sstent/vmimages
1
0
Fork 0
mirror of https://github.com/sstent/vmimages.git synced 2026-01-25 14:41:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
sstent
2023-02-16 18:34:03 -05:00
parent 3ecc3e5f3a
commit df823f7e4e
22 changed files with 1005 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
flake.lock generated Normal file
View File

@@ -0,0 +1,213 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1676153903,
"narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1674127017,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1675935446,
"narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2dce7f1a55e785a22d61668516df62899278c9e4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1676297861,
"narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "1e0a05219f2a557d4622bc38f542abb360518795",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1676300157,
"narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

65
flake.nix Normal file
View File

@@ -0,0 +1,65 @@
{
description = "NixOS configuration";
inputs = {
# Main nixpkgs channel
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# Import home-manager modules
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# Import deploy-rs for deployments
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
# Import nixos hardware quirks settings
#nixos-hardware.url = "github:NixOS/nixos-hardware";
#ssssh secret!! Agenix install
agenix.url = "github:ryantm/agenix";
#import nixos-generators for building images
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs@{ self, nixpkgs, home-manager, nixos-generators, deploy-rs, agenix, ... }: {
nixosConfigurations = {
HyperV = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
# specialArgs = { inherit inputs; }; # Pass flake inputs to our config
modules = [
./hosts/HyperV/configuration.nix
./modules
];
};
};
packages.x86_64-linux = {
HV = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./hosts/HyperV/configuration.nix
./hosts/HyperV/hyperv.nix
./modules
];
format = "hyperv";
};
};
deploy.nodes.HyperV = {
sshUser = "sstent";
user = "root";
hostname = "192.168.1.230";
remoteBuild = true;
magicRollback = false;
profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.HyperV;
};
};
}

47
hosts/HyperV/configuration.nix Normal file
View File

@@ -0,0 +1,47 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ lib, config, pkgs, modulesPath, ... }: {
# You can import other NixOS modules here
imports = [
# Include my hardware settings.
./hardware.nix
# Include static network settings.
./networking.nix
"${modulesPath}/virtualisation/hyperv-image.nix"
];
nixpkgs = { config = { allowUnfree = true; }; };
nix = {
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
networking.hostName = "HyperV";
boot.loader.systemd-boot.enable = true;
system.stateVersion = "23.05";
mymods = {
gnome.enable = true;
user_sstent.enable = true;
sshd.enable = true;
};
networking.firewall.allowedTCPPorts = [ 22 ];
environment.etc."ssh/ssh_host_rsa_key".source = ./ssh/ssh_host_rsa_key;
environment.etc."ssh/ssh_host_rsa_key".mode = "0400";
environment.etc."ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub;
environment.etc."ssh/ssh_host_ed25519_key".source = ./ssh/ssh_host_ed25519_key;
environment.etc."ssh/ssh_host_ed25519_key".mode = "0400";
environment.etc."ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub;
}

39
hosts/HyperV/hardware.nix Normal file
View File

@@ -0,0 +1,39 @@
# This is just an example, you should generate yours with nixos-generate-config and put it in here.
{
config,
lib,
modulesPath,
pkgs,
...
}: {
# Set your system kind (needed for flakes)
nixpkgs.hostPlatform = "x86_64-linux";
virtualisation.hypervGuest.videoMode = "1920x1080";
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = ["hv_sock"];
# fileSystems."/" = {
# device = "/dev/disk/by-label/nixos";
# autoResize = true;
# fsType = "ext4";
# };
# fileSystems."/boot" = {
# device = "/dev/disk/by-label/ESP";
# fsType = "vfat";
# };
fileSystems."/mnt/Public" = {
device = "//192.168.1.109/Public";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
# in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
in ["${automount_opts}"];
};
}

11
hosts/HyperV/hyperv.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, config, pkgs, ... }: {
# You can import other NixOS modules here
hyperv = {
baseImageSize = 8096;
};
# environment.etc = {
# nixos.source = ../..;
# };
}

24
hosts/HyperV/networking.nix Normal file
View File

@@ -0,0 +1,24 @@
{...}: {
# This file was populated at runtime with the networking
# details gathered from the active system.
networking = {
useDHCP = false;
nameservers = [
"192.168.1.1"
"192.168.1.250"
"8.8.8.8"
"8.8.4.4"
];
defaultGateway = {
address = "192.168.1.1";
};
interfaces.eth0 = {
ipv4.addresses = [
{
address = "192.168.1.230";
prefixLength = 24;
}
];
};
};
}

