blob: fba0e73c86fcaccbf2b6ed6641d571522610e83f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
{ lib, config, pkgs, ... }:
with lib;
{
orbekk.simple-firewall.enable = mkForce false;
# Install desktop packages, but don't enable X11.
orbekk.desktop.enable = true;
services.xserver.enable = mkForce false;
services.xserver.displayManager.lightdm.enable = mkForce false;
nix.gc.persistent = false;
boot.cleanTmpDir = mkForce false; # Don't delete bind mounts in /tmp.
boot.isContainer = true;
boot.postBootCommands =
''
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
environment.defaultPackages = with pkgs; [ neovim xmonad ];
environment.etc."resolv.conf".text = ''
nameserver 8.8.8.8
'';
networking.hostName = "minideck";
networking.interfaces.host0 = {
ipv4.addresses = [ { address = "172.20.199.2"; prefixLength = 24; } ];
ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "172.20.199.1"; } ];
};
users.users.root.initialHashedPassword = mkOverride 150 "";
system.activationScripts.installInitScript = mkForce ''
ln -fs $systemConfig/init /sbin/init
'';
environment.shellInit = ''
source /.host-profile
'';
services.openssh.enable = mkDefault true;
services.openssh.startWhenNeeded = mkDefault true;
system.stateVersion = "22.05";
systemd.tmpfiles.rules = [
# Don't remove the X11 socket.
"d /tmp/.X11-unix 1777 root root"
];
systemd.suppressedSystemUnits = [
"systemd-udev-trigger.service"
"systemd-udevd.service"
"sys-fs-fuse-connections.mount"
"sys-kernel-debug.mount"
"dev-mqueue.mount"
];
}
|
