default.nix
1 { config, lib, pkgs, ... }: 2 3 let 4 inherit (lib) importTOML attrsets hasAttr optionals versionAtLeast mkIf; 5 metadata = importTOML ../../ops/hosts.toml; 6 hasSSHAttr = name: value: hasAttr "ssh" value; 7 authorizedKeys = attrsets.mapAttrsToList 8 (name: value: value.ssh.pubkey) 9 (attrsets.filterAttrs hasSSHAttr metadata.hosts); 10 11 hasConfigVirtualizationContainers = builtins.hasAttr "containers" config.virtualisation; 12 isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false; 13 in 14 { 15 warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ]; 16 users.users.vincent = { 17 createHome = true; 18 uid = 1000; 19 description = "Vincent Demeester"; 20 extraGroups = [ "wheel" "input" ] 21 ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] 22 ++ optionals config.modules.desktop.enable [ "audio" "video" ] 23 # ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] 24 ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] 25 ++ optionals config.virtualisation.docker.enable [ "docker" ] 26 ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] 27 ++ optionals config.modules.virtualisation.libvirt.enable [ "libvirtd" ] 28 ++ optionals config.services.nginx.enable [ "nginx" ] 29 ++ optionals config.security.tpm2.enable [ "tss" ]; 30 shell = mkIf config.programs.zsh.enable pkgs.zsh; 31 isNormalUser = true; 32 openssh.authorizedKeys.keys = authorizedKeys 33 ++ metadata.ssh.keys.vincent 34 ++ metadata.ssh.keys.root; 35 initialPassword = "changeMe"; 36 subUidRanges = [{ startUid = 100000; count = 65536; }]; 37 subGidRanges = [{ startGid = 100000; count = 65536; }]; 38 }; 39 40 nix = { 41 settings = { 42 trusted-users = [ "vincent" ]; 43 }; 44 sshServe.keys = authorizedKeys; 45 }; 46 47 security = { 48 pam = { 49 # Nix will hit the stack limit when using `nixFlakes`. 50 loginLimits = [ 51 { domain = config.users.users.vincent.name; item = "stack"; type = "-"; value = "unlimited"; } 52 ]; 53 }; 54 }; 55 56 # Enable user units to persist after sessions end. 57 system.activationScripts.loginctl-enable-linger-vincent = lib.stringAfter [ "users" ] '' 58 ${pkgs.systemd}/bin/loginctl enable-linger ${config.users.users.vincent.name} 59 ''; 60 61 # To use nixos config in home-manager configuration, use the nixosConfig attr. 62 # This make it possible to import the whole configuration, and let each module 63 # load their own. 64 # FIXME(vdemeester) using nixosConfig, we can get the NixOS configuration from 65 # the home-manager configuration. This should help play around the conditions 66 # inside each "home-manager" modules instead of here. 67 home-manager.users.vincent = lib.mkMerge 68 ( 69 [ 70 (import ./core) 71 (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; }) 72 ] 73 ++ optionals config.modules.editors.emacs.enable [ 74 (import ./dev/emacs.nix) 75 ] 76 ++ optionals config.modules.dev.enable [ 77 (import ./dev) 78 # TODO Move it elsewhere ? 79 (import ./containers/kubernetes.nix) 80 (import ./containers/openshift.nix) 81 (import ./containers/tekton.nix) 82 { 83 # Enable only on dev, could do something better than this longterm 😀 84 services.keybase.enable = true; 85 } 86 ] 87 ++ optionals config.modules.dev.containers.enable [ 88 (import ./containers) 89 ] 90 ++ optionals config.modules.desktop.enable [ (import ./desktop) ] 91 ++ optionals (config.networking.hostName == "wakasu" || config.networking.hostName == "aomi") [ 92 { 93 # Move this to its own module 94 home.packages = with pkgs; [ 95 libosinfo 96 asciinema 97 oathToolkit 98 p7zip 99 ]; 100 home.file."bin/msmtp" = { 101 text = '' 102 #!