config/hosts/vm/configuration.nix

144 lines
2.8 KiB
Nix
Raw Normal View History

{
2024-02-04 16:18:47 +02:00
self,
lib,
pkgs,
2024-02-04 16:18:47 +02:00
modulesPath,
...
}: {
2024-02-04 16:18:47 +02:00
imports = [
"${modulesPath}/profiles/all-hardware.nix"
"${modulesPath}/installer/cd-dvd/iso-image.nix"
../../modules/profiles/desktop
];
home-manager.useGlobalPkgs = true;
home-manager.users.nixos = {
#config,
pkgs,
...
}:
lib.mkMerge [
(import ../../shared/home/default.nix {
inherit lib;
inherit pkgs;
#inherit (config.mj) stateVersion;
stateVersion = "23.11";
username = "nixos";
fullDesktop = true;
hmOnly = false;
email = "motiejus@jakstys.lt";
})
{
programs.bash = {
enable = true;
shellAliases = {
"l" = "echo -n ł | xclip -selection clipboard";
"gp" = "${pkgs.git}/bin/git remote | ${pkgs.parallel}/bin/parallel --verbose git push";
};
};
}
];
mj = {
2024-02-04 16:18:47 +02:00
stateVersion = "23.11";
timeZone = "UTC";
2024-02-04 16:18:47 +02:00
desktop = {
username = "nixos";
configureDM = false;
};
};
2024-02-04 16:18:47 +02:00
isoImage = {
isoName = "toolshed.iso";
squashfsCompression = "zstd";
appendToMenuLabel = " Toolshed ${self.lastModifiedDate}";
makeEfiBootable = true; # EFI booting
makeUsbBootable = true; # USB booting
};
2024-02-04 16:18:47 +02:00
boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
swapDevices = [];
services = {
2024-02-04 16:18:47 +02:00
pcscd.enable = true;
udev.packages = [pkgs.yubikey-personalization];
getty.autologinUser = "nixos";
xserver = {
enable = true;
2024-02-04 16:18:47 +02:00
desktopManager.xfce.enable = true;
displayManager = {
lightdm.enable = true;
autoLogin = {
enable = true;
user = "nixos";
};
};
};
};
2024-02-04 16:18:47 +02:00
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
users.users = {
nixos = {
isNormalUser = true;
extraGroups = ["wheel" "video"];
initialHashedPassword = "";
};
root.initialHashedPassword = "";
};
security = {
pam.services.lightdm.text = ''
auth sufficient pam_succeed_if.so user ingroup wheel
'';
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
# from yubikey-guide
environment.systemPackages = with pkgs; [
paperkey
pgpdump
parted
cryptsetup
yubikey-manager
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
yubico-piv-tool
yubioath-flutter
ent
haskellPackages.hopenpgp-tools
diceware
pwgen
cfssl
pcsctools
];
networking = {
hostName = "vm";
2024-02-04 16:18:47 +02:00
domain = "example.org";
firewall.allowedTCPPorts = [22];
};
nix = {
extraOptions = ''
experimental-features = nix-command flakes
trusted-users = vm
'';
};
}