nixos-config/profiles/security.nix

{ config, pkgs, lib, ... }:
with config.deviceSpecific; {
  security.apparmor.enable = true;
  programs.firejail.enable = true;
  users.mutableUsers = false;
  users.users.alukard = {
    isNormalUser = true;
    extraGroups = [
      "sudo"
      "wheel"
      "networkmanager"
      "disk"
      "dbus"
      "audio"
      "docker"
      "sound"
      "pulse"
      "adbusers"
      "input"
      "libvirtd"
      "kvm"
      "vboxusers"
      "smbuser"
      "cdrom"
      "scanner"
      "lp"
      "dialout"
      "corectrl"
      "video"
    ];
    description = "Дмитрий Холкин";
    uid = 1000;
    hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
    shell = pkgs.zsh;
  };
  security.sudo = {
    enable = true;
    extraConfig = lib.concatStrings [''
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/btrfs fi usage /
    ''
    (if (isLaptop) then ''
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp-stat
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp ac
      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp bat
    '' else "")
    ];
  };
  home-manager.users.alukard = {
    systemd.user.services.polkit-agent = lib.mkIf (!isServer) {
      Unit = {
        Description = "Run polkit authentication agent";
        X-RestartIfChanged = true;
      };
      Install.WantedBy = [ "sway-session.target" ];
      Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
    };
  };
  systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
  services.getty.autologinUser = "alukard";
}
-												some changes

											
										
										
											2020-08-29 17:47:21 +04:00
+								{ config, pkgs, lib, ... }:
 								with config.deviceSpecific; {
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								  security.apparmor.enable = true;
 								  programs.firejail.enable = true;
 								  users.mutableUsers = false;
 								  users.users.alukard = {
 								    isNormalUser = true;
 								    extraGroups = [
 								      "sudo"
 								      "wheel"
 								      "networkmanager"
 								      "disk"
 								      "dbus"
 								      "audio"
 								      "docker"
 								      "sound"
 								      "pulse"
-												add adb, delete rust package

											
										
										
											2019-12-13 23:15:39 +04:00
+								      "adbusers"
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								      "input"
-												mass refactoring

											
										
										
											2020-08-07 23:27:49 +04:00
+								      "libvirtd"
-												massive refactoring

											
										
										
											2021-02-07 02:38:11 +03:00
+								      "kvm"
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								      "vboxusers"
-												fix samba group

											
										
										
											2021-09-28 01:44:48 +03:00
+								      "smbuser"
-												delete some gaming

											
										
										
											2020-01-23 02:16:20 +04:00
+								      "cdrom"
-												many changes, add printer

											
										
										
											2020-08-15 19:36:16 +04:00
+								      "scanner"
-												massive refactoring

											
										
										
											2021-02-07 02:38:11 +03:00
+								      "lp"
-												update packages and hardware

											
										
										
											2021-06-29 22:29:22 +03:00
+								      "dialout"
-												add corectrl

											
										
										
											2021-09-15 15:29:51 +03:00
+								      "corectrl"
-												some changes in theme module

											
										
										
											2021-09-16 01:03:52 +03:00
+								      "video"
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								    ];
 								    description = "Дмитрий Холкин";
 								    uid = 1000;
 								    hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
 								    shell = pkgs.zsh;
 								  };
-												Too many changes

											
										
										
											2019-09-14 22:12:56 +04:00
+								  security.sudo = {
 								    enable = true;
-												update packages and hardware

											
										
										
											2021-06-29 22:29:22 +03:00
+								    extraConfig = lib.concatStrings [''
 								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/btrfs fi usage /
 								    ''
 								    (if (isLaptop) then ''
-												some changes

											
										
										
											2020-08-29 17:47:21 +04:00
+								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp-stat
 								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp ac
 								      alukard ALL = (root) NOPASSWD: /run/current-system/sw/bin/tlp bat
-												update packages and hardware

											
										
										
											2021-06-29 22:29:22 +03:00
+								    '' else "")
 								    ];
-												Too many changes

											
										
										
											2019-09-14 22:12:56 +04:00
+								  };
-												some changes in theme module

											
										
										
											2021-09-16 01:03:52 +03:00
+								  home-manager.users.alukard = {
-												lxc config

											
										
										
											2022-02-11 14:07:03 +03:00
+								    systemd.user.services.polkit-agent = lib.mkIf (!isServer) {
-												some changes in theme module

											
										
										
											2021-09-16 01:03:52 +03:00
+								      Unit = {
 								        Description = "Run polkit authentication agent";
 								        X-RestartIfChanged = true;
 								      };
 								      Install.WantedBy = [ "sway-session.target" ];
 								      Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
 								    };
 								  };
-												mass refactoring

											
										
										
											2020-08-07 23:27:49 +04:00
+								  systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
-												massive refactoring

											
										
										
											2021-02-07 02:38:11 +03:00
+								  services.getty.autologinUser = "alukard";
-												init commit

											
										
										
											2019-08-27 23:41:02 +04:00
+								}