first commit

flake.lock

@@ -0,0 +1,213 @@
+{
+  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1676153903,
+        "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1674127017,
+        "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils_2"
+      },
+      "locked": {
+        "lastModified": 1675935446,
+        "narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2dce7f1a55e785a22d61668516df62899278c9e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1636849918,
+        "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1676297861,
+        "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "1e0a05219f2a557d4622bc38f542abb360518795",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1674641431,
+        "narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1676300157,
+        "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "agenix": "agenix",
+        "deploy-rs": "deploy-rs",
+        "home-manager": "home-manager",
+        "nixos-generators": "nixos-generators",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "utils_2": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,65 @@
+{
+  description = "NixOS configuration";
+
+  inputs = {
+    # Main nixpkgs channel
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    # Import home-manager modules
+    home-manager.url = "github:nix-community/home-manager";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    # Import deploy-rs for deployments
+    deploy-rs.url = "github:serokell/deploy-rs";
+    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
+
+    # Import nixos hardware quirks settings
+    #nixos-hardware.url = "github:NixOS/nixos-hardware";
+
+    #ssssh secret!! Agenix install
+    agenix.url = "github:ryantm/agenix";
+
+    #import nixos-generators for building images
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+  };
+
+  outputs =
+    inputs@{ self, nixpkgs, home-manager, nixos-generators, deploy-rs, agenix, ... }: {
+      nixosConfigurations = {
+        HyperV = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          # specialArgs = { inherit inputs; }; # Pass flake inputs to our config
+          modules = [
+            ./hosts/HyperV/configuration.nix
+            ./modules
+          ];
+        };
+
+      };
+
+      packages.x86_64-linux = {
+        HV = nixos-generators.nixosGenerate {
+          system = "x86_64-linux";
+          modules = [
+            ./hosts/HyperV/configuration.nix
+            ./hosts/HyperV/hyperv.nix
+            ./modules
+          ];
+          format = "hyperv";
+        };
+      };
+
+      deploy.nodes.HyperV = {
+        sshUser = "sstent";
+        user = "root";
+        hostname = "192.168.1.230";
+        remoteBuild = true;
+        magicRollback = false;
+        profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos
+          self.nixosConfigurations.HyperV;
+      };
+
+    };
+}

hosts/HyperV/configuration.nix

@@ -0,0 +1,47 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+
+{ lib, config, pkgs, modulesPath, ... }: {
+  # You can import other NixOS modules here
+
+  imports = [
+    # Include my hardware settings.
+    ./hardware.nix
+    # Include static network settings.
+    ./networking.nix
+    "${modulesPath}/virtualisation/hyperv-image.nix"
+
+  ];
+
+  nixpkgs = { config = { allowUnfree = true; }; };
+
+  nix = {
+    settings = {
+      experimental-features = "nix-command flakes";
+      auto-optimise-store = true;
+    };
+  };
+
+  networking.hostName = "HyperV";
+
+  boot.loader.systemd-boot.enable = true;
+  system.stateVersion = "23.05";
+
+  mymods = {
+     gnome.enable = true;
+     user_sstent.enable = true;
+     sshd.enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  environment.etc."ssh/ssh_host_rsa_key".source = ./ssh/ssh_host_rsa_key;
+  environment.etc."ssh/ssh_host_rsa_key".mode = "0400";
+  environment.etc."ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub;
+  environment.etc."ssh/ssh_host_ed25519_key".source = ./ssh/ssh_host_ed25519_key;
+  environment.etc."ssh/ssh_host_ed25519_key".mode = "0400";
+  environment.etc."ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub;
+
+
+
+}

hosts/HyperV/hardware.nix

@@ -0,0 +1,39 @@
+# This is just an example, you should generate yours with nixos-generate-config and put it in here.
+{
+  config,
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}: {
+  # Set your system kind (needed for flakes)
+    nixpkgs.hostPlatform = "x86_64-linux";
+    virtualisation.hypervGuest.videoMode  = "1920x1080";
+
+    boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = ["hv_sock"];
+
+    
+    # fileSystems."/" = {
+    #   device = "/dev/disk/by-label/nixos";
+    #   autoResize = true;
+    #   fsType = "ext4";
+    # };
+
+    # fileSystems."/boot" = {
+    #   device = "/dev/disk/by-label/ESP";
+    #   fsType = "vfat";
+    # };
+
+    fileSystems."/mnt/Public" = {
+        device = "//192.168.1.109/Public";
+        fsType = "cifs";
+        options = let
+          # this line prevents hanging on network split
+          automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+        # in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
+        in ["${automount_opts}"];
+    };
+
+}

