summaryrefslogtreecommitdiff
path: root/machines
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2022-08-29 20:48:19 -0400
committerKjetil Orbekk <kj@orbekk.com>2022-08-29 20:48:19 -0400
commit07151ec1145de37b8a9a20993b110e2a427157d2 (patch)
treecb00c551151c9b5b33acf9d8d19efd378d4ec36f /machines
parentb1336c73169638bb9a5343dd89c94069adbf16b0 (diff)
minideck config
Diffstat (limited to 'machines')
-rw-r--r--machines/minideck.nix63
1 files changed, 63 insertions, 0 deletions
diff --git a/machines/minideck.nix b/machines/minideck.nix
new file mode 100644
index 0000000..fba0e73
--- /dev/null
+++ b/machines/minideck.nix
@@ -0,0 +1,63 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+{
+ orbekk.simple-firewall.enable = mkForce false;
+
+ # Install desktop packages, but don't enable X11.
+ orbekk.desktop.enable = true;
+ services.xserver.enable = mkForce false;
+ services.xserver.displayManager.lightdm.enable = mkForce false;
+
+ nix.gc.persistent = false;
+
+ boot.cleanTmpDir = mkForce false; # Don't delete bind mounts in /tmp.
+ boot.isContainer = true;
+ boot.postBootCommands =
+ ''
+ # After booting, register the contents of the Nix store in the Nix
+ # database.
+ if [ -f /nix-path-registration ]; then
+ ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
+ rm /nix-path-registration
+ fi
+ # nixos-rebuild also requires a "system" profile
+ ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+ '';
+
+ environment.defaultPackages = with pkgs; [ neovim xmonad ];
+ environment.etc."resolv.conf".text = ''
+ nameserver 8.8.8.8
+ '';
+
+ networking.hostName = "minideck";
+ networking.interfaces.host0 = {
+ ipv4.addresses = [ { address = "172.20.199.2"; prefixLength = 24; } ];
+ ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "172.20.199.1"; } ];
+ };
+
+ users.users.root.initialHashedPassword = mkOverride 150 "";
+
+ system.activationScripts.installInitScript = mkForce ''
+ ln -fs $systemConfig/init /sbin/init
+ '';
+ environment.shellInit = ''
+ source /.host-profile
+ '';
+ services.openssh.enable = mkDefault true;
+ services.openssh.startWhenNeeded = mkDefault true;
+ system.stateVersion = "22.05";
+
+ systemd.tmpfiles.rules = [
+ # Don't remove the X11 socket.
+ "d /tmp/.X11-unix 1777 root root"
+ ];
+ systemd.suppressedSystemUnits = [
+ "systemd-udev-trigger.service"
+ "systemd-udevd.service"
+ "sys-fs-fuse-connections.mount"
+ "sys-kernel-debug.mount"
+ "dev-mqueue.mount"
+ ];
+}