sourcephile / git / julm / julm-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pumpkin: steam-run: install
[julm/julm-nix.git] / hosts / aubergine.nix
diff --git a/hosts/aubergine.nix b/hosts/aubergine.nix
index 22445952f4989f3737fbd1c1731114c50be9e07d..fa1d40454df362e5651063f829badcdf9b3afc5f 100644 (file)
--- a/hosts/aubergine.nix
+++ b/hosts/aubergine.nix
@@ -1,19 +1,29 @@
-{ config, pkgs, lib, inputs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
 {
   imports = [
-    ../nixos/profiles/server.nix
+    ../nixos/profiles/router.nix
     #../nixos/profiles/debug.nix
     ../nixos/profiles/lang-fr.nix
     #../nixos/profiles/tor.nix
+    ../nixos/profiles/networking/remote.nix
+    ../nixos/profiles/home.nix
     aubergine/hardware.nix
+    aubergine/nebula.nix
     aubergine/networking.nix
+    aubergine/printing.nix
     aubergine/nginx.nix
     aubergine/backup.nix
     aubergine/sftp.nix
   ];
 
   # Lower kernel's security for better performances
-  boot.kernelParams = [ "mitigations=off" ];
+  security.kernel.mitigations = "off";
 
   home-manager.users.julm = {
     imports = [ ../homes/julm.nix ];
@@ -28,25 +38,26 @@
       hashedPassword = lib.readFile aubergine/users/julm/login/hashedPassword.clear;
       extraGroups = [
         "adbusers"
+        "audio"
         "dialout"
         "networkmanager"
         "tor"
+        "video"
         "wheel"
+        "wireshark"
       ];
-      # If created, zfs-mount.service would require:
-      # zfs set overlay=yes ${hostName}/home
       createHome = true;
       openssh.authorizedKeys.keys = map lib.readFile [
         ../users/root/ssh/losurdo.pub
         ../users/julm/ssh/losurdo.pub
         ../users/julm/ssh/oignon.pub
+        ../users/julm/ssh/pumpkin.pub
         ../users/julm/ssh/redmi.pub
       ];
     };
     users.root = {
       hashedPassword = "!";
-      openssh.authorizedKeys.keys =
-        config.users.users.julm.openssh.authorizedKeys.keys;
+      openssh.authorizedKeys.keys = config.users.users.julm.openssh.authorizedKeys.keys;
     };
     users.sevy = {
       isNormalUser = true;
@@ -54,8 +65,6 @@
       hashedPassword = "!";
       extraGroups = [
       ];
-      # If created, zfs-mount.service would require:
-      # zfs set overlay=yes ${hostName}/home
       createHome = true;
       openssh.authorizedKeys.keys = map lib.readFile [
         ../users/sevy/ssh/patate.pub
@@ -76,7 +85,8 @@
         #"ssh://nix-ssh@oignon.wg?priority=30"
       ];
       trusted-public-keys = map lib.readFile [
-        ../users/root/nix/oignon.pub
+        #../users/root/nix/oignon.pub
+        #../users/root/nix/pumpkin.pub
       ];
     };
     nixPath = lib.mkForce [ "nixpkgs=${inputs.nixpkgs}" ];
@@ -91,6 +101,7 @@
       ../users/julm/ssh/losurdo.pub
       ../users/sevy/ssh/patate.pub
       ../users/julm/ssh/oignon.pub
+      ../users/julm/ssh/pumpkin.pub
     ];
   };
 
julm's NixOS and home-manager configs