hosts/HyperV/hyperv.nix

@@ -0,0 +1,11 @@
+  
+{ lib, config, pkgs, ... }: {
+  # You can import other NixOS modules here
+  hyperv = {
+    baseImageSize = 8096;
+  };
+
+# environment.etc = {
+#   nixos.source = ../..;
+# };
+}

hosts/HyperV/networking.nix

@@ -0,0 +1,24 @@
+{...}: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    useDHCP = false;
+    nameservers = [
+      "192.168.1.1"
+      "192.168.1.250"
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
+    defaultGateway = {
+      address = "192.168.1.1";
+    };
+    interfaces.eth0 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.1.230";
+          prefixLength = 24;
+        }
+      ];
+    };
+  };
+}

hosts/HyperV/ssh/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBRqPpgqp6hRtY97TI6Mz5vDrhL62QDJsO7oZtkOacFwAAAAJAcdclzHHXJ
+cwAAAAtzc2gtZWQyNTUxOQAAACBRqPpgqp6hRtY97TI6Mz5vDrhL62QDJsO7oZtkOacFwA
+AAAEC5jt0tLdgOmfZOlDMV4bDqH5Q4/8/mYmVdQxGwArBYaVGo+mCqnqFG1j3tMjozPm8O
+uEvrZAMmw7uhm2Q5pwXAAAAAC3Jvb3RASHlwZXJWAQI=
+-----END OPENSSH PRIVATE KEY-----

hosts/HyperV/ssh/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGo+mCqnqFG1j3tMjozPm8OuEvrZAMmw7uhm2Q5pwXA root@HyperV

