Commit 88780a641da4

Vincent Demeester <vincent@sbr.pm>
2020-12-21 15:40:47
flake: add a laptop profile
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 5826017
Changed files (4)
systems
profiles
default.nix
desktop.nix
laptop.nix
users
vincent
default.flake.nix
systems/profiles/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, inputs, ... }:
 
 {
   imports = [
@@ -6,6 +6,7 @@
     ./desktop.nix
     ./development.nix
     ./home.nix
+    ./laptop.nix
     # FIXME: vpn, server, builder, …
   ];
systems/profiles/desktop.nix
@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  inherit (lib) mkIf mkEnableOption;
+  inherit (lib) mkIf mkEnableOption mkDefault;
   cfg = config.profiles.desktop;
 in
 {
@@ -16,5 +16,8 @@ in
       # Enable Plymouth on desktops
       plymouth.enable = true;
     };
+    nix = {
+      sshServe = mkDefault true;
+    };
   };
 }
systems/profiles/laptop.nix
@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib) mkIf mkEnableOption mkForce;
+  cfg = config.profiles.laptop;
+in
+{
+  options = {
+    profiles.laptop = {
+      enable = mkEnableOption "laptop configuration";
+    };
+  };
+  config = mkIf cfg.enable {
+    profiles.desktop.enable = true;
+    nix = {
+      sshServe.enable = mkForce false;
+    };
+  };
+}
users/vincent/default.flake.nix
@@ -20,24 +20,30 @@ in
     uid = 1000;
     description = "Vincent Demeester";
     extraGroups = [ "wheel" "input" ]
-      ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]
-      ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
-      ++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
-      ++ optionals config.profiles.docker.enable [ "docker" ]
-      ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
-      ++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
+      ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ];
+    #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
+    #++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
+    #++ optionals config.profiles.docker.enable [ "docker" ]
+    #++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
+    #++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
     shell = mkIf config.programs.zsh.enable pkgs.zsh;
     isNormalUser = true;
     openssh.authorizedKeys.keys = authorizedKeys;
-    # FIXME change this ?
     initialPassword = "changeMe";
-    # FIXME This might be handled differently by programs.podman, …
     subUidRanges = [{ startUid = 100000; count = 65536; }];
     subGidRanges = [{ startGid = 100000; count = 65536; }];
   };
 
+  nix = {
+    trustedUsers = [ "vincent" ];
+    sshServe.keys = authorizedKeys;
+  };
+
+  security = {
+    pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+  };
   /*
-  security.pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+
 
   home-manager.users.vincent = lib.mkMerge
     (