home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 88780a641da44c192fba30074fe1c42f56d6990b
parent 58260171cdca51647c4af6daf41a45374de96ced
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Mon, 21 Dec 2020 15:40:47 +0100

flake: add a laptop profile

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/profiles/default.nix | 3++-
Msystems/profiles/desktop.nix | 5++++-
Asystems/profiles/laptop.nix | 18++++++++++++++++++
Musers/vincent/default.flake.nix | 24+++++++++++++++---------
4 files changed, 39 insertions(+), 11 deletions(-)

diff --git a/systems/profiles/default.nix b/systems/profiles/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, inputs, ... }: { imports = [ @@ -6,6 +6,7 @@ ./desktop.nix ./development.nix ./home.nix + ./laptop.nix # FIXME: vpn, server, builder, … ]; diff --git a/systems/profiles/desktop.nix b/systems/profiles/desktop.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkEnableOption mkDefault; cfg = config.profiles.desktop; in { @@ -16,5 +16,8 @@ in # Enable Plymouth on desktops plymouth.enable = true; }; + nix = { + sshServe = mkDefault true; + }; }; } diff --git a/systems/profiles/laptop.nix b/systems/profiles/laptop.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +let + inherit (lib) mkIf mkEnableOption mkForce; + cfg = config.profiles.laptop; +in +{ + options = { + profiles.laptop = { + enable = mkEnableOption "laptop configuration"; + }; + }; + config = mkIf cfg.enable { + profiles.desktop.enable = true; + nix = { + sshServe.enable = mkForce false; + }; + }; +} diff --git a/users/vincent/default.flake.nix b/users/vincent/default.flake.nix @@ -20,24 +20,30 @@ in uid = 1000; description = "Vincent Demeester"; extraGroups = [ "wheel" "input" ] - ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ] - ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] - ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] - ++ optionals config.profiles.docker.enable [ "docker" ] - ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] - ++ optionals config.profiles.virtualization.enable [ "libvirtd" ]; + ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]; + #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] + #++ optionals config.networking.networkmanager.enable [ "networkmanager" ] + #++ optionals config.profiles.docker.enable [ "docker" ] + #++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] + #++ optionals config.profiles.virtualization.enable [ "libvirtd" ]; shell = mkIf config.programs.zsh.enable pkgs.zsh; isNormalUser = true; openssh.authorizedKeys.keys = authorizedKeys; - # FIXME change this ? initialPassword = "changeMe"; - # FIXME This might be handled differently by programs.podman, … subUidRanges = [{ startUid = 100000; count = 65536; }]; subGidRanges = [{ startGid = 100000; count = 65536; }]; }; + nix = { + trustedUsers = [ "vincent" ]; + sshServe.keys = authorizedKeys; + }; + + security = { + pam.services.vincent.fprintAuth = config.services.fprintd.enable; + }; /* - security.pam.services.vincent.fprintAuth = config.services.fprintd.enable; + home-manager.users.vincent = lib.mkMerge (