hosts/HyperV/ssh/ssh_host_rsa_key

@@ -0,0 +1,49 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAgEAxa9NADvaI8tkW31dhAmJwbcP0bxhkSMu3QxrgwAonrh29w4HbWy8
+d6L2SELUZPg8/Lp8PmtE73usEtnpcpuLJkO6J2NXn6LMPZJH0uUXhIyKjaUaT4365SZuvi
+Z4ZPj7NYeaWBc5E15Z5YGSXmjjleSy/LNpPLzGVRlvXQ6x23kJAjmXz1iBZzfpvBNDi6NM
+wMVcDDAg648I8Yl1M/xxEschqYmdQG1h1ZwcqfewMjG5wgXKqppujQJzfO5u1he/TK0xny
+zhcKeteYboUlRjkJrM0d18Jt7uhf7xtBUq3ol7zMYq0vnWGdv3d/qFAofdGbO6AolU1Huk
+8tq7Y/A8yMI/ex6yRU7Ohxx2u5R+2FABtIiPOk6/a5YFrWdTcJeyyqsh1J2bSkN7eBtdQm
+J3kH4I1bFLFHEw7rXjiLC/TJlnYf6+CBi1fJ+rm91zq5q9I7866Sc4m+jmkC7Mho6w/j6r
+R0ro88DSIB9Ov36pxkuj+Iue2oSPfOh0rCoVt6h93wHo1qTVjGloLzXDpIFc5aLdjD8OZy
+QY42ONYpZ3bdKd2DahrtLodXuM8+TwGOcbHrrv1MkGoIVJ3Zhlyj8bCjsk3A1uphznQSNd
+ncZSRwtAcKqcC8veRSFop54ohNvKNY2QOvNmrht82xlRNVh3j65WyTQVS9hzKR/qZI+3so
+sAAAdA4yuADeMrgA0AAAAHc3NoLXJzYQAAAgEAxa9NADvaI8tkW31dhAmJwbcP0bxhkSMu
+3QxrgwAonrh29w4HbWy8d6L2SELUZPg8/Lp8PmtE73usEtnpcpuLJkO6J2NXn6LMPZJH0u
+UXhIyKjaUaT4365SZuviZ4ZPj7NYeaWBc5E15Z5YGSXmjjleSy/LNpPLzGVRlvXQ6x23kJ
+AjmXz1iBZzfpvBNDi6NMwMVcDDAg648I8Yl1M/xxEschqYmdQG1h1ZwcqfewMjG5wgXKqp
+pujQJzfO5u1he/TK0xnyzhcKeteYboUlRjkJrM0d18Jt7uhf7xtBUq3ol7zMYq0vnWGdv3
+d/qFAofdGbO6AolU1Huk8tq7Y/A8yMI/ex6yRU7Ohxx2u5R+2FABtIiPOk6/a5YFrWdTcJ
+eyyqsh1J2bSkN7eBtdQmJ3kH4I1bFLFHEw7rXjiLC/TJlnYf6+CBi1fJ+rm91zq5q9I786
+6Sc4m+jmkC7Mho6w/j6rR0ro88DSIB9Ov36pxkuj+Iue2oSPfOh0rCoVt6h93wHo1qTVjG
+loLzXDpIFc5aLdjD8OZyQY42ONYpZ3bdKd2DahrtLodXuM8+TwGOcbHrrv1MkGoIVJ3Zhl
+yj8bCjsk3A1uphznQSNdncZSRwtAcKqcC8veRSFop54ohNvKNY2QOvNmrht82xlRNVh3j6
+5WyTQVS9hzKR/qZI+3sosAAAADAQABAAACAAbEawLkiaGrD0rwfjiMaQpYHXMFG2PwC+Um
+TTHlWf6g+vWXJdrxm3wO+JZdr06rjs7qBWHPo0L9fVUB37N8LqXHMMKzbGb7GDnNXacTD5
+yKgR27Nqzdg+a/S5A32ew+976L31U/qkUG+FXaeyu/NHdHpnbvH12kare0ELNjUuRb/tp0
+JUXEVl21tMsq76eClhiNSQrjxOS7d0dpeLkoXaiSZ40ZuGfhtrUszHBnGcGGIUFKmHcBpW
+IvYMu4j9PFaVeTID0+OJN2MgKUgzR6ThQ/sF5I0jy0af7tTNHo3ZhTpYjLieDCC7nD5XNW
+gKInC4MbO3VlxSEnAG0N3tdbfIElbx3aakWo4f7LOicALeubmO0alOl6CexAhiErPySZVY
++XyjyoOWDcmqXe9Ax+l8RH+8fMLuf/DYJNXVGqkKUyEHnfe4pLOsLNhHBUyJg/gZooO6MZ
+QJurI1Yo9kfVkNFvKf4coNnvd1BSvE5ADxHX+7pOliBJScZP9G6Twy7KMlkvshdgBm3JFk
+/rTW7s1iVgLN6C595P2TfsnZxU0zN9M/sLZ9bNxQLHPpw+TxpVFHVcw4CsGjgRSLVnw89R
+qbDEchGOQemp0d4lD8taOdyivUyaqUi0/oAWgfOKPeY5mu+EtfHFyw5s3mvOItPosSqE/F
+x40PtaQnGT0xHOAa+5AAABAErqDojSOOgK6kQtaUn5RQmzXVYrMYGENfmpRzumz46sPILG
+gNY2uBMAbit5GCLQIqsnooQTZNzo55pmMxAgZkWqbSfM3Askr3vzSpctG7mCis7UTsWYKv
+HwPA98pS2n57u8Hjrkwzp6QxQvRaFwoH2AyUQvQeaT0g8UObngtBqIN7BgE8bgjQV7Ks2b
+xDmmGgJpX16Njy1ZBSFv/jNwcVQ/Bup/1Sn/4JtAOFeOAaNxR0zq/ZNmPGvLsnH2wkZz+e
+f+jUnASvKekypAXtLex+QuvIiX73HzTYkjV7XmiPnJTzX2glEoyLMpFOWrrTeo/uzNuSLo
+YBBNwltu1PPEp4UAAAEBAPJ8UGMzYkmecByxURFftKBbRYFtkTBm7TNnbR5KI1K/QKpKjQ
+4o/iaNo06127/r9bUkcFNCPwyWJD8lDlbIpkV0nkrZ4xSze7Mr4alo76gjS6rVCtf9BkDv
+N4yBAZl+SBUghsZeBH6JCbG+PrDI2evQitgZrVdGDbaaxcki/jOGVtQLhZrSMq+7vADkKl
+dRYRxe9bVYHowl6pWKpXYIwuVjNjj6CT/jP7Ct4koAmMWLNMUUJKYEDCvmbq8dOEG0R5Ax
+/m7xv0/GfuymTJ2+vx4RsEbTj2cl8Ouc7h5mNI89ngzg1GTOxjToAFinWvwlzw0G4+jLaj
+cg9PowZKK9z8kAAAEBANCzyWUouibyKpmmsfZvqp27PD/ItQxinba6lbV1uLQ+r+dqFbMo
+dcOjjNfYeRqrruVpeF7PXCiVYyds8dXKoa7CGtQUUsyLnQxOra7jFAbt3ZNdrAAwlQ64J1
+zPc2cd8avca+SuszPD8sOHmrjYqWMgeZbxpm0CRuN9EeN1FhGe4kMOi7vtzkjA0UZnwKbe
+0gZS67AQ3CqwEuWvGqUisX+wejzFAWsamYzd3zxqQ5OFtTeoD83Iw8KtlNrhosRKIJ6k0O
+p8rrDiAOx/A8qVmcXSr0c2RbRJSwYJkL2cuBRGoT3+XWa7e4HXlmVOKZsgfbBUsWl5rFB/
+zudLA/fCobMAAAALcm9vdEBIeXBlclY=
+-----END OPENSSH PRIVATE KEY-----

