{ config, pkgs, lib, inputs, ... }:
{
imports = [
+ ../nixos/profiles/router.nix
#../nixos/profiles/debug.nix
../nixos/profiles/lang-fr.nix
#../nixos/profiles/tor.nix
+ ../nixos/profiles/networking/remote.nix
+ ../nixos/profiles/home.nix
aubergine/hardware.nix
+ aubergine/nebula.nix
aubergine/networking.nix
+ aubergine/printing.nix
aubergine/nginx.nix
aubergine/backup.nix
+ aubergine/sftp.nix
];
# Lower kernel's security for better performances
- boot.kernelParams = [ "mitigations=off" ];
+ security.kernel.mitigations = "off";
home-manager.users.julm = {
imports = [ ../homes/julm.nix ];
};
- systemd.services.home-manager-julm.postStart = ''
- ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
- '';
- users.users.julm = {
- isNormalUser = true;
- uid = 1000;
- # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
- # which is already world readable.
- # printf %s $(mkpasswd -m md5crypt)
- hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
- extraGroups = [
- "adbusers"
- "dialout"
- "networkmanager"
- "tor"
- "wheel"
- ];
- # If created, zfs-mount.service would require:
- # zfs set overlay=yes ${hostName}/home
- createHome = true;
- openssh.authorizedKeys.keys = map lib.readFile [
- ../users/root/ssh/losurdo.pub
- ../users/julm/ssh/losurdo.pub
- ../users/julm/ssh/oignon.pub
- ../users/julm/ssh/redmi.pub
- ];
- };
- users.users.root = {
- hashedPassword = "!";
- openssh.authorizedKeys.keys =
- config.users.users.julm.openssh.authorizedKeys.keys;
+ users = {
+ users.julm = {
+ isNormalUser = true;
+ uid = 1000;
+ # Put the hashedPassword in /nix/store, but it will also be in /etc/passwd
+ # which is already world readable.
+ # printf %s $(mkpasswd -m yescrypt)
+ hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
+ extraGroups = [
+ "adbusers"
+ "audio"
+ "dialout"
+ "networkmanager"
+ "tor"
+ "video"
+ "wheel"
+ "wireshark"
+ ];
+ createHome = true;
+ openssh.authorizedKeys.keys = map lib.readFile [
+ ../users/root/ssh/losurdo.pub
+ ../users/julm/ssh/losurdo.pub
+ ../users/julm/ssh/oignon.pub
+ ../users/julm/ssh/pumpkin.pub
+ ../users/julm/ssh/redmi.pub
+ ];
+ };
+ users.root = {
+ hashedPassword = "!";
+ openssh.authorizedKeys.keys =
+ config.users.users.julm.openssh.authorizedKeys.keys;
+ };
+ users.sevy = {
+ isNormalUser = true;
+ uid = 1001;
+ hashedPassword = "!";
+ extraGroups = [
+ ];
+ createHome = true;
+ openssh.authorizedKeys.keys = map lib.readFile [
+ ../users/sevy/ssh/patate.pub
+ ];
+ };
};
#systemd.services.nix-daemon.serviceConfig.LoadCredentialEncrypted =
#secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
'';
settings = {
- trusted-users = [ config.users.users."julm".name ];
substituters = [
#"http://nix-localcache.losurdo.wg"
#"ssh://nix-ssh@losurdo.wg?priority=30"
#"ssh://nix-ssh@oignon.wg?priority=30"
];
trusted-public-keys = map lib.readFile [
- ../users/root/nix/oignon.pub
+ #../users/root/nix/oignon.pub
+ #../users/root/nix/pumpkin.pub
];
};
nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
../users/julm/ssh/losurdo.pub
../users/sevy/ssh/patate.pub
../users/julm/ssh/oignon.pub
+ ../users/julm/ssh/pumpkin.pub
];
};