bring back "vm"

2024-02-04 16:18:47 +02:00
parent c86f3b00a9
commit 967a94af6d
10 changed files with 169 additions and 49 deletions
--- a/hosts/fra1-a/configuration.nix
+++ b/hosts/fra1-a/configuration.nix
@@ -32,9 +32,12 @@
    stateVersion = "23.05";
    timeZone = "UTC";
    base = {
-      users.passwd = {
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      users = {
+        enable = true;
+        passwd = {
+          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        };
      };

      unitstatus = {
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -63,6 +63,7 @@ in {
    base = {
      zfs.enable = true;
      users = {
+        enable = true;
        fullDesktop = true;
        passwd = {
          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@@ -1,41 +1,137 @@
 {
+  self,
+  lib,
  pkgs,
-  myData,
+  modulesPath,
  ...
 }: {
-  mj = {
-    stateVersion = "23.05";
-    timeZone = "UTC";
+  imports = [
+    "${modulesPath}/profiles/all-hardware.nix"
+    "${modulesPath}/installer/cd-dvd/iso-image.nix"
+    ../../modules/profiles/desktop
+  ];

-    base.users.passwd = {
-      root.initialPassword = "live";
+  home-manager.useGlobalPkgs = true;
+  home-manager.users.nixos = {
+    #config,
+    pkgs,
+    ...
+  }:
+    lib.mkMerge [
+      (import ../../shared/home/default.nix {
+        inherit lib;
+        inherit pkgs;
+        #inherit (config.mj) stateVersion;
+        stateVersion = "23.11";
+        username = "nixos";
+        fullDesktop = true;
+        hmOnly = false;
+        email = "motiejus@jakstys.lt";
+      })
+      {
+        programs.bash = {
+          enable = true;
+          shellAliases = {
+            "l" = "echo -n ł | xclip -selection clipboard";
+            "gp" = "${pkgs.git}/bin/git remote | ${pkgs.parallel}/bin/parallel --verbose git push";
+          };
+        };
+      }
+    ];
+
+  mj = {
+    stateVersion = "23.11";
+    timeZone = "UTC";
+    desktop = {
+      username = "nixos";
+      configureDM = false;
    };
  };

-  environment = {
-    systemPackages = with pkgs; [
-      tmux
-      htop
-    ];
+  isoImage = {
+    isoName = "toolshed.iso";
+    squashfsCompression = "zstd";
+    appendToMenuLabel = " Toolshed ${self.lastModifiedDate}";
+    makeEfiBootable = true; # EFI booting
+    makeUsbBootable = true; # USB booting
  };

+  boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
+
+  swapDevices = [];
+
  services = {
-    nsd = {
+    pcscd.enable = true;
+    udev.packages = [pkgs.yubikey-personalization];
+    getty.autologinUser = "nixos";
+    xserver = {
      enable = true;
-      interfaces = ["0.0.0.0" "::"];
-      zones = {
-        "jakstys.lt.".data = myData.jakstysLTZone;
+      desktopManager.xfce.enable = true;
+      displayManager = {
+        lightdm.enable = true;
+        autoLogin = {
+          enable = true;
+          user = "nixos";
+        };
      };
    };
  };

+  programs = {
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  users.users = {
+    nixos = {
+      isNormalUser = true;
+      extraGroups = ["wheel" "video"];
+      initialHashedPassword = "";
+    };
+    root.initialHashedPassword = "";
+  };
+
+  security = {
+    pam.services.lightdm.text = ''
+      auth sufficient pam_succeed_if.so user ingroup wheel
+    '';
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
+  };
+
+  # from yubikey-guide
+  environment.systemPackages = with pkgs; [
+    paperkey
+    pgpdump
+    parted
+    cryptsetup
+
+    yubikey-manager
+    yubikey-manager-qt
+    yubikey-personalization
+    yubikey-personalization-gui
+    yubico-piv-tool
+    yubioath-flutter
+
+    ent
+    haskellPackages.hopenpgp-tools
+
+    diceware
+    pwgen
+
+    cfssl
+    pcsctools
+  ];
+
  networking = {
    hostName = "vm";
-    domain = "jakstys.lt";
-    firewall = {
-      allowedTCPPorts = [53];
-      allowedUDPPorts = [53];
-    };
+    domain = "example.org";
+    firewall.allowedTCPPorts = [22];
  };

  nix = {
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -42,6 +42,7 @@
    base = {
      zfs.enable = true;
      users = {
+        enable = true;
        passwd = {
          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
--- a/hosts/vno3-rp3b/configuration.nix
+++ b/hosts/vno3-rp3b/configuration.nix
@@ -56,9 +56,12 @@
    timeZone = "Europe/Vilnius";
    base = {
      zfs.enable = true;
-      users.passwd = {
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      users = {
+        enable = true;
+        passwd = {
+          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        };
      };
      unitstatus = {
        enable = true;