hosts/HyperV/ssh/ssh_host_rsa_key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFr00AO9ojy2RbfV2ECYnBtw/RvGGRIy7dDGuDACieuHb3DgdtbLx3ovZIQtRk+Dz8unw+a0Tve6wS2elym4smQ7onY1efosw9kkfS5ReEjIqNpRpPjfrlJm6+Jnhk+Ps1h5pYFzkTXlnlgZJeaOOV5LL8s2k8vMZVGW9dDrHbeQkCOZfPWIFnN+m8E0OLo0zAxVwMMCDrjwjxiXUz/HESxyGpiZ1AbWHVnByp97AyMbnCBcqqmm6NAnN87m7WF79MrTGfLOFwp615huhSVGOQmszR3Xwm3u6F/vG0FSreiXvMxirS+dYZ2/d3+oUCh90Zs7oCiVTUe6Ty2rtj8DzIwj97HrJFTs6HHHa7lH7YUAG0iI86Tr9rlgWtZ1Nwl7LKqyHUnZtKQ3t4G11CYneQfgjVsUsUcTDuteOIsL9MmWdh/r4IGLV8n6ub3XOrmr0jvzrpJzib6OaQLsyGjrD+PqtHSujzwNIgH06/fqnGS6P4i57ahI986HSsKhW3qH3fAejWpNWMaWgvNcOkgVzlot2MPw5nJBjjY41ilndt0p3YNqGu0uh1e4zz5PAY5xseuu/UyQaghUndmGXKPxsKOyTcDW6mHOdBI12dxlJHC0BwqpwLy95FIWinniiE28o1jZA682auG3zbGVE1WHePrlbJNBVL2HMpH+pkj7eyiw== root@HyperV

modules/base.nix

@@ -0,0 +1,18 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+
+{ lib, config, pkgs, inputs, ... }: {
+  # You can import other NixOS modules here
+
+  # imports = [
+  #   #./hardware-configuration.nix
+  # ];
+
+  imports = [ inputs.agenix.nixosModules.default ];
+  security.sudo.wheelNeedsPassword = false;
+
+  environment.systemPackages =
+    [ pkgs.cifs-utils inputs.agenix.packages.x86_64-linux.default ];
+  age.secrets.secret1.file = ../../secrets/secret1.age;
+
+}

modules/default.nix

@@ -0,0 +1,9 @@
+{...}: {
+  imports = [
+    # New module organization
+    ./gnome
+    ./base.nix
+    ./ssh.nix
+    ./user.nix
+  ];
+}