7
hosts/HyperV/ssh/ssh_host_ed25519_key Executable file
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBRqPpgqp6hRtY97TI6Mz5vDrhL62QDJsO7oZtkOacFwAAAAJAcdclzHHXJ
cwAAAAtzc2gtZWQyNTUxOQAAACBRqPpgqp6hRtY97TI6Mz5vDrhL62QDJsO7oZtkOacFwA
AAAEC5jt0tLdgOmfZOlDMV4bDqH5Q4/8/mYmVdQxGwArBYaVGo+mCqnqFG1j3tMjozPm8O
uEvrZAMmw7uhm2Q5pwXAAAAAC3Jvb3RASHlwZXJWAQI=
-----END OPENSSH PRIVATE KEY-----

1
hosts/HyperV/ssh/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGo+mCqnqFG1j3tMjozPm8OuEvrZAMmw7uhm2Q5pwXA root@HyperV

49
hosts/HyperV/ssh/ssh_host_rsa_key Executable file
View File

@@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAxa9NADvaI8tkW31dhAmJwbcP0bxhkSMu3QxrgwAonrh29w4HbWy8
d6L2SELUZPg8/Lp8PmtE73usEtnpcpuLJkO6J2NXn6LMPZJH0uUXhIyKjaUaT4365SZuvi
Z4ZPj7NYeaWBc5E15Z5YGSXmjjleSy/LNpPLzGVRlvXQ6x23kJAjmXz1iBZzfpvBNDi6NM
wMVcDDAg648I8Yl1M/xxEschqYmdQG1h1ZwcqfewMjG5wgXKqppujQJzfO5u1he/TK0xny
zhcKeteYboUlRjkJrM0d18Jt7uhf7xtBUq3ol7zMYq0vnWGdv3d/qFAofdGbO6AolU1Huk
8tq7Y/A8yMI/ex6yRU7Ohxx2u5R+2FABtIiPOk6/a5YFrWdTcJeyyqsh1J2bSkN7eBtdQm
J3kH4I1bFLFHEw7rXjiLC/TJlnYf6+CBi1fJ+rm91zq5q9I7866Sc4m+jmkC7Mho6w/j6r
R0ro88DSIB9Ov36pxkuj+Iue2oSPfOh0rCoVt6h93wHo1qTVjGloLzXDpIFc5aLdjD8OZy
QY42ONYpZ3bdKd2DahrtLodXuM8+TwGOcbHrrv1MkGoIVJ3Zhlyj8bCjsk3A1uphznQSNd
ncZSRwtAcKqcC8veRSFop54ohNvKNY2QOvNmrht82xlRNVh3j65WyTQVS9hzKR/qZI+3so
sAAAdA4yuADeMrgA0AAAAHc3NoLXJzYQAAAgEAxa9NADvaI8tkW31dhAmJwbcP0bxhkSMu
3QxrgwAonrh29w4HbWy8d6L2SELUZPg8/Lp8PmtE73usEtnpcpuLJkO6J2NXn6LMPZJH0u
UXhIyKjaUaT4365SZuviZ4ZPj7NYeaWBc5E15Z5YGSXmjjleSy/LNpPLzGVRlvXQ6x23kJ
AjmXz1iBZzfpvBNDi6NMwMVcDDAg648I8Yl1M/xxEschqYmdQG1h1ZwcqfewMjG5wgXKqp
pujQJzfO5u1he/TK0xnyzhcKeteYboUlRjkJrM0d18Jt7uhf7xtBUq3ol7zMYq0vnWGdv3
d/qFAofdGbO6AolU1Huk8tq7Y/A8yMI/ex6yRU7Ohxx2u5R+2FABtIiPOk6/a5YFrWdTcJ
eyyqsh1J2bSkN7eBtdQmJ3kH4I1bFLFHEw7rXjiLC/TJlnYf6+CBi1fJ+rm91zq5q9I786
6Sc4m+jmkC7Mho6w/j6rR0ro88DSIB9Ov36pxkuj+Iue2oSPfOh0rCoVt6h93wHo1qTVjG
loLzXDpIFc5aLdjD8OZyQY42ONYpZ3bdKd2DahrtLodXuM8+TwGOcbHrrv1MkGoIVJ3Zhl
