bring back "vm"

flake.nix

@@ -106,23 +106,23 @@
     ];
   in
     {
-      #nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
-      #  system = "x86_64-linux";
-      #  modules = [
-      #    ./hosts/vm/configuration.nix
-      #    ./modules
-      #  ];
-
-      #  specialArgs = {inherit myData;} // inputs;
-      #};
-
       nixosConfigurations = {
+        vm = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            {nixpkgs.overlays = overlays;}
+            home-manager.nixosModules.home-manager
+            ./hosts/vm/configuration.nix
+            ./modules
+          ];
+          specialArgs = {inherit myData;} // inputs;
+        };
+
         vno1-oh2 = nixpkgs.lib.nixosSystem rec {
           system = "x86_64-linux";
           modules = [
             {nixpkgs.overlays = overlays;}
             ./hosts/vno1-oh2/configuration.nix
-
             ./modules
 
             agenix.nixosModules.default

hosts/fra1-a/configuration.nix

@@ -32,9 +32,12 @@
     stateVersion = "23.05";
     timeZone = "UTC";
     base = {
-      users.passwd = {
+      users = {
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+        enable = true;
-        motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        passwd = {
+          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        };
       };
 
       unitstatus = {

hosts/fwminex/configuration.nix

@@ -63,6 +63,7 @@ in {
     base = {
       zfs.enable = true;
       users = {
+        enable = true;
         fullDesktop = true;
         passwd = {
           root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;

hosts/vm/configuration.nix

@@ -1,41 +1,137 @@
 {
+  self,
+  lib,
   pkgs,
-  myData,
+  modulesPath,
   ...
 }: {
-  mj = {
+  imports = [
-    stateVersion = "23.05";
+    "${modulesPath}/profiles/all-hardware.nix"
-    timeZone = "UTC";
+    "${modulesPath}/installer/cd-dvd/iso-image.nix"
+    ../../modules/profiles/desktop
+  ];
 
-    base.users.passwd = {
+  home-manager.useGlobalPkgs = true;
-      root.initialPassword = "live";
+  home-manager.users.nixos = {
+    #config,
+    pkgs,
+    ...
+  }:
+    lib.mkMerge [
+      (import ../../shared/home/default.nix {
+        inherit lib;
+        inherit pkgs;
+        #inherit (config.mj) stateVersion;
+        stateVersion = "23.11";
+        username = "nixos";
+        fullDesktop = true;
+        hmOnly = false;
+        email = "motiejus@jakstys.lt";
+      })
+      {
+        programs.bash = {
+          enable = true;
+          shellAliases = {
+            "l" = "echo -n ł | xclip -selection clipboard";
+            "gp" = "${pkgs.git}/bin/git remote | ${pkgs.parallel}/bin/parallel --verbose git push";
+          };
+        };
+      }
+    ];
+
+  mj = {
+    stateVersion = "23.11";
+    timeZone = "UTC";
+    desktop = {
+      username = "nixos";
+      configureDM = false;
     };
   };
 
-  environment = {
+  isoImage = {
-    systemPackages = with pkgs; [
+    isoName = "toolshed.iso";
-      tmux
+    squashfsCompression = "zstd";
-      htop
+    appendToMenuLabel = " Toolshed ${self.lastModifiedDate}";
-    ];
+    makeEfiBootable = true; # EFI booting
+    makeUsbBootable = true; # USB booting
   };
 
+  boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
+
+  swapDevices = [];
+
   services = {
-    nsd = {
+    pcscd.enable = true;
+    udev.packages = [pkgs.yubikey-personalization];
+    getty.autologinUser = "nixos";
+    xserver = {
       enable = true;
-      interfaces = ["0.0.0.0" "::"];
+      desktopManager.xfce.enable = true;
-      zones = {
+      displayManager = {
-        "jakstys.lt.".data = myData.jakstysLTZone;
+        lightdm.enable = true;
+        autoLogin = {
+          enable = true;
+          user = "nixos";
+        };
       };
     };
   };
 
