[fugitive] Add config for an impermanent system

.gitignore

@@ -0,0 +1,2 @@
+/result
+*.qcow2

flake.lock

@@ -0,0 +1,42 @@
+{
+  "nodes": {
+    "impermanence": {
+      "locked": {
+        "lastModified": 1690797372,
+        "narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1692339729,
+        "narHash": "sha256-TUK76/Pqm9qIDjEGd27Lz9EiBIvn5F70JWDmEQ4Y5DQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ae521bd4e460b076a455dca8b13f4151489a725c",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "impermanence": "impermanence",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,24 @@
+{
+  description = "Personal Infrastructure stuff?";
+
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-23.05";
+    impermanence.url = "github:nix-community/impermanence";
+  };
+
+
+  outputs = {self, nixpkgs, impermanence}: {
+
+      nixosConfigurations = {
+        fugitive = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            impermanence.outputs.nixosModules.impermanence
+            ./lib/systems/fugitive
+          ];
+        };
+      };
+
+  };
+}

lib/systems/fugitive/default.nix

@@ -0,0 +1,46 @@
+{ impermanence, pkgs, ... }:
+{
+
+  imports = [
+    ./hardware.nix
+    ../../users/christian
+  ];
+
+  services = {
+    openssh = {
+      enable = true;
+      ports = [ 2322 2323 2324 ];
+    };
+  };
+
+  programs.mosh.enable = true;
+
+  users.mutableUsers = false;
+  users.users = {
+    christian = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  security = {
+    sudo = {
+      wheelNeedsPassword = false;
+      extraConfig = ''
+        Defaults lecture = never
+      '';
+    };
+  };
+
+  nix.settings = {
+    trusted-users = [ "@wheel" ];
+    trusted-public-keys = [
+      "labyrinth-1:GCR2h5k9WFvome2mrFRBtiWw7sAn+pYZwXRwAj9W0b0="
+    ];
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  system.stateVersion = "23.05";
+}

lib/systems/fugitive/hardware.nix

@@ -0,0 +1,68 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "none";
+      fsType = "tmpfs";
+      options = [ "size=2G" "mode=755" ];
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/89B2-E6A2";
+      fsType = "vfat";
+    };
+
+  fileSystems."/nix" =
+    {
+      device = "/dev/disk/by-uuid/19368166-7977-48b9-bc04-8fccaa22195f";
+      fsType = "btrfs";
+      options = [ "subvol=nix" "compress=zstd" ];
+    };
+
+  fileSystems."/persist" =
+    {
+      device = "/dev/disk/by-uuid/19368166-7977-48b9-bc04-8fccaa22195f";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=persist" "compress=zstd" ];
+    };
+
+  environment.persistence."/persist" =
+    {
+      hideMounts = true;
+      directories = [
+        "/etc/nixos"
+        "/var/log"
+      ];
+      files = [
+        "/etc/machine-id"
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+      ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

lib/users/christian/default.nix

@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+
+  config = {
+    users.users.christian = {
+      packages = with pkgs; [ vim git ];
+      openssh.authorizedKeys.keyFiles = [ ./pubkey ];
+    };
+  };
+  
+}

lib/users/christian/pubkey

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARnzZmkww44RsVtSfia/XdqGZcvvbYHvM2MvgQSg59c christian@labyrinth