From 96142444b2392f8b66c80bca627c0fc5649f751a Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+julm-nix@sourcephile.fr>
Date: Sun, 21 Nov 2021 05:47:34 +0100
Subject: [PATCH] nix: move some settings to nixos/profiles
---
homes/julm.nix | 56 ++++----
homes/julm/hosts/oignon.nix | 1 +
homes/programs/bash.nix | 7 +
homes/programs/firefox.nix | 3 +
homes/sevy.nix | 1 -
homes/sevy/hosts/patate.nix | 13 +-
hosts/oignon.nix | 125 ++--------------
hosts/patate.nix | 174 ++---------------------
hosts/patate/ilico.nix | 14 ++
nixos/profiles/bash.nix | 13 +-
nixos/profiles/graphical.nix | 32 +++++
nixos/profiles/lang-fr.nix | 12 ++
nixos/profiles/networking.nix | 32 +++++
nixos/profiles/printing.nix | 14 ++
nixos/profiles/system.nix | 37 +++++
{hosts/oignon => nixos/profiles}/tor.nix | 0
profiles/networking.nix | 2 +-
profiles/xfce.nix | 2 +-
18 files changed, 219 insertions(+), 319 deletions(-)
create mode 100644 hosts/patate/ilico.nix
create mode 100644 nixos/profiles/graphical.nix
create mode 100644 nixos/profiles/lang-fr.nix
create mode 100644 nixos/profiles/networking.nix
create mode 100644 nixos/profiles/printing.nix
create mode 100644 nixos/profiles/system.nix
rename {hosts/oignon => nixos/profiles}/tor.nix (100%)
diff --git a/homes/julm.nix b/homes/julm.nix
index 121d241..1b5b93e 100644
--- a/homes/julm.nix
+++ b/homes/julm.nix
@@ -6,36 +6,34 @@ imports = [
julm/mutt.nix
(import (julm/hosts + "/${hostName}.nix"))
];
-programs.firefox = {
- profiles =
- let defaultProfile = {
- settings = {
- "browser.bookmarks.showMobileBookmarks" = true;
- "browser.compactmode.show" = true;
- "browser.search.isUS" = false;
- "browser.search.region" = "FR";
- "distribution.searchplugins.defaultLocale" = "fr-FR";
- "general.useragent.locale" = "fr-FR";
- "security.identityblock.show_extended_validation" = true;
- "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
- };
- userChrome = builtins.readFile programs/firefox/userChrome.css;
- }; in {
- "rp4xy6ye.2021" = lib.mkMerge [defaultProfile {
- id = 0;
- name = "2021";
- settings = {
- "browser.startup.homepage" = "https://code.sourcephile.fr";
- };
- }];
- "8y3d28fa.tor" = lib.mkMerge [defaultProfile {
- id = 1;
- name = "tor";
- settings = {
- "browser.startup.homepage" = "https://check.torproject.org";
- };
- }];
+programs.firefox.profiles =
+ let defaultProfile = {
+ settings = {
+ "browser.bookmarks.showMobileBookmarks" = true;
+ "browser.compactmode.show" = true;
+ "browser.search.isUS" = false;
+ "browser.search.region" = "FR";
+ "distribution.searchplugins.defaultLocale" = "fr-FR";
+ "general.useragent.locale" = "fr-FR";
+ "security.identityblock.show_extended_validation" = true;
+ "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
+ userChrome = builtins.readFile programs/firefox/userChrome.css;
+ }; in {
+ "rp4xy6ye.2021" = lib.mkMerge [defaultProfile {
+ id = 0;
+ name = "2021";
+ settings = {
+ "browser.startup.homepage" = "https://code.sourcephile.fr";
+ };
+ }];
+ "8y3d28fa.tor" = lib.mkMerge [defaultProfile {
+ id = 1;
+ name = "tor";
+ settings = {
+ "browser.startup.homepage" = "https://check.torproject.org";
+ };
+ }];
};
home.file."${config.programs.gpg.homedir}/gpg.conf".text = ''
# julm@autogeree.net
diff --git a/homes/julm/hosts/oignon.nix b/homes/julm/hosts/oignon.nix
