From 967a94af6d47c16f02c3d1bd90c9cceb64348cdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Sun, 4 Feb 2024 16:18:47 +0200 Subject: [PATCH] bring back "vm" --- flake.nix | 22 ++--- hosts/fra1-a/configuration.nix | 9 +- hosts/fwminex/configuration.nix | 1 + hosts/vm/configuration.nix | 136 +++++++++++++++++++++++---- hosts/vno1-oh2/configuration.nix | 1 + hosts/vno3-rp3b/configuration.nix | 9 +- modules/base/users/default.nix | 3 +- modules/base/zfs/default.nix | 4 +- modules/profiles/desktop/default.nix | 26 +++-- shared/home/default.nix | 7 +- 10 files changed, 169 insertions(+), 49 deletions(-) diff --git a/flake.nix b/flake.nix index 2e2d084..bd46c8a 100644 --- a/flake.nix +++ b/flake.nix @@ -106,23 +106,23 @@ ]; in { - #nixosConfigurations.vm = nixpkgs.lib.nixosSystem { - # system = "x86_64-linux"; - # modules = [ - # ./hosts/vm/configuration.nix - # ./modules - # ]; - - # specialArgs = {inherit myData;} // inputs; - #}; - nixosConfigurations = { + vm = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + {nixpkgs.overlays = overlays;} + home-manager.nixosModules.home-manager + ./hosts/vm/configuration.nix + ./modules + ]; + specialArgs = {inherit myData;} // inputs; + }; + vno1-oh2 = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; modules = [ {nixpkgs.overlays = overlays;} ./hosts/vno1-oh2/configuration.nix - ./modules agenix.nixosModules.default diff --git a/hosts/fra1-a/configuration.nix b/hosts/fra1-a/configuration.nix index 41986d2..ff3be6e 100644 --- a/hosts/fra1-a/configuration.nix +++ b/hosts/fra1-a/configuration.nix @@ -32,9 +32,12 @@ stateVersion = "23.05"; timeZone = "UTC"; base = { - users.passwd = { - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + users = { + enable = true; + passwd = { + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + }; }; unitstatus = { diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index ac807ef..2a1a156 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -63,6 +63,7 @@ in { base = { zfs.enable = true; users = { + enable = true; fullDesktop = true; passwd = { root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix index 5babde4..7ca296e 100644 --- a/hosts/vm/configuration.nix +++ b/hosts/vm/configuration.nix @@ -1,41 +1,137 @@ { + self, + lib, pkgs, - myData, + modulesPath, ... }: { - mj = { - stateVersion = "23.05"; - timeZone = "UTC"; + imports = [ + "${modulesPath}/profiles/all-hardware.nix" + "${modulesPath}/installer/cd-dvd/iso-image.nix" + ../../modules/profiles/desktop + ]; - base.users.passwd = { - root.initialPassword = "live"; + home-manager.useGlobalPkgs = true; + home-manager.users.nixos = { + #config, + pkgs, + ... + }: + lib.mkMerge [ + (import ../../shared/home/default.nix { + inherit lib; + inherit pkgs; + #inherit (config.mj) stateVersion; + stateVersion = "23.11"; + username = "nixos"; + fullDesktop = true; + hmOnly = false; + email = "motiejus@jakstys.lt"; + }) + { + programs.bash = { + enable = true; + shellAliases = { + "l" = "echo -n ł | xclip -selection clipboard"; + "gp" = "${pkgs.git}/bin/git remote | ${pkgs.parallel}/bin/parallel --verbose git push"; + }; + }; + } + ]; + + mj = { + stateVersion = "23.11"; + timeZone = "UTC"; + desktop = { + username = "nixos"; + configureDM = false; }; }; - environment = { - systemPackages = with pkgs; [ - tmux - htop - ]; + isoImage = { + isoName = "toolshed.iso"; + squashfsCompression = "zstd"; + appendToMenuLabel = " Toolshed ${self.lastModifiedDate}"; + makeEfiBootable = true; # EFI booting + makeUsbBootable = true; # USB booting }; + boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; + + swapDevices = []; + services = { - nsd = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + getty.autologinUser = "nixos"; + xserver = { enable = true; - interfaces = ["0.0.0.0" "::"]; - zones = { - "jakstys.lt.".data = myData.jakstysLTZone; + desktopManager.xfce.enable = true; + displayManager = { + lightdm.enable = true; + autoLogin = { + enable = true; + user = "nixos"; + }; }; }; }; + programs = { + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + + users.users = { + nixos = { + isNormalUser = true; + extraGroups = ["wheel" "video"]; + initialHashedPassword = ""; + }; + root.initialHashedPassword = ""; + }; + + security = { + pam.services.lightdm.text = '' + auth sufficient pam_succeed_if.so user ingroup