distant-users-id: { pkgs, lib, users, mods, ... }: { imports = [ (users.root { ssh = true; }) ]; system.stateVersion = "23.11"; networking = { hostName = "net-bocal"; firewall.enable = false; }; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "fr_FR.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; environment.systemPackages = with pkgs; [ git ]; security.polkit.extraConfig = '' polkit.addRule(function(action, subject) { if ( subject.isInGroup("bocal") && ( //action.id == "org.freedesktop.login1.chvt" || action.id == "org.freedesktop.accounts.change-own-password" || action.id == "org.freedesktop.locale1.set-keyboard" || action.id == "org.freedesktop.locale1.set-locale" || action.id == "org.freedesktop.login1.attach-device" || action.id == "org.freedesktop.login1.flush-devices" || action.id == "org.freedesktop.login1.halt" || action.id == "org.freedesktop.login1.halt-ignore-inhibit" || action.id == "org.freedesktop.login1.halt-multiple-sessions" || action.id == "org.freedesktop.login1.hibernate" || action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" || action.id == "org.freedesktop.login1.hibernate-multiple-sessions" || action.id == "org.freedesktop.login1.inhibit-block-idle" || action.id == "org.freedesktop.login1.inhibit-block-shutdown" || action.id == "org.freedesktop.login1.inhibit-block-sleep" || action.id == "org.freedesktop.login1.inhibit-delay-shutdown" || action.id == "org.freedesktop.login1.inhibit-delay-sleep" || action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" || action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" || action.id == "org.freedesktop.login1.inhibit-handle-power-key" || action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" || action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" || action.id == "org.freedesktop.login1.lock-sessions" || action.id == "org.freedesktop.login1.manage" || action.id == "org.freedesktop.login1.power-off" || action.id == "org.freedesktop.login1.power-off-ignore-inhibit" || action.id == "org.freedesktop.login1.power-off-multiple-sessions" || action.id == "org.freedesktop.login1.reboot" || action.id == "org.freedesktop.login1.reboot-ignore-inhibit" || action.id == "org.freedesktop.login1.reboot-multiple-sessions" || action.id == "org.freedesktop.login1.set-reboot-parameter" || action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" || action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" || action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" || action.id == "org.freedesktop.login1.set-self-linger" || action.id == "org.freedesktop.login1.set-user-linger" || action.id == "org.freedesktop.login1.set-wall-message" || action.id == "org.freedesktop.login1.suspend" || action.id == "org.freedesktop.login1.suspend-ignore-inhibit" || action.id == "org.freedesktop.login1.suspend-multiple-sessions" ) ) { return polkit.Result.NO; } }) ''; users.groups.bocal.gid = 2000; users.users = let template = { name, uid }: { inherit name; value = { isNormalUser = true; inherit uid; shell = pkgs.zsh; group = "bocal"; homeMode = "750"; }; }; in builtins.listToAttrs (map template distant-users-id) // { root.hashedPassword = "$y$j9T$GK2ejPfMgk0GlBqZX0aBo/$n3nds9zcBi8X8p9aG5Aywq1A.R6Bt/dIOccvfIdMM/1"; root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" ]; }; home-manager.users = let template = { name, uid }: { inherit name; value = { home.stateVersion = "23.11"; imports = with mods.home; [ zsh neovim ]; programs.zsh.profileExtra = "exec ${pkgs.plasma5Packages.plasma-workspace}/bin/startplasma-wayland"; programs.firefox.enable = true; home.packages = with pkgs; [ gedit ]; }; }; in builtins.listToAttrs (map template distant-users-id); services.getty = { loginProgram = pkgs.writeShellScript "autologin" '' ${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/nix/profiles/home-manager* ${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/home-manager/gcroots/current-home ${pkgs.systemd}/bin/systemctl restart home-manager-''${BOCAL}.service exec ${pkgs.shadow}/bin/login -f $BOCAL ''; autologinUser = "bocal"; }; systemd.services.unlock = { wantedBy = ["multi-user.target"]; script = '' ${pkgs.dbus}/bin/dbus-monitor --system "type='signal',interface='org.freedesktop.DBus.Properties',path_namespace='/org/freedesktop/login1/session'" | while read x; do case "$x" in *"boolean true"*) ${pkgs.systemd}/bin/loginctl unlock-sessions esac done ''; }; services.xserver = { enable = true; xkb.layout = "fr"; desktopManager.plasma5.enable = true; displayManager.lightdm.enable = false; }; fileSystems = let template = { name, uid }: { name = "/home/${name}"; value = { device = "192.168.222.1:/home/${name}"; fsType = "nfs"; }; }; in { "/home/bocal" = { device = "192.168.222.1:/home/bocal"; fsType = "nfs"; }; } // builtins.listToAttrs (map template distant-users-id); }