yj8bCjsk3A1uphznQSNdncZSRwtAcKqcC8veRSFop54ohNvKNY2QOvNmrht82xlRNVh3j6
5WyTQVS9hzKR/qZI+3sosAAAADAQABAAACAAbEawLkiaGrD0rwfjiMaQpYHXMFG2PwC+Um
TTHlWf6g+vWXJdrxm3wO+JZdr06rjs7qBWHPo0L9fVUB37N8LqXHMMKzbGb7GDnNXacTD5
yKgR27Nqzdg+a/S5A32ew+976L31U/qkUG+FXaeyu/NHdHpnbvH12kare0ELNjUuRb/tp0
JUXEVl21tMsq76eClhiNSQrjxOS7d0dpeLkoXaiSZ40ZuGfhtrUszHBnGcGGIUFKmHcBpW
IvYMu4j9PFaVeTID0+OJN2MgKUgzR6ThQ/sF5I0jy0af7tTNHo3ZhTpYjLieDCC7nD5XNW
gKInC4MbO3VlxSEnAG0N3tdbfIElbx3aakWo4f7LOicALeubmO0alOl6CexAhiErPySZVY
+XyjyoOWDcmqXe9Ax+l8RH+8fMLuf/DYJNXVGqkKUyEHnfe4pLOsLNhHBUyJg/gZooO6MZ
QJurI1Yo9kfVkNFvKf4coNnvd1BSvE5ADxHX+7pOliBJScZP9G6Twy7KMlkvshdgBm3JFk
/rTW7s1iVgLN6C595P2TfsnZxU0zN9M/sLZ9bNxQLHPpw+TxpVFHVcw4CsGjgRSLVnw89R
qbDEchGOQemp0d4lD8taOdyivUyaqUi0/oAWgfOKPeY5mu+EtfHFyw5s3mvOItPosSqE/F
x40PtaQnGT0xHOAa+5AAABAErqDojSOOgK6kQtaUn5RQmzXVYrMYGENfmpRzumz46sPILG
gNY2uBMAbit5GCLQIqsnooQTZNzo55pmMxAgZkWqbSfM3Askr3vzSpctG7mCis7UTsWYKv
HwPA98pS2n57u8Hjrkwzp6QxQvRaFwoH2AyUQvQeaT0g8UObngtBqIN7BgE8bgjQV7Ks2b
xDmmGgJpX16Njy1ZBSFv/jNwcVQ/Bup/1Sn/4JtAOFeOAaNxR0zq/ZNmPGvLsnH2wkZz+e
f+jUnASvKekypAXtLex+QuvIiX73HzTYkjV7XmiPnJTzX2glEoyLMpFOWrrTeo/uzNuSLo
YBBNwltu1PPEp4UAAAEBAPJ8UGMzYkmecByxURFftKBbRYFtkTBm7TNnbR5KI1K/QKpKjQ
4o/iaNo06127/r9bUkcFNCPwyWJD8lDlbIpkV0nkrZ4xSze7Mr4alo76gjS6rVCtf9BkDv
N4yBAZl+SBUghsZeBH6JCbG+PrDI2evQitgZrVdGDbaaxcki/jOGVtQLhZrSMq+7vADkKl
dRYRxe9bVYHowl6pWKpXYIwuVjNjj6CT/jP7Ct4koAmMWLNMUUJKYEDCvmbq8dOEG0R5Ax
/m7xv0/GfuymTJ2+vx4RsEbTj2cl8Ouc7h5mNI89ngzg1GTOxjToAFinWvwlzw0G4+jLaj
cg9PowZKK9z8kAAAEBANCzyWUouibyKpmmsfZvqp27PD/ItQxinba6lbV1uLQ+r+dqFbMo
dcOjjNfYeRqrruVpeF7PXCiVYyds8dXKoa7CGtQUUsyLnQxOra7jFAbt3ZNdrAAwlQ64J1
zPc2cd8avca+SuszPD8sOHmrjYqWMgeZbxpm0CRuN9EeN1FhGe4kMOi7vtzkjA0UZnwKbe
0gZS67AQ3CqwEuWvGqUisX+wejzFAWsamYzd3zxqQ5OFtTeoD83Iw8KtlNrhosRKIJ6k0O
p8rrDiAOx/A8qVmcXSr0c2RbRJSwYJkL2cuBRGoT3+XWa7e4HXlmVOKZsgfbBUsWl5rFB/
zudLA/fCobMAAAALcm9vdEBIeXBlclY=
-----END OPENSSH PRIVATE KEY-----

