xsettingsd: enable service for dynamic GTK theme switching
[julm/julm-nix.git] / hosts / aubergine.nix
index 34e5637e9a74511c2e95abe28be5920af465de0b..1d0a526de07db7686eaa1dcd29339415c4d57ba1 100644 (file)
@@ -1,52 +1,70 @@
 { config, pkgs, lib, inputs, ... }:
 {
   imports = [
+    ../nixos/profiles/router.nix
     #../nixos/profiles/debug.nix
     ../nixos/profiles/lang-fr.nix
     #../nixos/profiles/tor.nix
+    ../nixos/profiles/networking/remote.nix
+    ../nixos/profiles/home.nix
     aubergine/hardware.nix
+    aubergine/nebula.nix
     aubergine/networking.nix
+    aubergine/printing.nix
     aubergine/nginx.nix
     aubergine/backup.nix
+    aubergine/sftp.nix
   ];
 
   # Lower kernel's security for better performances
-  boot.kernelParams = [ "mitigations=off" ];
+  security.kernel.mitigations = "off";
 
   home-manager.users.julm = {
     imports = [ ../homes/julm.nix ];
   };
-  systemd.services.home-manager-julm.postStart = ''
-    ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
-  '';
-  users.users.julm = {
-    isNormalUser = true;
-    uid = 1000;
-    # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
-    # which is already world readable.
-    # printf %s $(mkpasswd -m md5crypt)
-    hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
-    extraGroups = [
-      "adbusers"
-      "dialout"
-      "networkmanager"
-      "tor"
-      "wheel"
-    ];
-    # If created, zfs-mount.service would require:
-    # zfs set overlay=yes ${hostName}/home
-    createHome = true;
-    openssh.authorizedKeys.keys = map lib.readFile [
-      ../users/root/ssh/losurdo.pub
-      ../users/julm/ssh/losurdo.pub
-      ../users/julm/ssh/oignon.pub
-      ../users/julm/ssh/redmi.pub
-    ];
-  };
-  users.users.root = {
-    hashedPassword = "!";
-    openssh.authorizedKeys.keys =
-      config.users.users.julm.openssh.authorizedKeys.keys;
+  users = {
+    users.julm = {
+      isNormalUser = true;
+      uid = 1000;
+      # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
+      # which is already world readable.
+      # printf %s $(mkpasswd -m yescrypt)
+      hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
+      extraGroups = [
+        "adbusers"
+        "audio"
+        "dialout"
+        "networkmanager"
+        "tor"
+        "video"
+        "wheel"
+        "wireshark"
+      ];
+      createHome = true;
+      openssh.authorizedKeys.keys = map lib.readFile [
+        ../users/root/ssh/losurdo.pub
+        ../users/julm/ssh/losurdo.pub
+        ../users/julm/ssh/oignon.pub
+        ../users/julm/ssh/pumpkin.pub
+        ../users/julm/ssh/redmi.pub
+      ];
+    };
+    users.root = {
+      hashedPassword = "!";
+      openssh.authorizedKeys.keys =
+        config.users.users.julm.openssh.authorizedKeys.keys;
+    };
+    users.sevy = {
+      isNormalUser = true;
+      uid = 1001;
+      hashedPassword = "!";
+      extraGroups = [
+      ];
+      createHome = true;
+      openssh.authorizedKeys.keys = map lib.readFile [
+        ../users/sevy/ssh/patate.pub
+      ];
+    };
   };
 
   #systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
       #secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
     '';
     settings = {
-      trusted-users = [ config.users.users."julm".name ];
       substituters = [
         #"http://nix-localcache.losurdo.wg"
         #"ssh://nix-ssh@losurdo.wg?priority=30"
         #"ssh://nix-ssh@oignon.wg?priority=30"
       ];
       trusted-public-keys = map lib.readFile [
-        ../users/root/nix/oignon.pub
+        #../users/root/nix/oignon.pub
+        #../users/root/nix/pumpkin.pub
       ];
     };
     nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
@@ -78,6 +96,7 @@
       ../users/julm/ssh/losurdo.pub
       ../users/sevy/ssh/patate.pub
       ../users/julm/ssh/oignon.pub
+      ../users/julm/ssh/pumpkin.pub
     ];
   };