index 3180717..6c24cf8 100644
--- a/homes/julm/hosts/oignon.nix
+++ b/homes/julm/hosts/oignon.nix
@@ -21,6 +21,7 @@ home.sessionVariables = {
PASSWORD_STORE_DIR = "$HOME/documents/sec/.password-store";
};
home.packages = [
+ pkgs.chromium
pkgs.gpsbabel
(pkgs.qgis.override { extraPythonPackages = (ps: [
ps.pyqt5_with_qtwebkit
diff --git a/homes/programs/bash.nix b/homes/programs/bash.nix
index fed0d59..db8cb2f 100644
--- a/homes/programs/bash.nix
+++ b/homes/programs/bash.nix
@@ -33,6 +33,13 @@ programs.bash = {
# Disable ctrl-s/ctrl-q flow control
stty -ixon
+ ibm-fan () {
+ if [ $# -gt 0 ]
+ then sudo tee /proc/acpi/ibm/fan <<<"level $1"
+ else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
+ fi
+ acpi -t
+ }
mkcd () {
mkdir -p "$1" &&
cd "$1"
diff --git a/homes/programs/firefox.nix b/homes/programs/firefox.nix
index b6cfc36..c34fbc5 100644
--- a/homes/programs/firefox.nix
+++ b/homes/programs/firefox.nix
@@ -1,5 +1,8 @@
{ config, pkgs, lib, ... }:
{
+home.packages = [
+ pkgs.tor-browser-bundle-bin
+];
programs.firefox = {
/*
extensions =
diff --git a/homes/sevy.nix b/homes/sevy.nix
index 0f87810..d3df46f 100644
--- a/homes/sevy.nix
+++ b/homes/sevy.nix
@@ -7,7 +7,6 @@ imports = [
];
programs.git.enable = true;
programs.git.package = pkgs.gitMinimal;
-programs.vim.enable = true;
home.sessionVariables = {
EDITOR = "vim -g";
};
diff --git a/homes/sevy/hosts/patate.nix b/homes/sevy/hosts/patate.nix
index 5cd89bd..8ed7a3d 100644
--- a/homes/sevy/hosts/patate.nix
+++ b/homes/sevy/hosts/patate.nix
@@ -15,17 +15,18 @@ imports = [
../../../profiles/web.nix
../../../profiles/xfce.nix
];
+programs.direnv.enable = true;
+programs.doom-emacs.enable = true;
programs.firefox.enable = false; # error: attribute 'gtk3' missing
-programs.bash.shellAliases.riseup = "sudo ip netns exec riseup sudo -u $USER PULSE_SERVER=/run/user/$(id -u $USER)/pulse/native";
-programs.bash.shellAliases.firefox = "riseup firefox";
+programs.git.enable = true;
home.sessionVariables = {
};
home.packages = [
- pkgs.gpsbabel
- (pkgs.qgis.override { extraPythonPackages = (ps: [
- ps.pyqt5_with_qtwebkit
- ]); })
+ pkgs.chromium
pkgs.firefox
+ #(pkgs.qgis.override { extraPythonPackages = (ps: [
+ # ps.pyqt5_with_qtwebkit
+ #]); })
#pkgs.libva-utils
#pkgs.ristretto
];
diff --git a/hosts/oignon.nix b/hosts/oignon.nix
index 2f6cbf8..2ea3c34 100644
--- a/hosts/oignon.nix
+++ b/hosts/oignon.nix
@@ -2,11 +2,15 @@
{
imports = [
../nixos/profiles/dnscrypt-proxy2.nix
+ ../nixos/profiles/graphical.nix
+ ../nixos/profiles/lang-fr.nix
+ ../nixos/profiles/networking.nix
+ ../nixos/profiles/printing.nix
../nixos/profiles/security.nix
+ ../nixos/profiles/system.nix
../nixos/profiles/wireguard/wg-intra.nix
oignon/hardware.nix
oignon/wireguard.nix
- oignon/tor.nix
oignon/backup.nix
];
@@ -17,8 +21,6 @@ home-manager.users.julm = {
systemd.services.home-manager-julm.postStart = ''
${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/julm/home-manager
'';
-security.lockKernelModules = false;
-users.mutableUsers = false;
users.users.julm = {
isNormalUser = true;
uid = 1000;
@@ -40,18 +42,16 @@ users.users.julm = {
# If created, zfs-mount.service would require:
# zfs set overlay=yes ${hostName}/home
createHome = false;
+ openssh.authorizedKeys.keys = map lib.readFile [
