default.nix (4439B)
1 { config, lib, pkgs, ... }: 2 3 let 4 inherit (lib) importTOML attrsets hasAttr optionals versionAtLeast mkIf; 5 metadata = importTOML ../../ops/hosts.toml; 6 hasSSHAttr = name: value: hasAttr "ssh" value; 7 authorizedKeys = attrsets.mapAttrsToList 8 (name: value: value.ssh.pubkey) 9 (attrsets.filterAttrs hasSSHAttr metadata.hosts); 10 11 hasConfigVirtualizationContainers = builtins.hasAttr "containers" config.virtualisation; 12 isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false; 13 in 14 { 15 warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ]; 16 sops.secrets.u2f_keys = mkIf (config.modules.hardware.yubikey.enable && config.modules.hardware.yubikey.u2f) { 17 path = "/home/vincent/.config/Yubico/u2f_keys"; 18 owner = "vincent"; 19 }; 20 users.users.vincent = { 21 createHome = true; 22 uid = 1000; 23 description = "Vincent Demeester"; 24 extraGroups = [ "wheel" "input" ] 25 ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] 26 ++ optionals config.modules.desktop.enable [ "audio" "video" ] 27 # ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] 28 ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] 29 ++ optionals config.virtualisation.docker.enable [ "docker" ] 30 ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] 31 ++ optionals config.modules.virtualisation.libvirt.enable [ "libvirtd" ] 32 ++ optionals config.services.nginx.enable [ "nginx" ]; 33 shell = mkIf config.programs.zsh.enable pkgs.zsh; 34 isNormalUser = true; 35 openssh.authorizedKeys.keys = authorizedKeys 36 ++ metadata.ssh.keys.vincent 37 ++ metadata.ssh.keys.root; 38 initialPassword = "changeMe"; 39 subUidRanges = [{ startUid = 100000; count = 65536; }]; 40 subGidRanges = [{ startGid = 100000; count = 65536; }]; 41 }; 42 43 nix = { 44 settings = { 45 trusted-users = [ "vincent" ]; 46 }; 47 sshServe.keys = authorizedKeys; 48 }; 49 50 security = { 51 pam = { 52 # Nix will hit the stack limit when using `nixFlakes`. 53 loginLimits = [ 54 { domain = config.users.users.vincent.name; item = "stack"; type = "-"; value = "unlimited"; } 55 ]; 56 }; 57 }; 58 59 # Enable user units to persist after sessions end. 60 system.activationScripts.loginctl-enable-linger-vincent = lib.stringAfter [ "users" ] '' 61 ${pkgs.systemd}/bin/loginctl enable-linger ${config.users.users.vincent.name} 62 ''; 63 64 # To use nixos config in home-manager configuration, use the nixosConfig attr. 65 # This make it possible to import the whole configuration, and let each module 66 # load their own. 67 # FIXME(vdemeester) using nixosConfig, we can get the NixOS configuration from 68 # the home-manager configuration. This should help play around the conditions 69 # inside each "home-manager" modules instead of here. 70 home-manager.users.vincent = lib.mkMerge 71 ( 72 [ 73 (import ./core) 74 (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; }) 75 ] 76 ++ optionals config.modules.editors.emacs.enable [ 77 (import ./dev/emacs.nix) 78 ] 79 ++ optionals config.modules.dev.enable [ 80 (import ./dev) 81 # TODO Move it elsewhere ? 82 (import ./containers/kubernetes.nix) 83 (import ./containers/openshift.nix) 84 (import ./containers/tekton.nix) 85 { 86 # Enable only on dev, could do something better than this longterm 😀 87 services.keybase.enable = true; 88 } 89 ] 90 ++ optionals config.modules.dev.containers.enable [ 91 (import ./containers) 92 ] 93 ++ optionals config.modules.desktop.enable [ (import ./desktop) ] 94 ++ optionals (config.networking.hostName == "wakasu" || config.networking.hostName == "aomi") [ 95 { 96 home.packages = with pkgs; [ 97 libosinfo 98 asciinema 99 oathToolkit 100 p7zip 101 ]; 102 } 103 ] 104 # ++ optionals config.virtualisation.docker.enable [ 105 # { 106 # home.packages = with pkgs; [ docker docker-compose dive ]; 107 # } 108 # ] 109 #++ optionals config.profiles.redhat.enable [{ 110 # home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop; 111 # home.packages = with pkgs; [ gnome3.zenity oathToolkit ]; 112 #}] 113 ); 114 }