nixos-config/modules/security.nix

{ config, pkgs, lib, ... }:
with config.deviceSpecific; {

  security.apparmor.enable = true;
  programs.firejail.enable = true;
  users.mutableUsers = false;
  users.users.alukard = {
    isNormalUser = true;
    extraGroups = [
      "sudo"
      "wheel"
      "networkmanager"
      "disk"
      "dbus"
      "audio"
      "docker"
      "sound"
      "pulse"
      "adbusers"
      "input"
      "libvirtd"
      "kvm"
      "vboxusers"
      "smbgrp"
      "cdrom"
      "scanner"
      "lp"
    ];
    description = "Дмитрий Холкин";
    uid = 1000;
    hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
    shell = pkgs.zsh;
  };
  security.sudo = {
    enable = true;
    extraConfig = lib.mkIf isLaptop ''
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp-stat
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp ac
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp bat
    '';
  };
  # nix.requireSignedBinaryCaches = false;
  home-manager.useUserPackages = true;
  systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
  services.getty.autologinUser = "alukard";

  # auto-login without greeters
  # environment.loginShellInit = ''
  #   [[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
  #   [[ "$(tty)" == /dev/tty1 ]] && i3
  # '';
  # environment.systemPackages = [
  #   (pkgs.writeShellScriptBin "lock" ''
  #     if [[ "$1" == this ]]
  #       then args="-s"
  #       else args="-san"
  #     fi
  #     USER=alukard ${pkgs.vlock}/bin/vlock "$args"
  #   '')
  # ];
}
-												some changes

											
										
										
											2020-08-29 17:47:21 +04:00
+								{ config, pkgs, lib, ... }:
 								with config.deviceSpecific; {
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
 								  security.apparmor.enable = true;
 								  programs.firejail.enable = true;
 								  users.mutableUsers = false;
 								  users.users.alukard = {
 								    isNormalUser = true;
 								    extraGroups = [
 								      "sudo"
 								      "wheel"
 								      "networkmanager"
 								      "disk"
 								      "dbus"
 								      "audio"
 								      "docker"
 								      "sound"
 								      "pulse"
-												add adb, delete rust package

											
										
										
											2019-12-13 23:15:39 +04:00
+								      "adbusers"
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								      "input"
-												mass refactoring

											
										
										
											2020-08-07 23:27:49 +04:00
+								      "libvirtd"
-												massive refactoring

											
										
										
											2021-02-07 02:38:11 +03:00
+								      "kvm"
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								      "vboxusers"
-												Add samba server

											
										
										
											2019-09-16 15:01:09 +04:00
+								      "smbgrp"
-												delete some gaming

											
										
										
											2020-01-23 02:16:20 +04:00
+								      "cdrom"
-												many changes, add printer

											
										
										
											2020-08-15 19:36:16 +04:00
+								      "scanner"
-												massive refactoring

											
										
										
											2021-02-07 02:38:11 +03:00
+								      "lp"
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								    ];
 								    description = "Дмитрий Холкин";
 								    uid = 1000;
 								    hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
 								    shell = pkgs.zsh;
 								  };
-												Too many changes

											
										
										
											2019-09-14 22:12:56 +04:00
+								  security.sudo = {
 								    enable = true;
-												some changes

											
										
										
											2020-08-29 17:47:21 +04:00
+								    extraConfig = lib.mkIf isLaptop ''
 								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp-stat
 								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp ac
 								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp bat
 								    '';
-												Too many changes

											
										
										
											2019-09-14 22:12:56 +04:00
+								  };
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								  # nix.requireSignedBinaryCaches = false;
 								  home-manager.useUserPackages = true;
-												mass refactoring

											
										
										
											2020-08-07 23:27:49 +04:00
+								  systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
-												massive refactoring

											
										
										
											2021-02-07 02:38:11 +03:00
+								  services.getty.autologinUser = "alukard";
-												mass refactoring

											
										
										
											2020-08-07 23:27:49 +04:00
 								  # auto-login without greeters
 								  # environment.loginShellInit = ''
 								  #   [[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
 								  #   [[ "$(tty)" == /dev/tty1 ]] && i3
 								  # '';
 								  # environment.systemPackages = [
 								  #   (pkgs.writeShellScriptBin "lock" ''
 								  #     if [[ "$1" == this ]]
 								  #       then args="-s"
 								  #       else args="-san"
 								  #     fi
 								  #     USER=alukard ${pkgs.vlock}/bin/vlock "$args"
 								  #   '')
 								  # ];
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								}