wheel + ''; + sudo = { + enable = true; + wheelNeedsPassword = false; + }; + }; + + # from yubikey-guide + environment.systemPackages = with pkgs; [ + paperkey + pgpdump + parted + cryptsetup + + yubikey-manager + yubikey-manager-qt + yubikey-personalization + yubikey-personalization-gui + yubico-piv-tool + yubioath-flutter + + ent + haskellPackages.hopenpgp-tools + + diceware + pwgen + + cfssl + pcsctools + ]; + networking = { hostName = "vm"; - domain = "jakstys.lt"; - firewall = { - allowedTCPPorts = [53]; - allowedUDPPorts = [53]; - }; + domain = "example.org"; + firewall.allowedTCPPorts = [22]; }; nix = { diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 5d8f3f3..3c6ef08 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -42,6 +42,7 @@ base = { zfs.enable = true; users = { + enable = true; passwd = { root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; diff --git a/hosts/vno3-rp3b/configuration.nix b/hosts/vno3-rp3b/configuration.nix index 3f60a1c..536a4ef 100644 --- a/hosts/vno3-rp3b/configuration.nix +++ b/hosts/vno3-rp3b/configuration.nix @@ -56,9 +56,12 @@ timeZone = "Europe/Vilnius"; base = { zfs.enable = true; - users.passwd = { - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + users = { + enable = true; + passwd = { + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + }; }; unitstatus = { enable = true; diff --git a/modules/base/users/default.nix b/modules/base/users/default.nix index 874782a..106c97d 100644 --- a/modules/base/users/default.nix +++ b/modules/base/users/default.nix @@ -7,6 +7,7 @@ cfg = config.mj.base.users; in { options.mj.base.users = with lib.types; { + enable = lib.mkEnableOption "enable motiejus and root"; fullDesktop = lib.mkOption { type = bool; default = false; @@ -32,7 +33,7 @@ in { }; }; - config = { + config = lib.mkIf cfg.enable { users = { mutableUsers = false; diff --git a/modules/base/zfs/default.nix b/modules/base/zfs/default.nix index 7f23682..8d83592 100644 --- a/modules/base/zfs/default.nix +++ b/modules/base/zfs/default.nix @@ -8,7 +8,9 @@ }; config = lib.mkIf config.mj.base.zfs.enable { - services.zfs = assert lib.assertMsg config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; { + # TODO + #services.zfs = assert lib.assertMsg (config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; { + services.zfs = { autoScrub.enable = true; trim.enable = true; expandOnBoot = "all"; diff --git a/modules/profiles/desktop/default.nix b/modules/profiles/desktop/default.nix index 0bdfa52..71fcf51 100644 --- a/modules/profiles/desktop/default.nix +++ b/modules/profiles/desktop/default.nix @@ -1,8 +1,22 @@ { - config, + lib, pkgs, + config, ... -}: { +}: let + cfg = config.mj.desktop; +in { + options.mj.desktop = with lib.types; { + username = lib.mkOption { + type = str; + default = "motiejus"; + }; + configureDM = lib.mkOption { + type = bool; + default = true; + }; + }; + config = { hardware.bluetooth = { enable = true; @@ -17,7 +31,7 @@ wireshark.enable = true; }; - mj.base.users.passwd.motiejus.extraGroups = ["adbusers" "networkmanager" "wireshark"]; + mj.base.users.passwd.${cfg.username}.extraGroups = ["adbusers" "networkmanager" "wireshark"]; services = { fwupd.enable = true; @@ -42,12 +56,12 @@ desktopManager.xfce.enable = true; windowManager.awesome.enable = true; - displayManager = { + displayManager = lib.mkIf cfg.configureDM { sddm.enable = true; defaultSession = "none+awesome"; autoLogin = { enable = true; - user = "motiejus"; + user = cfg.username; }; }; }; @@ -201,7 +215,7 @@ # https://discourse.nixos.org/t/nixos-rebuild-switch-upgrade-networkmanager-wait-online-service-failure/30746 systemd.services.NetworkManager-wait-online.enable = false; - home-manager.users.motiejus = { + home-manager.users.${cfg.username} = { pkgs, config, ... diff --git a/shared/home/default.nix b/shared/home/default.nix index 6674f5d..eb88b97 100644 --- a/shared/home/default.nix +++ b/shared/home/default.nix @@ -5,6 +5,7 @@ email, fullDesktop, hmOnly, + username ? "motiejus", ... }: let pkgNicer = pkgs.writeShellApplication { @@ -70,10 +71,8 @@ glintel = mkWrapped pkgs.nixgl.nixGLIntel; in { home = { - inherit stateVersion; - - username = "motiejus"; - homeDirectory = "/home/motiejus"; + inherit stateVersion username; + homeDirectory = "/home/${username}"; }; home.packages = with pkgs;