bring back "vm"

2024-02-04 16:18:47 +02:00 · 2024-02-04 16:18:47 +02:00 · 967a94af6d
parent c86f3b00a9
commit 967a94af6d
10 changed files with 169 additions and 49 deletions
--- a/flake.nix
+++ b/flake.nix
@ -106,23 +106,23 @@
    ];
  in
    {
-      #nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
-      #  system = "x86_64-linux";
-      #  modules = [
-      #    ./hosts/vm/configuration.nix
-      #    ./modules
-      #  ];
-
-      #  specialArgs = {inherit myData;} // inputs;
-      #};
-
      nixosConfigurations = {
+        vm = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            {nixpkgs.overlays = overlays;}
+            home-manager.nixosModules.home-manager
+            ./hosts/vm/configuration.nix
+            ./modules
+          ];
+          specialArgs = {inherit myData;} // inputs;
+        };
+
        vno1-oh2 = nixpkgs.lib.nixosSystem rec {
          system = "x86_64-linux";
          modules = [
            {nixpkgs.overlays = overlays;}
            ./hosts/vno1-oh2/configuration.nix
-
            ./modules

            agenix.nixosModules.default
--- a/hosts/fra1-a/configuration.nix
+++ b/hosts/fra1-a/configuration.nix
@ -32,9 +32,12 @@
    stateVersion = "23.05";
    timeZone = "UTC";
    base = {
-      users.passwd = {
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      users = {
+        enable = true;
+        passwd = {
+          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        };
      };

      unitstatus = {
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@ -63,6 +63,7 @@ in {
    base = {
      zfs.enable = true;
      users = {
+        enable = true;
        fullDesktop = true;
        passwd = {
          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@ -1,41 +1,137 @@
 {
+  self,
+  lib,
  pkgs,
-  myData,
+  modulesPath,
  ...
 }: {
-  mj = {
-    stateVersion = "23.05";
-    timeZone = "UTC";
+  imports = [
+    "${modulesPath}/profiles/all-hardware.nix"
+    "${modulesPath}/installer/cd-dvd/iso-image.nix"
+    ../../modules/profiles/desktop
+  ];

-    base.users.passwd = {
-      root.initialPassword = "live";
+  home-manager.useGlobalPkgs = true;
+  home-manager.users.nixos = {
+    #config,
+    pkgs,
+    ...
+  }:
+    lib.mkMerge [
+      (import ../../shared/home/default.nix {
+        inherit lib;
+        inherit pkgs;
+        #inherit (config.mj) stateVersion;
+        stateVersion = "23.11";
+        username = "nixos";
+        fullDesktop = true;
+        hmOnly = false;
+        email = "motiejus@jakstys.lt";
+      })
+      {
+        programs.bash = {
+          enable = true;
+          shellAliases = {
+            "l" = "echo -n ł | xclip -selection clipboard";
+            "gp" = "${pkgs.git}/bin/git remote | ${pkgs.parallel}/bin/parallel --verbose git push";
+          };
+        };
+      }
+    ];
+
+  mj = {
+    stateVersion = "23.11";
+    timeZone = "UTC";
+    desktop = {
+      username = "nixos";
+      configureDM = false;
    };
  };

-  environment = {
-    systemPackages = with pkgs; [
-      tmux
-      htop
-    ];
+  isoImage = {
+    isoName = "toolshed.iso";
+    squashfsCompression = "zstd";
+    appendToMenuLabel = " Toolshed ${self.lastModifiedDate}";
+    makeEfiBootable = true; # EFI booting
+    makeUsbBootable = true; # USB booting
  };

+  boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
+
+  swapDevices = [];
+
  services = {
-    nsd = {
+    pcscd.enable = true;
+    udev.packages = [pkgs.yubikey-personalization];
+    getty.autologinUser = "nixos";
+    xserver = {
      enable = true;
-      interfaces = ["0.0.0.0" "::"];
-      zones = {
-        "jakstys.lt.".data = myData.jakstysLTZone;
+      desktopManager.xfce.enable = true;
+      displayManager = {
+        lightdm.enable = true;
+        autoLogin = {
+          enable = true;
+          user = "nixos";
+        };
      };
    };
  };

