swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 17:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
.dotfiles/hosts/nixos/iso/default.nix
Leon Schwarzäugl e15ab08adf
refactor: full module system implemented
2025-04-17 11:03:15 +02:00

116 lines
4.4 KiB
Nix
Raw Blame History

{ self, pkgs, inputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }:
let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
"${modulesPath}/installer/cd-dvd/channel.nix"
"${self}/modules/iso/minimal.nix"
"${self}/modules/nixos/common/sharedsetup.nix"
"${self}/modules/home/common/sharedsetup.nix"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."${primaryUser}".imports = [
"${self}/modules/home/common/settings.nix"
"${self}/modules/home/common/sharedsetup.nix"
];
}
];
home-manager.users."${primaryUser}" = {
home = {
stateVersion = "23.05";
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
};
};
};
swarselsystems.modules.general = lib.mkForce true;
};
home-manager.users.root.home = {
stateVersion = "23.05";
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
};
};
};
# environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
environment.etc."issue".source = "${self}/programs/etc/issue";
networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
isoImage = {
makeEfiBootable = true;
makeUsbBootable = true;
squashfsCompression = "zstd -Xcompression-level 3";
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
};
services.getty.autologinUser = lib.mkForce primaryUser;
users = {
allowNoPasswordLogin = true;
groups.swarsel = { };
users = {
swarsel = {
name = primaryUser;
group = primaryUser;
isNormalUser = true;
password = "setup"; # this is overwritten after install
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = [ "wheel" ];
};
root = {
# password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install
openssh.authorizedKeys.keys = config.users.users."${primaryUser}".openssh.authorizedKeys.keys;
};
};
};
boot = {
loader.systemd-boot.enable = lib.mkForce true;
loader.efi.canTouchEfiVariables = true;
};
programs.bash.shellAliases = {
"swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --";
};
system.activationScripts.cache = {
text = ''
mkdir -p -m=0777 /home/${primaryUser}/.local/state/nix/profiles
mkdir -p -m=0777 /home/${primaryUser}/.local/state/home-manager/gcroots
mkdir -p -m=0777 /home/${primaryUser}/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/${primaryUser}/.local/share/nix/trusted-settings.json > /dev/null
mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null
'';
};
systemd = {
services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
};
system.stateVersion = lib.mkForce "23.05";
networking = {
hostName = "drugstore";
wireless.enable = false;
};
}
Reference in a new issue View git blame Copy permalink