+ ../private/shared/ssh/julm/losurdo.pub
+ ];
};
nix = {
extraOptions = ''
secret-key-files = ${private}/${hostName}/nix/binary-cache/priv.pem
'';
- autoOptimiseStore = true;
- gc.automatic = true;
- gc.dates = "weekly";
- gc.options = "--delete-older-than 7d";
- nixPath = lib.mkForce [];
- trustedUsers = [ config.users.users.julm.name ];
+ trustedUsers = [ config.users.users."julm".name ];
binaryCaches = [
"http://nix-localcache.losurdo.wg"
];
@@ -62,15 +62,6 @@ nix = {
#environment.etc."nixpkgs".source = pkgs.path;
#environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
-documentation = {
- enable = true;
- dev.enable = true;
- doc.enable = true;
- info.enable = false;
- man.enable = true;
- nixos.enable = false;
-};
-
nix.allowedUsers = [ config.users.users."nix-ssh".name ];
nix.sshServe = {
enable = true;
@@ -80,80 +71,11 @@ nix.sshServe = {
../private/shared/ssh/julm/oignon.pub
];
};
-users.users.julm.openssh.authorizedKeys.keys = map lib.readFile [
- ../private/shared/ssh/julm/losurdo.pub
-];
-
-time.timeZone = "Europe/Paris";
-i18n.defaultLocale = "fr_FR.UTF-8";
-console.font = "Lat2-Terminus16";
-console.keyMap = "fr";
-
-networking = {
- hostName = hostName;
- domain = "localdomain";
- search = [ "sourcephile.fr" ];
- networkmanager = {
- enable = true;
- #dhcp = "dhcpcd";
- logLevel = "INFO";
- wifi = {
- #backend = "iwd";
- #backend = "wpa_supplicant";
- powersave = false;
- };
- };
- firewall = {
- enable = true;
- allowPing = true;
- };
-};
-
-sound.enable = true;
-hardware.pulseaudio.enable = true;
-hardware.sane.enable = true;
-hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
-
-environment.variables = {
- EDITOR = "vim";
- PAGER = "less -R";
- SYSTEMD_LESS = "FKMRX";
-};
-
-programs.bash.interactiveShellInit = ''
- fan () {
- if [ $# -gt 0 ]
- then sudo tee /proc/acpi/ibm/fan <<<"level $1"
- else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
- fi
- acpi -t
- }
-'';
-programs.dconf.enable = true;
-programs.mtr.enable = true;
-services.avahi = {
- enable = true;
- nssmdns = true;
- openFirewall = false;
- publish = {
- enable = false;
- };
-};
-services.davfs2.enable = true;
-fileSystems."/home/julm/mnt/ilico/severine" = {
- device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
- fsType = "davfs";
- options =
- let conf = pkgs.writeText "davfs2.conf" ''
- backup_dir /home/julm/documents/backup/ilico/severine
- cache_dir /home/julm/.cache/davfs2/ilico/severine
- ''; in
- [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
-};
environment.systemPackages = [
pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
];
+
programs.fuse.userAllowOther = true;
fileSystems."/mnt/losurdo" = {
device = "${pkgs.sshfsFuse}/bin/sshfs#julm@losurdo.wg:/";
@@ -177,10 +99,7 @@ fileSystems."/mnt/losurdo" = {
"ServerAliveInterval=15"
];
};
-services.dbus = {
- packages = [ pkgs.gnome3.dconf ];
-};
-services.gvfs.enable = true;
+
services.ipfs = {
#enable = true;
defaultMode = "online";
@@ -196,31 +115,16 @@ services.ipfs = {
};
startWhenNeeded = true;
};
-services.openssh = {
- forwardX11 = true;
- openFirewall = true;
-};
-services.printing = {
- enable = true;
- drivers = [
- pkgs.gutenprint
- pkgs.hplip
- ];
-};
+
services.udev = {
packages = [
- # Allow members of the "adbusers" group to mount Android devices via MTP.
