commit 88780a641da44c192fba30074fe1c42f56d6990b
parent 58260171cdca51647c4af6daf41a45374de96ced
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 21 Dec 2020 15:40:47 +0100
flake: add a laptop profile
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
4 files changed, 39 insertions(+), 11 deletions(-)
diff --git a/systems/profiles/default.nix b/systems/profiles/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, inputs, ... }:
{
imports = [
@@ -6,6 +6,7 @@
./desktop.nix
./development.nix
./home.nix
+ ./laptop.nix
# FIXME: vpn, server, builder, …
];
diff --git a/systems/profiles/desktop.nix b/systems/profiles/desktop.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
let
- inherit (lib) mkIf mkEnableOption;
+ inherit (lib) mkIf mkEnableOption mkDefault;
cfg = config.profiles.desktop;
in
{
@@ -16,5 +16,8 @@ in
# Enable Plymouth on desktops
plymouth.enable = true;
};
+ nix = {
+ sshServe = mkDefault true;
+ };
};
}
diff --git a/systems/profiles/laptop.nix b/systems/profiles/laptop.nix
@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+let
+ inherit (lib) mkIf mkEnableOption mkForce;
+ cfg = config.profiles.laptop;
+in
+{
+ options = {
+ profiles.laptop = {
+ enable = mkEnableOption "laptop configuration";
+ };
+ };
+ config = mkIf cfg.enable {
+ profiles.desktop.enable = true;
+ nix = {
+ sshServe.enable = mkForce false;
+ };
+ };
+}
diff --git a/users/vincent/default.flake.nix b/users/vincent/default.flake.nix
@@ -20,24 +20,30 @@ in
uid = 1000;
description = "Vincent Demeester";
extraGroups = [ "wheel" "input" ]
- ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]
- ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
- ++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
- ++ optionals config.profiles.docker.enable [ "docker" ]
- ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
- ++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
+ ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ];
+ #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
+ #++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
+ #++ optionals config.profiles.docker.enable [ "docker" ]
+ #++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
+ #++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
shell = mkIf config.programs.zsh.enable pkgs.zsh;
isNormalUser = true;
openssh.authorizedKeys.keys = authorizedKeys;
- # FIXME change this ?
initialPassword = "changeMe";
- # FIXME This might be handled differently by programs.podman, …
subUidRanges = [{ startUid = 100000; count = 65536; }];
subGidRanges = [{ startGid = 100000; count = 65536; }];
};
+ nix = {
+ trustedUsers = [ "vincent" ];
+ sshServe.keys = authorizedKeys;
+ };
+
+ security = {
+ pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+ };
/*
- security.pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+
home-manager.users.vincent = lib.mkMerge
(