+  programs = {
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  users.users = {
+    nixos = {
+      isNormalUser = true;
+      extraGroups = ["wheel" "video"];
+      initialHashedPassword = "";
+    };
+    root.initialHashedPassword = "";
+  };
+
+  security = {
+    pam.services.lightdm.text = ''
+      auth sufficient pam_succeed_if.so user ingroup wheel
+    '';
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
+  };
+
+  # from yubikey-guide
+  environment.systemPackages = with pkgs; [
+    paperkey
+    pgpdump
+    parted
+    cryptsetup
+
+    yubikey-manager
+    yubikey-manager-qt
+    yubikey-personalization
+    yubikey-personalization-gui
+    yubico-piv-tool
+    yubioath-flutter
+
+    ent
+    haskellPackages.hopenpgp-tools
+
+    diceware
+    pwgen
+
+    cfssl
+    pcsctools
+  ];
+
   networking = {
     hostName = "vm";
-    domain = "jakstys.lt";
+    domain = "example.org";
-    firewall = {
+    firewall.allowedTCPPorts = [22];
-      allowedTCPPorts = [53];
-      allowedUDPPorts = [53];
-    };
   };
 
   nix = {

hosts/vno1-oh2/configuration.nix

@@ -42,6 +42,7 @@
     base = {
       zfs.enable = true;
       users = {
+        enable = true;
         passwd = {
           root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
           motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;

hosts/vno3-rp3b/configuration.nix

@@ -56,9 +56,12 @@
     timeZone = "Europe/Vilnius";
     base = {
       zfs.enable = true;
-      users.passwd = {
+      users = {
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+        enable = true;
-        motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        passwd = {
+          root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+          motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+        };
       };
       unitstatus = {
         enable = true;

modules/base/users/default.nix

@@ -7,6 +7,7 @@
   cfg = config.mj.base.users;
 in {
   options.mj.base.users = with lib.types; {
+    enable = lib.mkEnableOption "enable motiejus and root";
     fullDesktop = lib.mkOption {
       type = bool;
       default = false;
@@ -32,7 +33,7 @@ in {
     };
   };
 
-  config = {
+  config = lib.mkIf cfg.enable {
     users = {
       mutableUsers = false;
 

modules/base/zfs/default.nix

@@ -8,7 +8,9 @@
   };
 
   config = lib.mkIf config.mj.base.zfs.enable {
-    services.zfs = assert lib.assertMsg config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; {
+    # TODO
+    #services.zfs = assert lib.assertMsg (config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; {
+    services.zfs = {
       autoScrub.enable = true;
       trim.enable = true;
       expandOnBoot = "all";

modules/profiles/desktop/default.nix

@@ -1,8 +1,22 @@
 {
-  config,
+  lib,
   pkgs,
+  config,
   ...
-}: {
+}: let
+  cfg = config.mj.desktop;
+in {
+  options.mj.desktop = with lib.types; {
+    username = lib.mkOption {
+      type = str;
+      default = "motiejus";
+    };
+    configureDM = lib.mkOption {
+      type = bool;
+      default = true;
+    };
+  };
+
   config = {
     hardware.bluetooth = {
       enable = true;
@@ -17,7 +31,7 @@
       wireshark.enable = true;
     };
 
-    mj.base.users.passwd.motiejus.extraGroups = ["adbusers" "networkmanager" "wireshark"];
+    mj.base.users.passwd.${cfg.username}.extraGroups = ["adbusers" "networkmanager" "wireshark"];
 
     services = {
       fwupd.enable = true;
@@ -42,12 +56,12 @@
         desktopManager.xfce.enable = true;
         windowManager.awesome.enable = true;
 
-        displayManager = {
+        displayManager = lib.mkIf cfg.configureDM {
           sddm.enable = true;
           defaultSession = "none+awesome";
           autoLogin = {
             enable = true;
-            user = "motiejus";
+            user = cfg.username;
           };
         };
       };
@@ -201,7 +215,7 @@
     # https://discourse.nixos.org/t/nixos-rebuild-switch-upgrade-networkmanager-wait-online-service-failure/30746
     systemd.services.NetworkManager-wait-online.enable = false;
 
-    home-manager.users.motiejus = {
+    home-manager.users.${cfg.username} = {
       pkgs,
       config,
       ...

shared/home/default.nix

@@ -5,6 +5,7 @@
   email,
   fullDesktop,
   hmOnly,
+  username ? "motiejus",
   ...
 }: let
   pkgNicer = pkgs.writeShellApplication {
@@ -70,10 +71,8 @@
   glintel = mkWrapped pkgs.nixgl.nixGLIntel;
 in {
   home = {
-    inherit stateVersion;
+    inherit stateVersion username;
-
+    homeDirectory = "/home/${username}";
-    username = "motiejus";
-    homeDirectory = "/home/motiejus";
   };
 
   home.packages = with pkgs;