modules/gnome/default.nix

@@ -0,0 +1,68 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+
+{ lib, config, pkgs, ... }: {
+
+  #define option to enable this 
+  options.mymods.gnome.enable = lib.mkEnableOption "Enable Gnome Env";
+
+  config = lib.mkIf config.mymods.gnome.enable {
+    users.users.gdm.extraGroups = [ "video" ];
+
+    services.xserver = {
+      enable = true;
+      modules = [ pkgs.xorg.xf86videofbdev ];
+      videoDrivers = [ "hyperv_fb" ];
+      displayManager.gdm.enable = true;
+      desktopManager.gnome.enable = true;
+      displayManager.startx.enable = true;
+    };
+
+    environment.gnome.excludePackages = (with pkgs; [ gnome-photos gnome-tour ])
+      ++ (with pkgs.gnome; [
+        cheese # webcam tool
+        gnome-music
+        #gnome-terminal
+        #gedit # text editor
+        epiphany # web browser
+        geary # email reader
+        #evince # document viewer
+        gnome-characters
+        totem # video player
+        tali # poker game
+        iagno # go game
+        hitori # sudoku game
+        atomix # puzzle game
+      ]);
+
+    ## https://github.com/NixOS/nixpkgs/issues/126265
+    ## watch https://github.com/NixOS/nixpkgs/pull/83928
+    services.xrdp = {
+      #       enable = true;
+      #       defaultWindowManager = "${pkgs.gnome3.gnome-shell}/bin/gnome-shell";
+      package = pkgs.xrdp.overrideAttrs (oldAttrs: {
+        configureFlags = oldAttrs.configureFlags ++ [ "--enable-vsock" ];
+        postInstall = oldAttrs.postInstall + ''
+          substituteInPlace $out/etc/xrdp/xrdp.ini \
+            --replace "port=3389" "port=vsock://-1:3389" \
+            --replace "security_layer=negotiate" "security_layer=rdp" \
+            --replace "crypt_level=high" "crypt_level=none" \
+            --replace "bitmap_compression=true" "bitmap_compression=false"
+
+          substituteInPlace $out/etc/xrdp/sesman.ini \
+            --replace "X11DisplayOffset=10" "X11DisplayOffset=0" \
+            --replace "FuseMountName=thinclient_drives" "FuseMountName=shared_drives"
+        '';
+      });
+    };
+    #             --replace "use_vsock=false" "use_vsock=true" \
+
+    environment.etc."X11/Xwrapper.config".text = ''
+      allowed_users=anybody
+    '';
+    services.xrdp.enable = true;
+    services.xrdp.defaultWindowManager = "gnome-shell";
+    networking.firewall.allowedTCPPorts = [ 3389 ];
+
+  };
+}

modules/home-manager/base.nix

@@ -0,0 +1,62 @@
+{ config, pkgs, ... }:
+
+{
+    # Home Manager needs a bit of information about you and the
+    # paths it should manage.
+    home.username = "sstent";
+    home.homeDirectory = "/home/sstent";
+    #targets.genericLinux.enable = true;
+
+    # changes in each release.
+    # home.stateVersion = "22.05";
+    home.stateVersion = "23.05";
+    programs.bash.enable = true;
+    programs.firefox.enable = true;
+    programs.gnome-terminal.enable = true;
+    programs.gnome-terminal.profile = {
+      "f2afd3c7-cb35-4d08-b6c2-523b444be64d" = {
+        visibleName = "Stu";
+        showScrollbar = true;
+        default = true;
+        font = "DejaVu Sans Mono 12";
+        colors = {
+          backgroundColor = "rgb(23,20,33)";
+          foregroundColor = "rgb(208,207,204)";
+          palette = [
+            "#272224"
+            "#FF473D"
+            "#3DCCB2"
+            "#FF9600"
+            "#3B7ECB"
+            "#F74C6D"
+            "#00B5FC"
+            "#3E3E3E"
+            "#52494C"
+            "#FF6961"
+            "#85E6D4"
+            "#FFB347"
+            "#779ECB"
+            "#F7A8B8"
+            "#55CDFC"
+            "#EEEEEC"
+          ];
+        };
+      };
+    };
+    xdg.configFile."gnome-initial-setup-done".text = "yes";
+    xdg.configFile."gtk-3.0/bookmarks".text = ''
+    file:///mnt/Public Public
+  '';
+    dconf.settings = {
+      # ...
+      "org/gnome/shell" = {
+        favorite-apps = [
+          "firefox.desktop"
+          "org.gnome.Terminal.desktop"
+          "org.gnome.Nautilus.desktop"
+        ];
+      };
+      "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; };
+
+    };
+  }