- pkgs.android-udev-rules
# Allow the console user access the Yubikey USB device node,
# needed for challenge/response to work correctly.
pkgs.yubikey-personalization
];
};
+
services.xserver = {
- enable = true;
- layout = "fr";
- xkbOptions = "eurosign:e";
- libinput.enable = true;
desktopManager = {
session = [
# Let the session be generated by home-manager
@@ -235,8 +139,9 @@ services.xserver = {
displayManager = {
defaultSession = "home-manager";
#defaultSession = "none+xmonad";
+ #defaultSession = "mate";
+ #defaultSession = "cinnamon";
autoLogin = {
- enable = true;
user = config.users.users.julm.name;
};
};
diff --git a/hosts/patate.nix b/hosts/patate.nix
index c30728a..341c162 100644
--- a/hosts/patate.nix
+++ b/hosts/patate.nix
@@ -1,8 +1,14 @@
-{ config, pkgs, lib, inputs, hostName, ... }:
+{ config, pkgs, lib, ... }:
{
imports = [
../nixos/profiles/dnscrypt-proxy2.nix
+ ../nixos/profiles/graphical.nix
+ ../nixos/profiles/lang-fr.nix
+ ../nixos/profiles/networking.nix
+ ../nixos/profiles/printing.nix
../nixos/profiles/security.nix
+ ../nixos/profiles/system.nix
+ ../nixos/profiles/tor.nix
../nixos/profiles/wireguard/wg-intra.nix
patate/backup.nix
patate/hardware.nix
@@ -15,8 +21,6 @@ home-manager.users.sevy = {
systemd.services.home-manager-sevy.postStart = ''
${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/sevy/home-manager
'';
-security.lockKernelModules = false;
-users.mutableUsers = false;
users.users.sevy = {
isNormalUser = true;
uid = 1000;
@@ -38,14 +42,7 @@ users.users.sevy = {
};
nix = {
- extraOptions = ''
- '';
- autoOptimiseStore = true;
- gc.automatic = true;
- gc.dates = "weekly";
- gc.options = "--delete-older-than 7d";
- nixPath = lib.mkForce [ ];
- trustedUsers = [ config.users.users.sevy.name ];
+ trustedUsers = [ config.users.users."sevy".name ];
binaryCaches = [
"http://nix-localcache.losurdo.wg"
"ssh://nix-ssh@oignon.wg"
@@ -55,171 +52,26 @@ nix = {
../private/shared/nix/oignon.pub
];
};
-services.openssh.passwordAuthentication = false;
environment.systemPackages = [
- pkgs.riseup-vpn
+ pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
];
-documentation.nixos.enable = true;
-time.timeZone = "Europe/Paris";
-i18n.defaultLocale = "fr_FR.UTF-8";
-console.font = "Lat2-Terminus16";
-console.keyMap = "fr";
-
-networking = {
- hostName = hostName;
- domain = "localdomain";
- networkmanager = {
- enable = true;
- #dhcp = "dhcpcd";
- logLevel = "INFO";
- wifi = {
- #backend = "iwd";
- #backend = "wpa_supplicant";
- powersave = false;
- };
- };
- firewall = {
- enable = true;
- allowPing = false;
- allowedTCPPorts = [
- 51413 # transmission-gtk
