lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity
config-perso/BOcal/net-user/configuration.nix

150 lines
6.4 KiB
Nix
Raw Normal View History

config BOQ
2024-04-13 00:03:06 +02:00
distant-users-id:
{ pkgs, lib, users, mods, ... }: {
imports = [
<nixos/nixos/modules/installer/netboot/netboot.nix>
<nixos/nixos/modules/installer/cd-dvd/channel.nix>
<home-manager/nixos>
(users.root { ssh = true; })
];
system.stateVersion = "23.11";
networking = {
hostName = "net-bocal";
firewall.enable = false;
};
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
environment.systemPackages = with pkgs; [
git
];
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("bocal")
&& (
//action.id == "org.freedesktop.login1.chvt" ||
action.id == "org.freedesktop.accounts.change-own-password" ||
action.id == "org.freedesktop.locale1.set-keyboard" ||
action.id == "org.freedesktop.locale1.set-locale" ||
action.id == "org.freedesktop.login1.attach-device" ||
action.id == "org.freedesktop.login1.flush-devices" ||
action.id == "org.freedesktop.login1.halt" ||
action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
action.id == "org.freedesktop.login1.hibernate" ||
action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
action.id == "org.freedesktop.login1.inhibit-block-idle" ||
action.id == "org.freedesktop.login1.inhibit-block-shutdown" ||
action.id == "org.freedesktop.login1.inhibit-block-sleep" ||
action.id == "org.freedesktop.login1.inhibit-delay-shutdown" ||
action.id == "org.freedesktop.login1.inhibit-delay-sleep" ||
action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" ||
action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" ||
action.id == "org.freedesktop.login1.inhibit-handle-power-key" ||
action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" ||
action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" ||
action.id == "org.freedesktop.login1.lock-sessions" ||
action.id == "org.freedesktop.login1.manage" ||
action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.set-reboot-parameter" ||
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
action.id == "org.freedesktop.login1.set-self-linger" ||
action.id == "org.freedesktop.login1.set-user-linger" ||
action.id == "org.freedesktop.login1.set-wall-message" ||
action.id == "org.freedesktop.login1.suspend" ||
action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
action.id == "org.freedesktop.login1.suspend-multiple-sessions"
)
)
{
return polkit.Result.NO;
}
})
'';
users.groups.bocal.gid = 2000;
users.users = let
template = { name, uid }: {
inherit name;
value = {
isNormalUser = true;
inherit uid;
shell = pkgs.zsh;
group = "bocal";
homeMode = "750";
};
};
in builtins.listToAttrs (map template distant-users-id) // {
root.hashedPassword = "$y$j9T$GK2ejPfMgk0GlBqZX0aBo/$n3nds9zcBi8X8p9aG5Aywq1A.R6Bt/dIOccvfIdMM/1";
root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
];
};
home-manager.users = let
template = { name, uid }: {
inherit name;
value = {
home.stateVersion = "23.11";
imports = with mods.home; [ zsh neovim ];
programs.zsh.profileExtra = "exec ${pkgs.plasma5Packages.plasma-workspace}/bin/startplasma-wayland";
programs.firefox.enable = true;
home.packages = with pkgs; [
gedit
];
};
};
in builtins.listToAttrs (map template distant-users-id);
services.getty = {
loginProgram = pkgs.writeShellScript "autologin" ''
${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/nix/profiles/home-manager*
${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/home-manager/gcroots/current-home
${pkgs.systemd}/bin/systemctl restart home-manager-''${BOCAL}.service
exec ${pkgs.shadow}/bin/login -f $BOCAL
'';
autologinUser = "bocal";
};
systemd.services.unlock = {
wantedBy = ["multi-user.target"];
script = ''
${pkgs.dbus}/bin/dbus-monitor --system "type='signal',interface='org.freedesktop.DBus.Properties',path_namespace='/org/freedesktop/login1/session'" | while read x; do
case "$x" in
*"boolean true"*) ${pkgs.systemd}/bin/loginctl unlock-sessions
esac
done
'';
};
services.xserver = {
enable = true;
xkb.layout = "fr";
desktopManager.plasma5.enable = true;
displayManager.lightdm.enable = false;
};
fileSystems = let
template = { name, uid }: {
name = "/home/${name}";
value = {
device = "192.168.222.1:/home/${name}";
fsType = "nfs";
};
};
in {
"/home/bocal" = {
device = "192.168.222.1:/home/bocal";
fsType = "nfs";
};
} // builtins.listToAttrs (map template distant-users-id);
}
Copy permalink