Update stateVersion

[perso/Immae/Config/Nix.git] / modules / private / system / dilion.nix

diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index 5b01a532ca7c545a678ec4c5c11332a89e11aae0..b9e83f3409df97535881283a9b6f795b13bf9fc6 100644 (file)
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -51,7 +51,7 @@
     in
       ["command=\"${pkgs.rrsync_sudo}/bin/rrsync /var/lib/backup/eldiron/\"  ${config.myEnv.rsync_backup.ssh_key.public}"];
   };
-  security.sudo.extraRules = [
+  security.sudo.extraRules = pkgs.lib.mkAfter [
     {
       commands = [
         { command = "${pkgs.rsync}/bin/rsync"; options = [ "NOPASSWD" ]; }
@@ -59,15 +59,24 @@
       users = [ "backup" ];
       runAs = "root";
     }
+    {
+      commands = [
+        { command = "/home/immae/.nix-profile/root_scripts/*"; options = [ "NOPASSWD" ]; }
+      ];
+      users = [ "immae" ];
+      runAs = "root";
+    }
   ];
 
+  boot.kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak
   system.activationScripts.backup_home = ''
     chown root:root /var/lib/backup
     install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
   '';
 
+  virtualisation.docker.enable = true;
   virtualisation.libvirtd.enable = true;
-  users.extraUsers.immae.extraGroups = [ "libvirtd" ];
+  users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ];
   systemd.services.libvirtd.postStart = ''
     install -m 0770 -g libvirtd -d /var/lib/libvirt/images
   '';
@@ -83,17 +92,26 @@
     '';
   };
 
+  security.pki.certificateFiles = [
+    (pkgs.fetchurl {
+      url = "http://downloads.e.eriomem.net/eriomemca.pem";
+      sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh";
+    })
+  ];
+
   # This is equivalent to setting environment.sessionVariables.NIX_PATH
   nix.nixPath = [
-    "home-manager=https://github.com/rycee/home-manager/archive/release-19.03.tar.gz"
-    "nixpkgs=https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz"
+    "home-manager=https://github.com/rycee/home-manager/archive/master.tar.gz"
+    "nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz"
   ];
+  nix.binaryCaches = [ "https://hydra.iohk.io" "https://cache.nixos.org" ];
+  nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
 
   # This value determines the NixOS release with which your system is
   # to be compatible, in order to avoid breaking some software such as
   # database servers. You should change this only after NixOS release
   # notes say you should.
   # https://nixos.org/nixos/manual/release-notes.html
-  system.stateVersion = "19.03"; # Did you read the comment?
+  system.stateVersion = "20.03"; # Did you read the comment?
 }