in
["command=\"${pkgs.rrsync_sudo}/bin/rrsync /var/lib/backup/eldiron/\" ${config.myEnv.rsync_backup.ssh_key.public}"];
};
- security.sudo.extraRules = [
+ security.sudo.extraRules = pkgs.lib.mkAfter [
{
commands = [
{ command = "${pkgs.rsync}/bin/rsync"; options = [ "NOPASSWD" ]; }
users = [ "backup" ];
runAs = "root";
}
+ {
+ commands = [
+ { command = "/home/immae/.nix-profile/root_scripts/*"; options = [ "NOPASSWD" ]; }
+ ];
+ users = [ "immae" ];
+ runAs = "root";
+ }
];
+ boot.kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak
system.activationScripts.backup_home = ''
chown root:root /var/lib/backup
install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
'';
+ virtualisation.libvirtd.enable = true;
+ users.extraUsers.immae.extraGroups = [ "libvirtd" ];
+ systemd.services.libvirtd.postStart = ''
+ install -m 0770 -g libvirtd -d /var/lib/libvirt/images
+ '';
+
time.timeZone = "Europe/Paris";
nix = {
useSandbox = "relaxed";
'';
};
+ security.pki.certificateFiles = [
+ (pkgs.fetchurl {
+ url = "http://downloads.e.eriomem.net/eriomemca.pem";
+ sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh";
+ })
+ ];
+
# This is equivalent to setting environment.sessionVariables.NIX_PATH
nix.nixPath = [
"home-manager=https://github.com/rycee/home-manager/archive/release-19.03.tar.gz"
"nixpkgs=https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz"
];
+ nix.binaryCaches = [ "https://hydra.iohk.io" ];
+ nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
# This value determines the NixOS release with which your system is
# to be compatible, in order to avoid breaking some software such as