[fugitive] Add config for an impermanent system

2023-08-20 08:48:31 +02:00
commit 8bc595175d
7 changed files with 193 additions and 0 deletions
--- a/lib/systems/fugitive/default.nix
+++ b/lib/systems/fugitive/default.nix
@@ -0,0 +1,46 @@
+{ impermanence, pkgs, ... }:
+{
+
+  imports = [
+    ./hardware.nix
+    ../../users/christian
+  ];
+
+  services = {
+    openssh = {
+      enable = true;
+      ports = [ 2322 2323 2324 ];
+    };
+  };
+
+  programs.mosh.enable = true;
+
+  users.mutableUsers = false;
+  users.users = {
+    christian = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  security = {
+    sudo = {
+      wheelNeedsPassword = false;
+      extraConfig = ''
+        Defaults lecture = never
+      '';
+    };
+  };
+
+  nix.settings = {
+    trusted-users = [ "@wheel" ];
+    trusted-public-keys = [
+      "labyrinth-1:GCR2h5k9WFvome2mrFRBtiWw7sAn+pYZwXRwAj9W0b0="
+    ];
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  system.stateVersion = "23.05";
+}
--- a/lib/systems/fugitive/hardware.nix
+++ b/lib/systems/fugitive/hardware.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "none";
+      fsType = "tmpfs";
+      options = [ "size=2G" "mode=755" ];
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/89B2-E6A2";
+      fsType = "vfat";
+    };
+
+  fileSystems."/nix" =
+    {
+      device = "/dev/disk/by-uuid/19368166-7977-48b9-bc04-8fccaa22195f";
+      fsType = "btrfs";
+      options = [ "subvol=nix" "compress=zstd" ];
+    };
+
+  fileSystems."/persist" =
+    {
+      device = "/dev/disk/by-uuid/19368166-7977-48b9-bc04-8fccaa22195f";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=persist" "compress=zstd" ];
+    };
+
+  environment.persistence."/persist" =
+    {
+      hideMounts = true;
+      directories = [
+        "/etc/nixos"
+        "/var/log"
+      ];
+      files = [
+        "/etc/machine-id"
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+      ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/lib/users/christian/default.nix
+++ b/lib/users/christian/default.nix
@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+
+  config = {
+    users.users.christian = {
+      packages = with pkgs; [ vim git ];
+      openssh.authorizedKeys.keyFiles = [ ./pubkey ];
+    };
+  };
+  
+}
--- a/lib/users/christian/pubkey
+++ b/lib/users/christian/pubkey
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARnzZmkww44RsVtSfia/XdqGZcvvbYHvM2MvgQSg59c christian@labyrinth
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARnzZmkww44RsVtSfia/XdqGZcvvbYHvM2MvgQSg59c christian@labyrinth`