4 files changed, 72 insertions, 7 deletions

diff --git a/flake.nix b/flake.nix
index 0d04166..0243a8f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -91,9 +91,8 @@
           }
           { hostName = "dragon"; }
           { hostName = "firelink"; }
-          {
-            hostName = "tiny1";
-          }
+          { hostName = "tiny1"; }
+	  { hostName = "minideck"; }
           # { hostName = "testvm"; module = {
           #     users.users.orbekk.initialHashedPassword = "";
           #   }; }
diff --git a/machines/minideck.nix b/machines/minideck.nix
new file mode 100644
index 0000000..fba0e73
--- /dev/null
+++ b/machines/minideck.nix
@@ -0,0 +1,63 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+{
+  orbekk.simple-firewall.enable = mkForce false;
+
+  # Install desktop packages, but don't enable X11.
+  orbekk.desktop.enable = true;
+  services.xserver.enable = mkForce false;
+  services.xserver.displayManager.lightdm.enable = mkForce false;
+
+  nix.gc.persistent = false;
+
+  boot.cleanTmpDir = mkForce false;  # Don't delete bind mounts in /tmp.
+  boot.isContainer = true;
+  boot.postBootCommands =
+  ''
+    # After booting, register the contents of the Nix store in the Nix
+    # database.
+    if [ -f /nix-path-registration ]; then
+      ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
+      rm /nix-path-registration
+    fi
+    # nixos-rebuild also requires a "system" profile
+    ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+  '';
+
+  environment.defaultPackages = with pkgs; [ neovim xmonad ];
+  environment.etc."resolv.conf".text = ''
+    nameserver 8.8.8.8
+  '';
+
+  networking.hostName = "minideck";
+  networking.interfaces.host0 = {
+    ipv4.addresses = [ { address = "172.20.199.2"; prefixLength = 24; } ];
+    ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "172.20.199.1"; } ];
+  };
+
+  users.users.root.initialHashedPassword = mkOverride 150 "";
+ 
+  system.activationScripts.installInitScript = mkForce ''
+   ln -fs $systemConfig/init /sbin/init
+ '';
+ environment.shellInit = ''
+   source /.host-profile
+ '';
+ services.openssh.enable = mkDefault true;
+ services.openssh.startWhenNeeded = mkDefault true;
+   system.stateVersion = "22.05";
+
+   systemd.tmpfiles.rules = [
+     # Don't remove the X11 socket.
+     "d /tmp/.X11-unix 1777 root root"
+   ];
+  systemd.suppressedSystemUnits = [
+    "systemd-udev-trigger.service"
+    "systemd-udevd.service"
+    "sys-fs-fuse-connections.mount"
+    "sys-kernel-debug.mount"
+    "dev-mqueue.mount"
+  ];
+}
diff --git a/modules/desktop.nix b/modules/desktop.nix
index d0d3314..c3bf548 100644
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -25,9 +25,12 @@ in {
 
     nixpkgs.overlays = [
       (final: prev: {
-        xmonad = prev.xmonad.overrideAttrs (o: o // {
-          buildInputs = o.buildInputs + [ pkgs.xlibs.libXft ];
-        });
+        xmonad = (prev.xmonad-with-packages.override {
+	  packages = self: [ self.xmonad-contrib self.xmonad-extras ];
+	});
+	#.overrideAttrs (oldAttrs: rec {
+        #  buildInputs = oldAttrs.buildInputs + [ pkgs.xlibs.libXft ];
+        #});
       })
     ];
 
diff --git a/modules/vpn.nix b/modules/vpn.nix
index 5f8d932..0b532de 100644
--- a/modules/vpn.nix
+++ b/modules/vpn.nix
@@ -7,7 +7,7 @@ let
 
   mkConfig = host: ip: {
     ips = [ "${vpn-prefix}::${ip}/128" ];
-    publicKey = (builtins.readFile ../secrets/${host}-wireguard-key.pub);
+    publicKey = (builtins.readFile (../secrets + "/${host}-wireguard-key.pub"));
     endpoint = null;
     router = false;
   };