blob: 7a769368f9f2e3c1c5deb2cb68d6b2770036129a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
{ lib, config, pkgs, ... }:
with lib;
{
orbekk.simple-firewall.enable = mkForce false;
# Install desktop packages, but don't enable X11.
orbekk.desktop.enable = true;
orbekk.development.enable = true;
services.xserver.enable = mkForce false;
services.xserver.displayManager.lightdm.enable = mkForce false;
# Fake pipewire socket activation.
services.pipewire.socketActivation = false;
systemd.user.services.pipewire-setup = {
description = "Link pipewire socket";
after = [ "paths.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/ln -s /tmp/pipewire-0 %t/pipewire-0";
Type = "oneshot";
};
};
# GPG socket is forwarded by SSH.
systemd.user.sockets.gpg-agent.enable = mkForce false;
nix.gc.persistent = false;
boot.cleanTmpDir = mkForce false; # Don't delete bind mounts in /tmp.
boot.isContainer = true;
boot.postBootCommands = ''
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
environment.defaultPackages = with pkgs; [ neovim xmonad ];
environment.etc."resolv.conf".text = ''
nameserver 172.20.100.1
nameserver 8.8.8.8
'';
networking.hostName = "minideck";
networking.interfaces.host0 = {
ipv4.addresses = [{
address = "172.20.199.2";
prefixLength = 24;
}];
ipv4.routes = [{
address = "0.0.0.0";
prefixLength = 0;
via = "172.20.199.1";
}];
};
users.users.root.initialHashedPassword = mkOverride 150 "";
system.activationScripts.installInitScript = mkForce ''
ln -fs $systemConfig/init /sbin/init
'';
environment.shellInit = ''
source /.host-profile
'';
services.openssh.enable = mkDefault true;
services.openssh.startWhenNeeded = mkDefault true;
system.stateVersion = "22.05";
systemd.tmpfiles.rules = [
# Don't remove the X11 socket.
"d /tmp/.X11-unix 1777 root root"
];
systemd.suppressedSystemUnits = [
"systemd-udev-trigger.service"
"systemd-udevd.service"
"sys-fs-fuse-connections.mount"
"sys-kernel-debug.mount"
"dev-mqueue.mount"
];
}
|
