minideck config

author: Kjetil Orbekk <kj@orbekk.com> 2022-08-29 20:48:19 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2022-08-29 20:48:19 -0400
commit: 07151ec1145de37b8a9a20993b110e2a427157d2 (patch)
tree: cb00c551151c9b5b33acf9d8d19efd378d4ec36f /machines
parent: b1336c73169638bb9a5343dd89c94069adbf16b0 (diff)
1 files changed, 63 insertions, 0 deletions
diff --git a/machines/minideck.nix b/machines/minideck.nix
new file mode 100644
index 0000000..fba0e73
--- /dev/null
+++ b/machines/minideck.nix
@@ -0,0 +1,63 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+{
+  orbekk.simple-firewall.enable = mkForce false;
+
+  # Install desktop packages, but don't enable X11.
+  orbekk.desktop.enable = true;
+  services.xserver.enable = mkForce false;
+  services.xserver.displayManager.lightdm.enable = mkForce false;
+
+  nix.gc.persistent = false;
+
+  boot.cleanTmpDir = mkForce false;  # Don't delete bind mounts in /tmp.
+  boot.isContainer = true;
+  boot.postBootCommands =
+  ''
+    # After booting, register the contents of the Nix store in the Nix
+    # database.
+    if [ -f /nix-path-registration ]; then
+      ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
+      rm /nix-path-registration
+    fi
+    # nixos-rebuild also requires a "system" profile
+    ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+  '';
+
+  environment.defaultPackages = with pkgs; [ neovim xmonad ];
+  environment.etc."resolv.conf".text = ''
+    nameserver 8.8.8.8
+  '';
+
+  networking.hostName = "minideck";
+  networking.interfaces.host0 = {
+    ipv4.addresses = [ { address = "172.20.199.2"; prefixLength = 24; } ];
+    ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "172.20.199.1"; } ];
+  };
+
+  users.users.root.initialHashedPassword = mkOverride 150 "";
+ 
+  system.activationScripts.installInitScript = mkForce ''
+   ln -fs $systemConfig/init /sbin/init
+ '';
+ environment.shellInit = ''
+   source /.host-profile
+ '';
+ services.openssh.enable = mkDefault true;
+ services.openssh.startWhenNeeded = mkDefault true;
+   system.stateVersion = "22.05";
+
+   systemd.tmpfiles.rules = [
+     # Don't remove the X11 socket.
+     "d /tmp/.X11-unix 1777 root root"
+   ];
+  systemd.suppressedSystemUnits = [
+    "systemd-udev-trigger.service"
+    "systemd-udevd.service"
+    "sys-fs-fuse-connections.mount"
+    "sys-kernel-debug.mount"
+    "dev-mqueue.mount"
+  ];
+}
author	Kjetil Orbekk <kj@orbekk.com>	2022-08-29 20:48:19 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2022-08-29 20:48:19 -0400
commit	07151ec1145de37b8a9a20993b110e2a427157d2 (patch)
tree	cb00c551151c9b5b33acf9d8d19efd378d4ec36f /machines
parent	b1336c73169638bb9a5343dd89c94069adbf16b0 (diff)