modules/home-manager/configs/nicotine

@@ -0,0 +1,245 @@
+[server]
+login = shapechecker
+passw = 6EbCdhRR7yUdN5ImeY9S
+server = ('server.slsknet.org', 2242)
+interface = 
+ctcpmsgs = False
+autosearch = []
+autoreply = 
+portrange = (2234, 2239)
+upnp = True
+upnp_interval = 4
+auto_connect_startup = True
+userlist = []
+banlist = []
+ignorelist = []
+ipignorelist = {}
+ipblocklist = {}
+autojoin = ['nicotine']
+autoaway = 15
+away = False
+private_chatrooms = False
+command_aliases = {}
+
+[transfers]
+incompletedir = /home/sstent/.local/share/nicotine/incomplete
+downloaddir = /home/sstent/.local/share/nicotine/downloads
+uploaddir = /home/sstent/.local/share/nicotine/received
+usernamesubfolders = False
+shared = []
+buddyshared = []
+uploadbandwidth = 50
+uselimit = False
+usealtlimits = False
+uploadlimit = 1000
+uploadlimitalt = 100
+downloadlimit = 0
+downloadlimitalt = 100
+preferfriends = False
+useupslots = False
+uploadslots = 2
+afterfinish = 
+afterfolder = 
+lock = True
+reverseorder = False
+fifoqueue = False
+usecustomban = False
+limitby = True
+customban = Banned, don't bother retrying
+usecustomgeoblock = False
+customgeoblock = Sorry, your country is blocked
+queuelimit = 10000
+filelimit = 100
+buddysharestrustedonly = False
+friendsnolimits = False
+groupdownloads = folder_grouping
+groupuploads = folder_grouping
+geoblock = False
+geoblockcc = ['']
+remotedownloads = True
+uploadallowed = 2
+autoclear_downloads = False
+autoclear_uploads = False
+uploadsinsubdirs = True
+rescanonstartup = True
+enablefilters = False
+downloadregexp = (\\(.*\.url|albumart(_{........-....-....-....-............}_)?(_?(large|small))?\.jpg|desktop\.ini|folder\.jpg|thumbs\.db)$)
+downloadfilters = [['desktop.ini', 1], ['folder.jpg', 1], ['*.url', 1], ['thumbs.db', 1], ['albumart(_{........-....-....-....-............}_)?(_?(large|small))?\\.jpg', 0]]
+download_doubleclick = 2
+upload_doubleclick = 2
+downloadsexpanded = True
+uploadsexpanded = True
+
+[userinfo]
+descr = ''
+pic = 
+
+[userbrowse]
+expand_folders = True
+
+[words]
+censored = []
+autoreplaced = {'teh ': 'the ', 'taht ': 'that ', 'tihng': 'thing', 'youre': "you're", 'jsut': 'just', 'thier': 'their', 'tihs': 'this'}
+censorfill = *
+censorwords = False
+replacewords = False
+tab = True
+cycle = False
+dropdown = False
+characters = 3
+roomnames = False
+buddies = True
+roomusers = True
+commands = True
+aliases = True
+onematch = False
+
+[logging]
+debug = False
+debugmodes = []
+debuglogsdir = /home/sstent/.local/share/nicotine/logs/debug
+logcollapsed = True
+transferslogsdir = /home/sstent/.local/share/nicotine/logs/transfers
+rooms_timestamp = %H:%M:%S
+private_timestamp = %Y-%m-%d %H:%M:%S
+log_timestamp = %Y-%m-%d %H:%M:%S
+privatechat = True
+chatrooms = True
+transfers = False
+debug_file_output = False
+roomlogsdir = /home/sstent/.local/share/nicotine/logs/rooms
+privatelogsdir = /home/sstent/.local/share/nicotine/logs/private
+readroomlogs = True
+readroomlines = 15
+readprivatelines = 15
+rooms = ['nicotine']
+
+[privatechat]
+store = True
+users = []
+
+[columns]
+file_search = {}
+download = {}
+upload = {}
+user_browse = {}
+buddy_list = {}
+chat_room = {'nicotine': {}}
+
+[searches]
+expand_searches = True
+group_searches = folder_grouping
+maxresults = 150
+enable_history = True
+history = []
+enablefilters = False
+filters_visible = False
+defilter = ['', '', '', '', False, '', '']
+filtercc = []
+filterin = []
+filterout = []
+filtersize = []
+filterbr = []
+filtertype = []
+search_results = True
+max_displayed_results = 1500
+min_search_chars = 3
+remove_special_chars = True
+private_search_results = True
+
+[ui]
+dark_mode = False
+header_bar = True
+icontheme = 
+chatme = #908e8b
+chatremote = 
+chatlocal = 
+chathilite = #5288ce
+urlcolor = #5288ce
+useronline = #16bb5c
+useraway = #c9ae13
+useroffline = #e04f5e
+usernamehotspots = True
+usernamestyle = bold
+textbg = 
+search = 
+searchq = GREY
+inputcolor = 
+spellcheck = True
+exitdialog = 1
+tab_default = 
+tab_hilite = #497ec2
+tab_changed = #497ec2
+tab_select_previous = True
+tabmain = Top
+tabrooms = Top
+tabprivate = Top
+tabinfo = Top
+tabbrowse = Top
+tabsearch = Top
+tab_status_icons = True
+globalfont = Normal
+chatfont = Normal
+tabclosers = True
+searchfont = Normal
+listfont = Normal
+browserfont = Normal
+transfersfont = Normal
+last_tab_id = 
+modes_visible = {'search': True, 'downloads': True, 'uploads': True, 'userbrowse': True, 'userinfo': True, 'private': True, 'userlist': True, 'chatrooms': True, 'interests': True}
+modes_order = ['search', 'downloads', 'uploads', 'userbrowse', 'userinfo', 'private', 'userlist', 'chatrooms', 'interests']
+buddylistinchatrooms = tab
+trayicon = True
+startup_hidden = False
+filemanager = 
+speechenabled = False
+speechprivate = User %(user)s told you: %(message)s
+speechrooms = In room %(room)s, user %(user)s said: %(message)s
+speechcommand = flite -t $
+width = 800
+height = 600
+xposition = -1
+yposition = -1
+maximized = True
+urgencyhint = True
+file_path_tooltips = True
+reverse_file_paths = True
+
+[private_rooms]
+rooms = {}
+
+[urls]
+protocols = {}
+
+[interests]
+likes = []
+dislikes = []
+
+[players]
+default = 
+npothercommand = 
+npplayer = mpris
+npformatlist = []
+npformat = 
+
+[notifications]
+notification_window_title = True
+notification_tab_colors = False
+notification_popup_sound = False
+notification_popup_file = True
+notification_popup_folder = True
+notification_popup_private_message = True
+notification_popup_chatroom = False
+notification_popup_chatroom_mention = True
+
+[plugins]
+enable = True
+enabled = []
+
+[statistics]
+started_downloads = 0
+completed_downloads = 0
+downloaded_size = 0
+started_uploads = 0
+completed_uploads = 0
+uploaded_size = 0

