From e746c5ab3b432e6675390032038c440efdcaafe3 Mon Sep 17 00:00:00 2001 From: Xe Date: Fri, 9 Dec 2022 15:26:14 -0500 Subject: [PATCH] create nixos modules for work virtual machines Signed-off-by: Xe --- common/home-manager/fish/ssh-agent.fish | 2 + flake.nix | 125 +++++++++++++++++++++--- 2 files changed, 116 insertions(+), 11 deletions(-) diff --git a/common/home-manager/fish/ssh-agent.fish b/common/home-manager/fish/ssh-agent.fish index 8afd3ae..27de9c5 100644 --- a/common/home-manager/fish/ssh-agent.fish +++ b/common/home-manager/fish/ssh-agent.fish @@ -10,7 +10,9 @@ # Works with Fedora 26 and CentOS 7, for CentOS 6 you'll need a third party # repo for fish anyway so make sure it's recent enough. # + if status --is-interactive + mkdir -p ~/.ssh # Load the SSH environment variables if test -f ~/.ssh/environment diff --git a/flake.nix b/flake.nix index d66adbc..1e054cb 100644 --- a/flake.nix +++ b/flake.nix @@ -68,8 +68,6 @@ nixpkgs.overlays = [ emacs-overlay.overlay (self: super: { - nginxStable = - super.nginxStable.override { openssl = super.libressl; }; inherit (akkoma.legacyPackages.${super.system}) akkoma akkoma-frontends; }) @@ -93,16 +91,120 @@ ]; }; + nixosModules = { + home-manager = import ./common/home-manager; + workVM = ({ pkgs, config, ... }: { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + nixpkgs.overlays = [ emacs-overlay.overlay ]; + + networking.hostName = "toxapex"; + networking.nameservers = [ "100.100.100.100" ]; + + nix.package = pkgs.nixVersions.stable; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + security.pam.loginLimits = [{ + domain = "*"; + type = "soft"; + item = "nofile"; + value = "unlimited"; + }]; + + services.journald.extraConfig = '' + SystemMaxUse=100M + MaxFileSec=7day + ''; + + services.resolved = { + enable = true; + dnssec = "false"; + }; + + users.groups.xe = { }; + users.users.xe = { + extraGroups = [ + "wheel" + "docker" + "audio" + "plugdev" + "libvirtd" + "adbusers" + "dialout" + "within" + ]; + shell = pkgs.fish; + isNormalUser = true; + group = "xe"; + }; + + boot.binfmt.emulatedSystems = [ "wasm32-wasi" ]; + + environment.systemPackages = with pkgs; [ mosh flyctl ]; + virtualisation.docker.enable = true; + + services.tailscale.enable = true; + + home-manager.users.xe = { lib, ... }: + let + name = "Xe Iaso"; + email = "xe@tailscale.com"; + commitTemplate = pkgs.writeTextFile { + name = "xe-commit-template"; + text = '' + Signed-off-by: ${name} <${email}> + ''; + }; + in { + imports = [ ./common/home-manager ]; + + within = { + emacs.enable = true; + fish.enable = true; + neofetch.enable = true; + vim.enable = true; + tmux.enable = true; + }; + + services.lorri.enable = true; + services.emacs.enable = lib.mkForce false; + programs.direnv.enable = true; + programs.direnv.nix-direnv.enable = true; + + programs.git = { + package = pkgs.gitAndTools.gitFull; + enable = true; + userName = name; + userEmail = email; + ignores = [ "*~" "*.swp" "*.#" ]; + delta.enable = true; + extraConfig = { + commit.template = "${commitTemplate}"; + core.editor = "vim"; + color.ui = "auto"; + credential.helper = "store --file ~/.git-credentials"; + format.signoff = true; + init.defaultBranch = "main"; + protocol.keybase.allow = "always"; + pull.rebase = "true"; + push.default = "current"; + }; + }; + }; + }); + }; + nixosConfigurations = { - toxapex = let - pkgs = nixpkgs.legacyPackages."aarch64-linux"; in nixpkgs.lib.nixosSystem rec { + toxapex = let pkgs = nixpkgs.legacyPackages."aarch64-linux"; + in nixpkgs.lib.nixosSystem rec { system = "aarch64-linux"; modules = [ home-manager.nixosModules.home-manager - ({ ... } :{ - imports = [./hosts/toxapex]; - }) + ({ ... }: { imports = [ ./hosts/toxapex ]; }) ({ config, ... }: { home-manager.useGlobalPkgs = true; @@ -119,6 +221,7 @@ experimental-features = nix-command flakes ''; + users.groups.xe = { }; users.users.xe = { extraGroups = [ "wheel" @@ -190,14 +293,14 @@ }; # work VM - froslass = let - pkgs = nixpkgs.legacyPackages."aarch64-linux"; in nixpkgs.lib.nixosSystem rec { + froslass = let pkgs = nixpkgs.legacyPackages."aarch64-linux"; + in nixpkgs.lib.nixosSystem rec { system = "aarch64-linux"; modules = [ home-manager.nixosModules.home-manager - ({ ... } :{ - imports = [./hosts/froslass ./hardware/macos-rosetta]; + ({ ... }: { + imports = [ ./hosts/froslass ./hardware/macos-rosetta ]; fileSystems."/host" = { device = "share"; fsType = "virtiofs";