- 4662 # edonkey
- ];
- allowedUDPPorts = [
- 51413 # transmission-gtk
- 4667 # edonkey
- 4672 # edonkey
- ];
- };
-};
-
-sound.enable = true;
-hardware.pulseaudio.enable = true;
-hardware.sane.enable = true;
-hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
-
-environment.variables = {
- EDITOR = "vim -g";
- PAGER = "less -R";
- SYSTEMD_LESS = "FKMRX";
-};
-
-programs = {
- bash = {
- interactiveShellInit = ''
- bind '"\e[A":history-search-backward'
- bind '"\e[B":history-search-forward'
-
- # Ignore duplicate commands, ignore commands starting with a space
- export HISTCONTROL=erasedups:ignorespace
- export HISTSIZE=42000
- # Append to the history instead of overwriting (good for multiple connections)
- shopt -s histappend
-
- # Utilities
- mkcd () { mkdir -p "$1"; cd "$1"; }
- fan () {
- if [ $# -gt 0 ]
- then sudo tee /proc/acpi/ibm/fan <<<"level $1"
- else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
- fi
- acpi -t
- }
- '';
- shellAliases = {
- cl = "clear";
- grep = "grep --color";
- l = "ls -alh";
- ll = "ls -al";
- ls = "ls --color=tty";
- mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
-
- s="sudo systemctl";
- st="sudo systemctl status";
- u="systemctl --user";
- j="sudo journalctl -u";
- jb="sudo journalctl -b";
-
- nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
- mv = "mv -i";
- sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
- };
- };
- dconf.enable = true;
- mtr.enable = true;
-};
-
-services.avahi = {
- enable = true;
- nssmdns = true;
- openFirewall = false;
- publish = {
- enable = false;
- };
-};
-services.davfs2.enable = true;
-fileSystems."/home/sevy/mnt/ilico/severine" = {
- device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
- fsType = "davfs";
- options =
- let conf = pkgs.writeText "davfs2.conf" ''
- backup_dir /home/sevy/Documents/EnTransfert/ilico/severine
- cache_dir /home/sevy/.cache/davfs2/ilico/severine
- ''; in
- [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
-};
-services.dbus = {
- packages = [ pkgs.gnome3.dconf ];
-};
-services.gvfs = {
- enable = true;
-};
-services.journald = {
- extraConfig = ''
- Compress=true
- MaxRetentionSec=1month
- Storage=persistent
- SystemMaxUse=100M
- '';
-};
services.physlock = {
enable = true;
allowAnyUser = true;
# NOTE: xfconf-query -c xfce4-session -p /general/LockCommand -s "physlock" --create -t string
};
-services.printing = {
- enable = true;
- drivers = [
- pkgs.gutenprint
- pkgs.hplip
- ];
-};
-services.udev = {
- packages = [
- # Allow members of the "adbusers" group to mount Android devices via MTP
- pkgs.android-udev-rules
- ];
-};