modules/home-manager/nicotine.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+    home.packages = with pkgs; [
+      nicotine-plus
+    ];
+    xdg.configFile."nicotine/config.old".source = ./configs/nicotine;
+  }

modules/homemanager_hyperv.nix

@@ -0,0 +1,76 @@
+{ config, pkgs, ... }:
+
+{
+    # Home Manager needs a bit of information about you and the
+    # paths it should manage.
+    home.username = "sstent";
+    home.homeDirectory = "/home/sstent";
+    #targets.genericLinux.enable = true;
+
+    # changes in each release.
+    # home.stateVersion = "22.05";
+    home.stateVersion = "23.05";
+
+    home.shellAliases = {
+      revert_base_config = "sudo cp /etc/nixos/{orig_,}configuration.nix; sudo cp /etc/nixos/{orig_,}flake.nix;       sudo cp /etc/nixos/{orig_,}homemanager.nix;   sudo nixos-generate-config";
+    };
+
+    # Let Home Manager install and manage itself.
+    # programs.home-manager.enable = true;
+    home.packages = with pkgs; [
+      nicotine-plus
+      gnomeExtensions.mullvad-indicator
+      mullvad-vpn
+    ];
+    programs.bash.enable = true;
+    programs.firefox.enable = true;
+    programs.gnome-terminal.enable = true;
+    programs.gnome-terminal.profile = {
+      "f2afd3c7-cb35-4d08-b6c2-523b444be64d" = {
+        visibleName = "Stu";
+        showScrollbar = true;
+        default = true;
+        font = "DejaVu Sans Mono 12";
+        colors = {
+          backgroundColor = "rgb(23,20,33)";
+          foregroundColor = "rgb(208,207,204)";
+          palette = [
+            "#272224"
+            "#FF473D"
+            "#3DCCB2"
+            "#FF9600"
+            "#3B7ECB"
+            "#F74C6D"
+            "#00B5FC"
+            "#3E3E3E"
+            "#52494C"
+            "#FF6961"
+            "#85E6D4"
+            "#FFB347"
+            "#779ECB"
+            "#F7A8B8"
+            "#55CDFC"
+            "#EEEEEC"
+          ];
+        };
+      };
+    };
+    xdg.configFile."nicotine/config.old".source = ./configs/nicotine;
+    xdg.configFile."gnome-initial-setup-done".text = "yes";
+    xdg.configFile."gtk-3.0/bookmarks".text = ''
+    file:///mnt/Public Public
+  '';
+    dconf.settings = {
+      # ...
+      "org/gnome/shell" = {
+        favorite-apps = [
+          "firefox.desktop"
+          "org.gnome.Terminal.desktop"
+          "org.gnome.Nautilus.desktop"
+
+        ];
+      };
+      "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; };
+
+    };
+  }

