From 07151ec1145de37b8a9a20993b110e2a427157d2 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Mon, 29 Aug 2022 20:48:19 -0400 Subject: minideck config --- machines/minideck.nix | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 machines/minideck.nix (limited to 'machines') diff --git a/machines/minideck.nix b/machines/minideck.nix new file mode 100644 index 0000000..fba0e73 --- /dev/null +++ b/machines/minideck.nix @@ -0,0 +1,63 @@ +{ lib, config, pkgs, ... }: + +with lib; + +{ + orbekk.simple-firewall.enable = mkForce false; + + # Install desktop packages, but don't enable X11. + orbekk.desktop.enable = true; + services.xserver.enable = mkForce false; + services.xserver.displayManager.lightdm.enable = mkForce false; + + nix.gc.persistent = false; + + boot.cleanTmpDir = mkForce false; # Don't delete bind mounts in /tmp. + boot.isContainer = true; + boot.postBootCommands = + '' + # After booting, register the contents of the Nix store in the Nix + # database. + if [ -f /nix-path-registration ]; then + ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration && + rm /nix-path-registration + fi + # nixos-rebuild also requires a "system" profile + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ''; + + environment.defaultPackages = with pkgs; [ neovim xmonad ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + ''; + + networking.hostName = "minideck"; + networking.interfaces.host0 = { + ipv4.addresses = [ { address = "172.20.199.2"; prefixLength = 24; } ]; + ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "172.20.199.1"; } ]; + }; + + users.users.root.initialHashedPassword = mkOverride 150 ""; + + system.activationScripts.installInitScript = mkForce '' + ln -fs $systemConfig/init /sbin/init + ''; + environment.shellInit = '' + source /.host-profile + ''; + services.openssh.enable = mkDefault true; + services.openssh.startWhenNeeded = mkDefault true; + system.stateVersion = "22.05"; + + systemd.tmpfiles.rules = [ + # Don't remove the X11 socket. + "d /tmp/.X11-unix 1777 root root" + ]; + systemd.suppressedSystemUnits = [ + "systemd-udev-trigger.service" + "systemd-udevd.service" + "sys-fs-fuse-connections.mount" + "sys-kernel-debug.mount" + "dev-mqueue.mount" + ]; +} -- cgit v1.2.3