+
services.xserver = {
- enable = true;
- layout = "fr";
- xkbOptions = "eurosign:e";
- libinput.enable = true;
desktopManager = {
- xfce = {
- enable = true;
- thunarPlugins = [
- #pkgs.xfce.thunar-archive-plugin
- ];
- };
+ mate.enable = true;
+ xfce.enable = true;
xterm.enable = false;
};
displayManager = {
- defaultSession = "xfce";
+ defaultSession = "mate";
autoLogin = {
- enable = true;
user = config.users.users.sevy.name;
};
};
diff --git a/hosts/patate/ilico.nix b/hosts/patate/ilico.nix
new file mode 100644
index 0000000..6704398
--- /dev/null
+++ b/hosts/patate/ilico.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, lib, ... }:
+{
+services.davfs2.enable = true;
+fileSystems."/home/sevy/mnt/ilico/severine" = {
+ device = "https://nuage.ilico.org/remote.php/dav/files/severine/";
+ fsType = "davfs";
+ options =
+ let conf = pkgs.writeText "davfs2.conf" ''
+ backup_dir /home/sevy/Documents/EnTransfert/ilico/severine
+ cache_dir /home/sevy/.cache/davfs2/ilico/severine
+ ''; in
+ [ "conf=${conf}" "user" "noexec" "nosuid" "noauto" ]; # "x-systemd.automount"
+};
+}
diff --git a/nixos/profiles/bash.nix b/nixos/profiles/bash.nix
index f52add1..3dc19c7 100644
--- a/nixos/profiles/bash.nix
+++ b/nixos/profiles/bash.nix
@@ -1,4 +1,4 @@
-
+{
programs = {
bash = {
interactiveShellInit = ''
@@ -13,13 +13,6 @@ programs = {
# Utilities
mkcd () { mkdir -p "$1"; cd "$1"; }
- fan () {
- if [ $# -gt 0 ]
- then sudo tee /proc/acpi/ibm/fan <<<"level $1"
- else grep '^\(level\|speed\):' /proc/acpi/ibm/fan
- fi
- acpi -t
- }
'';
shellAliases = {
cl = "clear";
@@ -31,12 +24,12 @@ programs = {
s="sudo systemctl";
st="sudo systemctl status";
- u="systemctl --user";
j="sudo journalctl -u";
jb="sudo journalctl -b";
nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
mv = "mv -i";
- sshfs = "sshfs -o ServerAliveInterval=15 -o reconnect -f";
};
};
+};
+}
diff --git a/nixos/profiles/graphical.nix b/nixos/profiles/graphical.nix
new file mode 100644
index 0000000..4622f0b
--- /dev/null
+++ b/nixos/profiles/graphical.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, lib, ... }:
+{
+networking.networkmanager = {
+ enable = lib.mkDefault true;
+ #dhcp = "dhcpcd";
+ logLevel = lib.mkDefault "INFO";
+ wifi = {
+ #backend = "iwd";
+ #backend = "wpa_supplicant";
+ powersave = lib.mkDefault false;
+ };
+};
+
+services.dbus.packages = [ pkgs.gnome3.dconf ];
+services.gvfs.enable = lib.mkDefault true;
+
+sound.enable = lib.mkDefault true;
+hardware.pulseaudio.enable = lib.mkDefault true;
+
+services.udev.packages = [
+ # Allow members of the "adbusers" group to mount Android devices via MTP.
