{ config, pkgs, lib, ... }:
{
-imports = [
- ../nixos/profiles/dnscrypt-proxy2.nix
- ../nixos/profiles/graphical.nix
- ../nixos/profiles/lang-fr.nix
- ../nixos/profiles/networking.nix
- ../nixos/profiles/printing.nix
- ../nixos/profiles/security.nix
- ../nixos/profiles/system.nix
- ../nixos/profiles/wireguard/wg-intra.nix
- patate/backup.nix
- patate/hardware.nix
- patate/wireguard.nix
-];
-
-# Lower kernel's security for better performances
-boot.kernelParams = [ "mitigations=off" ];
-
-home-manager.users.sevy = {
- imports = [ ../homes/sevy.nix ];
-};
-systemd.services.home-manager-sevy.postStart = ''
- ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
-'';
-users.users.sevy = {
- isNormalUser = true;
- uid = 1000;
- # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
- # which is already world readable.
- hashedPassword = lib.readFile ../private/world/sevy/hashedPassword;
- extraGroups = [
- "adbusers"
- config.services.davfs2.davGroup
- "lp"
- "networkmanager"
- "scanner"
- "systemd-journal"
- "tor"
- "vboxusers"
- "video"
- "wheel"
+ imports = [
+ ../nixos/profiles/dnscrypt-proxy2.nix
+ ../nixos/profiles/graphical.nix
+ ../nixos/profiles/lang-fr.nix
+ ../nixos/profiles/printing.nix
+ ../nixos/profiles/wireguard/wg-intra.nix
+ patate/backup.nix
+ patate/hardware.nix
+ patate/wireguard.nix
];
-};
-nix = {
- settings = {
- trusted-users = [ config.users.users."sevy".name ];
- substituters = [
- #"ssh://nix-ssh@losurdo.wg?priority=30"
- "ssh://nix-ssh@oignon.wg?priority=10"
- ];
- trusted-public-keys = map lib.readFile [
- ../private/shared/nix/losurdo.pub
- ../private/shared/nix/oignon.pub
+ # Lower kernel's security for better performances
+ boot.kernelParams = [ "mitigations=off" ];
+
+ home-manager.users.sevy = {
+ imports = [ ../homes/sevy.nix ];
+ };
+ systemd.services.home-manager-sevy.postStart = ''
+ ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
+ '';
+ users.users.sevy = {
+ isNormalUser = true;
+ uid = 1000;
+ # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
+ # which is already world readable.
+ hashedPassword = lib.readFile patate/users/sevy/login/hashedPassword.clear;
+ extraGroups = [
+ "adbusers"
+ config.services.davfs2.davGroup
+ "lp"
+ "networkmanager"
+ "scanner"
+ "systemd-journal"
+ "tor"
+ "vboxusers"
+ "video"
+ "wheel"
];
};
-};
-environment.systemPackages = [
- pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
-];
+ nix = {
+ settings = {
+ substituters = [
+ #"ssh://nix-ssh@losurdo.wg?priority=30"
+ #"ssh://nix-ssh@oignon.wg?priority=10"
+ ];
+ trusted-public-keys = map lib.readFile [
+ ../users/root/nix/losurdo.pub
+ ../users/root/nix/oignon.pub
+ ];
+ };
+ };
+ install.substituteOnDestination = false;
-services.physlock = {
- enable = true;
- allowAnyUser = true;
- # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
-};
+ environment.systemPackages = [
+ pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
+ ];
-services.xserver = {
- desktopManager = {
- mate.enable = true;
- xfce.enable = true;
- xterm.enable = false;
+ services.physlock = {
+ enable = true;
+ allowAnyUser = true;
+ # NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
};
- displayManager = {
- defaultSession = "mate";
- autoLogin = {
- user = config.users.users.sevy.name;
+
+ services.xserver = {
+ desktopManager = {
+ mate.enable = true;
+ xfce.enable = true;
+ xterm.enable = false;
+ };
+ displayManager = {
+ defaultSession = "mate";
+ autoLogin = {
+ user = config.users.users.sevy.name;
+ };
};
};
-};
-virtualisation.virtualbox.host.enable = true;
+ virtualisation.virtualbox.host.enable = true;
+
+ services.openssh.openFirewall = true;
-# This value determines the NixOS release with which your system is to be
-# compatible, in order to avoid breaking some software such as database
-# servers. You should change this only after NixOS release notes say you should.
-system.stateVersion = "20.03"; # Did you read the comment?
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you should.
+ system.stateVersion = "20.03"; # Did you read the comment?
}