2024-04-13 00:03:06 +02:00
|
|
|
distant-users-id:
|
2024-05-14 19:21:19 +02:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
users,
|
|
|
|
mods,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
2024-04-13 00:03:06 +02:00
|
|
|
imports = [
|
|
|
|
<nixos/nixos/modules/installer/netboot/netboot.nix>
|
|
|
|
<nixos/nixos/modules/installer/cd-dvd/channel.nix>
|
|
|
|
<home-manager/nixos>
|
|
|
|
(users.root { ssh = true; })
|
|
|
|
];
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
networking = {
|
|
|
|
hostName = "net-bocal";
|
|
|
|
firewall.enable = false;
|
|
|
|
};
|
|
|
|
time.timeZone = "Europe/Paris";
|
|
|
|
i18n.defaultLocale = "fr_FR.UTF-8";
|
|
|
|
console = {
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
keyMap = "fr";
|
|
|
|
};
|
2024-05-14 19:21:19 +02:00
|
|
|
environment.systemPackages = with pkgs; [ git ];
|
2024-04-13 00:03:06 +02:00
|
|
|
security.polkit.extraConfig = ''
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
if (
|
|
|
|
subject.isInGroup("bocal")
|
|
|
|
&& (
|
|
|
|
//action.id == "org.freedesktop.login1.chvt" ||
|
|
|
|
action.id == "org.freedesktop.accounts.change-own-password" ||
|
|
|
|
action.id == "org.freedesktop.locale1.set-keyboard" ||
|
|
|
|
action.id == "org.freedesktop.locale1.set-locale" ||
|
|
|
|
action.id == "org.freedesktop.login1.attach-device" ||
|
|
|
|
action.id == "org.freedesktop.login1.flush-devices" ||
|
|
|
|
action.id == "org.freedesktop.login1.halt" ||
|
|
|
|
action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
|
|
|
|
action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
|
|
|
|
action.id == "org.freedesktop.login1.hibernate" ||
|
|
|
|
action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
|
|
|
|
action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-block-idle" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-block-shutdown" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-block-sleep" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-delay-shutdown" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-delay-sleep" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-handle-power-key" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" ||
|
|
|
|
action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" ||
|
|
|
|
action.id == "org.freedesktop.login1.lock-sessions" ||
|
|
|
|
action.id == "org.freedesktop.login1.manage" ||
|
|
|
|
action.id == "org.freedesktop.login1.power-off" ||
|
|
|
|
action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
|
|
|
|
action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
|
|
|
|
action.id == "org.freedesktop.login1.reboot" ||
|
|
|
|
action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
|
|
|
|
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-reboot-parameter" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-self-linger" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-user-linger" ||
|
|
|
|
action.id == "org.freedesktop.login1.set-wall-message" ||
|
|
|
|
action.id == "org.freedesktop.login1.suspend" ||
|
|
|
|
action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
|
|
|
|
action.id == "org.freedesktop.login1.suspend-multiple-sessions"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return polkit.Result.NO;
|
|
|
|
}
|
|
|
|
})
|
|
|
|
'';
|
|
|
|
|
|
|
|
users.groups.bocal.gid = 2000;
|
2024-05-14 19:21:19 +02:00
|
|
|
users.users =
|
|
|
|
let
|
|
|
|
template =
|
|
|
|
{ name, uid }:
|
|
|
|
{
|
|
|
|
inherit name;
|
|
|
|
value = {
|
|
|
|
isNormalUser = true;
|
|
|
|
inherit uid;
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
group = "bocal";
|
|
|
|
homeMode = "750";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
builtins.listToAttrs (map template distant-users-id)
|
|
|
|
// {
|
|
|
|
root.hashedPassword = "$y$j9T$GK2ejPfMgk0GlBqZX0aBo/$n3nds9zcBi8X8p9aG5Aywq1A.R6Bt/dIOccvfIdMM/1";
|
|
|
|
root.openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
|
|
|
|
];
|
2024-04-13 00:03:06 +02:00
|
|
|
};
|
2024-05-14 19:21:19 +02:00
|
|
|
home-manager.users =
|
|
|
|
let
|
|
|
|
template =
|
|
|
|
{ name, uid }:
|
|
|
|
{
|
|
|
|
inherit name;
|
|
|
|
value = {
|
|
|
|
home.stateVersion = "23.11";
|
|
|
|
imports = with mods.home; [
|
|
|
|
zsh
|
|
|
|
neovim
|
|
|
|
];
|
|
|
|
programs.zsh.profileExtra = "exec ${pkgs.plasma5Packages.plasma-workspace}/bin/startplasma-wayland";
|
|
|
|
programs.firefox.enable = true;
|
|
|
|
home.packages = with pkgs; [ gedit ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
builtins.listToAttrs (map template distant-users-id);
|
2024-04-13 00:03:06 +02:00
|
|
|
|
|
|
|
services.getty = {
|
|
|
|
loginProgram = pkgs.writeShellScript "autologin" ''
|
|
|
|
${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/nix/profiles/home-manager*
|
|
|
|
${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/home-manager/gcroots/current-home
|
|
|
|
${pkgs.systemd}/bin/systemctl restart home-manager-''${BOCAL}.service
|
|
|
|
exec ${pkgs.shadow}/bin/login -f $BOCAL
|
|
|
|
'';
|
|
|
|
autologinUser = "bocal";
|
|
|
|
};
|
|
|
|
systemd.services.unlock = {
|
2024-05-14 19:21:19 +02:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2024-04-13 00:03:06 +02:00
|
|
|
script = ''
|
|
|
|
${pkgs.dbus}/bin/dbus-monitor --system "type='signal',interface='org.freedesktop.DBus.Properties',path_namespace='/org/freedesktop/login1/session'" | while read x; do
|
|
|
|
case "$x" in
|
|
|
|
*"boolean true"*) ${pkgs.systemd}/bin/loginctl unlock-sessions
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
services.xserver = {
|
|
|
|
enable = true;
|
|
|
|
xkb.layout = "fr";
|
|
|
|
desktopManager.plasma5.enable = true;
|
|
|
|
displayManager.lightdm.enable = false;
|
|
|
|
};
|
2024-05-14 19:21:19 +02:00
|
|
|
fileSystems =
|
|
|
|
let
|
|
|
|
template =
|
|
|
|
{ name, uid }:
|
|
|
|
{
|
|
|
|
name = "/home/${name}";
|
|
|
|
value = {
|
|
|
|
device = "192.168.222.1:/home/${name}";
|
|
|
|
fsType = "nfs";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
"/home/bocal" = {
|
|
|
|
device = "192.168.222.1:/home/bocal";
|
2024-04-13 00:03:06 +02:00
|
|
|
fsType = "nfs";
|
|
|
|
};
|
2024-05-14 19:21:19 +02:00
|
|
|
}
|
|
|
|
// builtins.listToAttrs (map template distant-users-id);
|
2024-04-13 00:03:06 +02:00
|
|
|
}
|