nix
-  patate/wireguard.nix
-];
-
-# Lower kernel's security for better performances
-boot.kernelParams = [ "mitigations=off" ];
-
-home-manager.users.sevy = {
-  imports = [ ../homes/sevy.nix ];
-};
-systemd.services.home-manager-sevy.postStart = ''
-  ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
-'';
-users.users.sevy = {
-  isNormalUser = true;
-  uid = 1000;
-  # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
-  # which is already world readable.
-  hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
-  extraGroups = [
-    "adbusers"
-    config.services.davfs2.davGroup
-    "lp"
-    "networkmanager"
-    "scanner"
-    "systemd-journal"
-    "tor"
-    "vboxusers"
-    "video"
-    "wheel"
+  imports = [
+    ../nixos/profiles/dnscrypt-proxy2.nix
+    ../nixos/profiles/graphical.nix
+    ../nixos/profiles/lang-fr.nix
+    ../nixos/profiles/printing.nix
+    ../nixos/profiles/wireguard/wg-intra.nix
+    patate/backup.nix
+    patate/hardware.nix
+    patate/wireguard.nix
   ];
-};
 
-nix = {
-  settings = {
-    trusted-users = [ config.users.users."sevy".name ];
-    substituters = [
-      #"ssh://nix-ssh@losurdo.wg?priority=30"
-      "ssh://nix-ssh@oignon.wg?priority=10"
-    ];
-    trusted-public-keys = map lib.readFile [
-      ../private/shared/nix/losurdo.pub
-      ../private/shared/nix/oignon.pub
+  # Lower kernel's security for better performances
+  boot.kernelParams = [ "mitigations=off" ];
+
+  home-manager.users.sevy = {
+    imports = [ ../homes/sevy.nix ];
+  };
+  systemd.services.home-manager-sevy.postStart = ''
+    ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
+  '';
+  users.users.sevy = {
+    isNormalUser = true;
+    uid = 1000;
+    # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
+    # which is already world readable.
+    hashedPassword = lib.readFile patate/users/sevy/login/hashedPassword.clear;
+    extraGroups = [
+      "adbusers"
+      config.services.davfs2.davGroup
+      "lp"
+      "networkmanager"
+      "scanner"
+      "systemd-journal"
+      "tor"
+      "vboxusers"
+      "video"
+      "wheel"
     ];
   };
-};
 
-environment.systemPackages = [
-  pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
-];
+  nix = {
+    settings = {
+      substituters = [
+        #"ssh://nix-ssh@losurdo.wg?priority=30"
+        #"ssh://nix-ssh@oignon.wg?priority=10"
+      ];
+      trusted-public-keys = map lib.readFile [
+        ../users/root/nix/losurdo.pub
+        ../users/root/nix/oignon.pub
+      ];
+    };
+  };
+  install.substituteOnDestination = false;
 
-services.physlock = {
-  enable = true;
-  allowAnyUser = true;
-  # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
-};
+  environment.systemPackages = [
+    pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
+  ];
 
-services.xserver = {
-  desktopManager = {
-    mate.enable = true;
-    xfce.enable = true;
-    xterm.enable = false;
+  services.physlock = {
+    enable = true;
+    allowAnyUser = true;
+    # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
   };
-  displayManager = {
-    defaultSession = "mate";
-    autoLogin = {
-      user = config.users.users.sevy.name;
+
+  services.xserver = {
+    desktopManager = {
+      mate.enable = true;
+      xfce.enable = true;
+      xterm.enable = false;
+    };
+    displayManager = {
+      defaultSession = "mate";
+      autoLogin = {
+        user = config.users.users.sevy.name;
+      };
     };
   };
-};
 
-virtualisation.virtualbox.host.enable = true;
+  virtualisation.virtualbox.host.enable = true;
+
+  services.openssh.openFirewall = true;
 
-# This value determines the NixOS release with which your system is to be
-# compatible, in order to avoid breaking some software such as database
-# servers. You should change this only after NixOS release notes say you should.
-system.stateVersion = "20.03"; # Did you read the comment?
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you should.
+  system.stateVersion = "20.03"; # Did you read the comment?
 }