+ pkgs.android-udev-rules
+];
+
+services.xserver = {
+ enable = lib.mkDefault true;
+ desktopManager = {
+ xterm.enable = lib.mkDefault false;
+ };
+ displayManager.autoLogin.enable = lib.mkDefault true;
+};
+}
diff --git a/nixos/profiles/lang-fr.nix b/nixos/profiles/lang-fr.nix
new file mode 100644
index 0000000..a09ccf7
--- /dev/null
+++ b/nixos/profiles/lang-fr.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+{
+time.timeZone = lib.mkDefault "Europe/Paris";
+i18n.defaultLocale = "fr_FR.UTF-8";
+console.font = "Lat2-Terminus16";
+console.keyMap = "fr";
+services.xserver = {
+ layout = "fr";
+ xkbOptions = "eurosign:e";
+ libinput.enable = true;
+};
+}
diff --git a/nixos/profiles/networking.nix b/nixos/profiles/networking.nix
new file mode 100644
index 0000000..6ae4a1d
--- /dev/null
+++ b/nixos/profiles/networking.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, lib, hostName, ... }:
+let
+ wg-intra-peers = import wireguard/wg-intra/peers.nix;
+in
+{
+networking = {
+ hostName = hostName;
+ domain = lib.mkDefault "localdomain";
+ search = [ "sourcephile.fr" ];
+ firewall = {
+ enable = lib.mkDefault true;
+ allowPing = lib.mkDefault true;
+ };
+};
+
+programs.mtr.enable = true;
+
+services.avahi = {
+ enable = lib.mkDefault true;
+ nssmdns = lib.mkDefault true;
+ openFirewall = lib.mkDefault false;
+ publish.enable = lib.mkDefault false;
+};
+
+services.openssh = {
+ forwardX11 = lib.mkDefault true;
+ openFirewall = true;
+ listenAddresses = [
+ { addr = wg-intra-peers.${hostName}.ipv4; port = 22; }
+ ];
+};
+}
diff --git a/nixos/profiles/printing.nix b/nixos/profiles/printing.nix
new file mode 100644
index 0000000..e997e6e
--- /dev/null
+++ b/nixos/profiles/printing.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, lib, ... }:
+{
+services.printing = {
+ enable = true;
+ drivers = [
+ pkgs.gutenprint
+ pkgs.hplip
+ ];
+};
+hardware.sane.enable = true;
+hardware.sane.extraBackends = [
+ pkgs.hplipWithPlugin
+];
+}
diff --git a/nixos/profiles/system.nix b/nixos/profiles/system.nix
new file mode 100644
index 0000000..edf986e
--- /dev/null
+++ b/nixos/profiles/system.nix
@@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+{
+imports = [
+ ./bash.nix
+];
+documentation = {
+ enable = lib.mkDefault true;
+ dev.enable = lib.mkDefault false;
+ doc.enable = lib.mkDefault true;
+ info.enable = lib.mkDefault false;
+ man.enable = lib.mkDefault true;
+ nixos.enable = lib.mkDefault false;
+};
+environment.variables = {
+ EDITOR = "vim";
+ PAGER = "less -R";
+ SYSTEMD_LESS = "FKMRX";
+};
+nix = {
+ autoOptimiseStore = lib.mkDefault true;
+ gc.automatic = lib.mkDefault true;
+ gc.dates = lib.mkDefault "weekly";
+ gc.options = lib.mkDefault "--delete-older-than 7d";
+ nixPath = lib.mkForce [ ];
+};
+security.lockKernelModules = false;
+services.openssh.passwordAuthentication = false;
+services.journald = {
+ extraConfig = ''
+ Compress=true
+ MaxRetentionSec=1month
+ Storage=persistent
+ SystemMaxUse=100M
+ '';
+};
+users.mutableUsers = false;
+}
diff --git a/hosts/oignon/tor.nix b/nixos/profiles/tor.nix
similarity index 100%
rename from hosts/oignon/tor.nix
rename to nixos/profiles/tor.nix
diff --git a/profiles/networking.nix b/profiles/networking.nix
index 116ccb3..0133011 100644
--- a/profiles/networking.nix
+++ b/profiles/networking.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, nixosConfig, ... }:
+{ pkgs, lib, config, ... }:
{
programs.git.enable = lib.mkDefault true;
programs.ssh.enable = lib.mkDefault true;
diff --git a/profiles/xfce.nix b/profiles/xfce.nix
index dfb2633..7f87b07 100644
--- a/profiles/xfce.nix
+++ b/profiles/xfce.nix
@@ -7,7 +7,7 @@ home.file.".profile".text = ''
fi
'';
home.packages = [
- pkgs.mate.caja # Thunar does not map user_id over sftp://
+ pkgs.mate.caja-with-extensions # Thunar does not map user_id over sftp://
pkgs.elementary-xfce-icon-theme
pkgs.gnome3.defaultIconTheme
pkgs.gnome3.file-roller
--
2.47.2