${pkgs.stdenv.shell} 103 ${pkgs.libnotify}/bin/notify-send "Sending mail ✉️" 104 ${pkgs.msmtp}/bin/msmtp --read-envelope-from $@ 105 ''; 106 executable = true; 107 }; 108 programs.mbsync.enable = true; 109 # programs.lieer.enable = true; 110 programs.aerc.enable = true; 111 programs.msmtp.enable = true; 112 programs.mu.enable = true; 113 # programs.notmuch.enable = true; 114 accounts.email = { 115 maildirBasePath = "desktop/mails"; 116 accounts = { 117 "icloud" = { 118 primary = true; 119 address = "vincent@demeester.fr"; 120 userName = "vdemeester@icloud.com"; 121 realName = "Vincent Demeester"; 122 passwordCommand = "${pkgs.passage}/bin/passage show mails/icloud/vdemeester"; 123 imap.host = "imap.mail.me.com"; 124 smtp.host = "smtp.mail.me.com"; 125 smtp.port = 587; 126 mbsync = { 127 enable = true; 128 create = "both"; 129 expunge = "both"; 130 extraConfig = { 131 channel = { 132 Sync = "All"; 133 }; 134 account = { 135 Timeout = 120; 136 PipelineDepth = 1; 137 }; 138 }; 139 }; 140 mu.enable = true; 141 msmtp = { 142 enable = true; 143 extraConfig = { 144 tls_starttls = "on"; 145 }; 146 }; 147 }; 148 # We will forward those to a "central" mail account. 149 "gmail" = { 150 address = "vinc.demeester@gmail.com"; 151 userName = "vinc.demeester@gmail.com"; 152 realName = "Vincent Demeester"; 153 passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/vinc.demeester"; 154 imap.host = "imap.gmail.com"; 155 smtp.host = "smtp.gmail.com"; 156 flavor = "gmail.com"; 157 # aerc.enable = true; 158 msmtp = { 159 enable = true; 160 # extraConfig = { 161 # tls_starttls = "on"; 162 # }; 163 }; 164 # This is here for doing backup 165 mbsync = { 166 enable = true; 167 create = "both"; 168 expunge = "both"; 169 # Sync everything *but* "[Gmail] All Mail" to get the "organized" view. 170 patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/Trash" "[Gmail]/Drafts" ]; 171 extraConfig = { 172 channel = { 173 Sync = "All"; 174 }; 175 account = { 176 Timeout = 120; 177 PipelineDepth = 1; 178 }; 179 }; 180 }; 181 }; 182 "redhat" = { 183 # primary = true; # because it's work, but it's really just for notmuch 184 address = "vdemeest@redhat.com"; 185 userName = "vdemeest@redhat.com"; 186 realName = "Vincent Demeester"; 187 passwordCommand = "${pkgs.passage}/bin/passage show mails/gmail/redhat"; 188 imap.host = "imap.gmail.com"; 189 smtp.host = "smtp.gmail.com"; 190 flavor = "gmail.com"; 191 mbsync = { 192 enable = true; 193 create = "both"; 194 expunge = "both"; 195 # Sync everything *but* "[Gmail] All Mail" to get the "organized" view. 196 patterns = [ "*" "!area/github" "!memo-list" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/Trash" "[Gmail]/Drafts" ]; 197 extraConfig = { 198 channel = { 199 Sync = "All"; 200 }; 201 account = { 202 Timeout = 120; 203 PipelineDepth = 1; 204 }; 205 }; 206 }; 207 mu.enable = true; 208 # aerc.enable = true; 209 msmtp = { 210 enable = true; 211 # extraConfig = { 212 # tls_starttls = "on"; 213 # }; 214 }; 215 }; 216 }; 217 }; 218 } 219 ] 220 # ++ optionals config.virtualisation.docker.enable [ 221 # { 222 # home.packages = with pkgs; [ docker docker-compose dive ]; 223 # } 224 # ] 225 #++ optionals config.profiles.redhat.enable [{ 226 # home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop; 227 # home.packages = with pkgs; [ gnome3.zenity oathToolkit ]; 228 #}] 229 ); 230 }