+  programs = {
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  users.users = {
+    nixos = {
+      isNormalUser = true;
+      extraGroups = ["wheel" "video"];
+      initialHashedPassword = "";
+    };
+    root.initialHashedPassword = "";
+  };
+
+  security = {
+    pam.services.lightdm.text = ''
+      auth sufficient pam_succeed_if.so user ingroup wheel
+    '';
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
+  };
+
+  # from yubikey-guide
+  environment.systemPackages = with pkgs; [
+    paperkey
+    pgpdump
+    parted
+    cryptsetup
+
+    yubikey-manager
+    yubikey-manager-qt
+    yubikey-personalization
+    yubikey-personalization-gui
+    yubico-piv-tool
+    yubioath-flutter
+
+    ent
+    haskellPackages.hopenpgp-tools
+
+    diceware
+    pwgen
+
+    cfssl
+    pcsctools
+  ];
+
  networking = {
    hostName = "vm";
-    domain = "jakstys.lt";
-    firewall = {
-      allowedTCPPorts = [53];
-      allowedUDPPorts = [53];
-    };
+    domain = "example.org";
+    firewall.allowedTCPPorts = [22];
  };

  nix = {
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -42,6 +42,7 @@
    base = {
      zfs.enable = true;
      users = {
+        enable = true;
        passwd = {
          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
--- a/hosts/vno3-rp3b/configuration.nix
+++ b/hosts/vno3-rp3b/configuration.nix
@ -56,9 +56,12 @@
    timeZone = "Europe/Vilnius";
    base = {
      zfs.enable = true;
-      users.passwd = {
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      users = {
+        enable = true;
+        passwd = {
+          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        };
      };
      unitstatus = {
        enable = true;
--- a/modules/base/users/default.nix
+++ b/modules/base/users/default.nix
@ -7,6 +7,7 @@
  cfg = config.mj.base.users;
 in {
  options.mj.base.users = with lib.types; {
+    enable = lib.mkEnableOption "enable motiejus and root";
    fullDesktop = lib.mkOption {
      type = bool;
      default = false;
@ -32,7 +33,7 @@ in {
    };
  };

-  config = {
+  config = lib.mkIf cfg.enable {
    users = {
      mutableUsers = false;

--- a/modules/base/zfs/default.nix
+++ b/modules/base/zfs/default.nix
@ -8,7 +8,9 @@
  };

  config = lib.mkIf config.mj.base.zfs.enable {
-    services.zfs = assert lib.assertMsg config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; {
+    # TODO
+    #services.zfs = assert lib.assertMsg (config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; {
+    services.zfs = {
      autoScrub.enable = true;
      trim.enable = true;
      expandOnBoot = "all";
--- a/modules/profiles/desktop/default.nix
+++ b/modules/profiles/desktop/default.nix
@ -1,8 +1,22 @@
 {
-  config,
+  lib,
  pkgs,
+  config,
  ...
-}: {
+}: let
+  cfg = config.mj.desktop;
+in {
+  options.mj.desktop = with lib.types; {
+    username = lib.mkOption {
+      type = str;
+      default = "motiejus";
+    };
+    configureDM = lib.mkOption {
+      type = bool;
+      default = true;
+    };
+  };
+
  config = {
    hardware.bluetooth = {
      enable = true;
@ -17,7 +31,7 @@
      wireshark.enable = true;
    };

-    mj.base.users.passwd.motiejus.extraGroups = ["adbusers" "networkmanager" "wireshark"];
+    mj.base.users.passwd.${cfg.username}.extraGroups = ["adbusers" "networkmanager" "wireshark"];

    services = {
      fwupd.enable = true;
@ -42,12 +56,12 @@
        desktopManager.xfce.enable = true;
        windowManager.awesome.enable = true;

-        displayManager = {
+        displayManager = lib.mkIf cfg.configureDM {
          sddm.enable = true;
          defaultSession = "none+awesome";
          autoLogin = {
            enable = true;
-            user = "motiejus";
+            user = cfg.username;
          };
        };
      };
@ -201,7 +215,7 @@
    # https://discourse.nixos.org/t/nixos-rebuild-switch-upgrade-networkmanager-wait-online-service-failure/30746
    systemd.services.NetworkManager-wait-online.enable = false;

-    home-manager.users.motiejus = {
+    home-manager.users.${cfg.username} = {
      pkgs,
      config,
      ...
--- a/shared/home/default.nix
+++ b/shared/home/default.nix
@ -5,6 +5,7 @@
  email,
  fullDesktop,
  hmOnly,
+  username ? "motiejus",
  ...
 }: let
  pkgNicer = pkgs.writeShellApplication {
@ -70,10 +71,8 @@
  glintel = mkWrapped pkgs.nixgl.nixGLIntel;
 in {
  home = {
-    inherit stateVersion;
-
-    username = "motiejus";
-    homeDirectory = "/home/motiejus";
+    inherit stateVersion username;
+    homeDirectory = "/home/${username}";
  };

  home.packages = with pkgs;