modules/ssh.nix

@@ -0,0 +1,16 @@
+{ lib, config, pkgs, ... }: {
+
+  #define option to enable this 
+  options.mymods.sshd.enable = lib.mkEnableOption "Enable SSH";
+
+  config = lib.mkIf config.mymods.sshd.enable {
+services.openssh = {
+    enable = true;
+    settings.permitRootLogin = "no";
+    settings.passwordAuthentication = false;
+};
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+};
+}

modules/user.nix

@@ -0,0 +1,19 @@
+{ lib, config, pkgs, ... }: {
+
+options.mymods.user_sstent.enable = lib.mkEnableOption "Create sstent user";
+
+config = lib.mkIf config.mymods.user_sstent.enable {
+  users.users = {
+    sstent = {
+      initialPassword = "farscape5";
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
+      ];
+        extraGroups = [ "wheel" "video" ];
+    };
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+};
+}

result

@@ -0,0 +1 @@
+/nix/store/gcif5m5129qmsf525m75dhhjqz4xfsh8-nixos-hyperv-23.05.20230213.545c7a3-x86_64-linux

secrets/secret1.age

@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa 54tmtw
+t+UTY3Qh6jSy9pBIhaZLjWgpMiTD+x5rJ2+nD5tIuCWDL3U5h8Z4L99cVKOIsnMU
+8XMlaPdJnd6Y6A1RuCDzqzhnjCIcYXoWMBNSe6JgJ/dKi69q/fO8GNrt6LN1SNIg
+tAaMOIuF6mL0vXonaIkAU8zXIsJvDSlN7aKt3eIOYvq/0WdBMTC7pbkHJ6UcA2DF
+gVIAnZ2hMzDZ1VwklSywGYoCcVh7IQXY588loDb/X9vgpXyVfxmIldgx0BulnHHH
+fikV51VUT4xpIM0dPfLwM5EEfddUVCinHZGE4i1gM7t6bkmW6ePdAeSWpLgM/olJ
+jPmcMO7goV4WuGGmkliICA
+-> ssh-ed25519 KLPP8w tOUeFUot+3c5/uCMmRf2+iEff44oH1+16LodxcZ8tRI
+Lh/DGBwAxreX1mikM1vXYmwTpTMQfzdk0OfAS9ZcWgg
+-> ^>!"k-grease Oao
+HDL8eWp4pvf8tLucvncf6e8rdeL+Jx0wqc29gX3LiW1/39wDngd85ldEwJwTNpLm
+wsYQibvHluCFNeduW95Y41nvScAU1E+DdtbvkFQ9
+--- Hs1+jKn3TiUMbCnplc713eslRXWB+wZNa671sCh/Fv0
+<EFBFBD>.<2E>Y<EFBFBD>-"<22>N-<2D>9<EFBFBD>bt<><74><EFBFBD>>CyJz<4A><7A><EFBFBD><EFBFBD><EFBFBD><13>
<01>!)"x<><78>a<>

secrets/secrets.nix

@@ -0,0 +1,11 @@
+let
+  sstent = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC";
+  users = [ sstent ];
+
+  HyperV = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
+  systems = [ HyperV ];
+in
+{
+  "secret1.age".publicKeys = [ sstent HyperV ];
+  "secret2.age".publicKeys = users ++ systems;
+}