1
hosts/HyperV/ssh/ssh_host_rsa_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFr00AO9ojy2RbfV2ECYnBtw/RvGGRIy7dDGuDACieuHb3DgdtbLx3ovZIQtRk+Dz8unw+a0Tve6wS2elym4smQ7onY1efosw9kkfS5ReEjIqNpRpPjfrlJm6+Jnhk+Ps1h5pYFzkTXlnlgZJeaOOV5LL8s2k8vMZVGW9dDrHbeQkCOZfPWIFnN+m8E0OLo0zAxVwMMCDrjwjxiXUz/HESxyGpiZ1AbWHVnByp97AyMbnCBcqqmm6NAnN87m7WF79MrTGfLOFwp615huhSVGOQmszR3Xwm3u6F/vG0FSreiXvMxirS+dYZ2/d3+oUCh90Zs7oCiVTUe6Ty2rtj8DzIwj97HrJFTs6HHHa7lH7YUAG0iI86Tr9rlgWtZ1Nwl7LKqyHUnZtKQ3t4G11CYneQfgjVsUsUcTDuteOIsL9MmWdh/r4IGLV8n6ub3XOrmr0jvzrpJzib6OaQLsyGjrD+PqtHSujzwNIgH06/fqnGS6P4i57ahI986HSsKhW3qH3fAejWpNWMaWgvNcOkgVzlot2MPw5nJBjjY41ilndt0p3YNqGu0uh1e4zz5PAY5xseuu/UyQaghUndmGXKPxsKOyTcDW6mHOdBI12dxlJHC0BwqpwLy95FIWinniiE28o1jZA682auG3zbGVE1WHePrlbJNBVL2HMpH+pkj7eyiw== root@HyperV

18
modules/base.nix Normal file
View File

@@ -0,0 +1,18 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ lib, config, pkgs, inputs, ... }: {
# You can import other NixOS modules here
# imports = [
# #./hardware-configuration.nix
# ];
imports = [ inputs.agenix.nixosModules.default ];
security.sudo.wheelNeedsPassword = false;
environment.systemPackages =
[ pkgs.cifs-utils inputs.agenix.packages.x86_64-linux.default ];
age.secrets.secret1.file = ../../secrets/secret1.age;
}

9
modules/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{...}: {
imports = [
# New module organization
./gnome
./base.nix
./ssh.nix
./user.nix
];
}

68
modules/gnome/default.nix Normal file
View File

@@ -0,0 +1,68 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ lib, config, pkgs, ... }: {
#define option to enable this
options.mymods.gnome.enable = lib.mkEnableOption "Enable Gnome Env";
config = lib.mkIf config.mymods.gnome.enable {
users.users.gdm.extraGroups = [ "video" ];
services.xserver = {
enable = true;
modules = [ pkgs.xorg.xf86videofbdev ];
videoDrivers = [ "hyperv_fb" ];
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
displayManager.startx.enable = true;
};
environment.gnome.excludePackages = (with pkgs; [ gnome-photos gnome-tour ])
++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
#gnome-terminal
#gedit # text editor
epiphany # web browser
geary # email reader
#evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
## https://github.com/NixOS/nixpkgs/issues/126265
## watch https://github.com/NixOS/nixpkgs/pull/83928
services.xrdp = {
# enable = true;
# defaultWindowManager = "${pkgs.gnome3.gnome-shell}/bin/gnome-shell";
package = pkgs.xrdp.overrideAttrs (oldAttrs: {
configureFlags = oldAttrs.configureFlags ++ [ "--enable-vsock" ];
postInstall = oldAttrs.postInstall + ''
substituteInPlace $out/etc/xrdp/xrdp.ini \
--replace "port=3389" "port=vsock://-1:3389" \
--replace "security_layer=negotiate" "security_layer=rdp" \
--replace "crypt_level=high" "crypt_level=none" \
--replace "bitmap_compression=true" "bitmap_compression=false"
substituteInPlace $out/etc/xrdp/sesman.ini \
--replace "X11DisplayOffset=10" "X11DisplayOffset=0" \
--replace "FuseMountName=thinclient_drives" "FuseMountName=shared_drives"
'';
});
};
# --replace "use_vsock=false" "use_vsock=true" \
environment.etc."X11/Xwrapper.config".text = ''
allowed_users=anybody
'';
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "gnome-shell";
networking.firewall.allowedTCPPorts = [ 3389 ];
};
}

62
modules/home-manager/base.nix Normal file
View File

@@ -0,0 +1,62 @@
{ config, pkgs, ... }:
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "sstent";
home.homeDirectory = "/home/sstent";
#targets.genericLinux.enable = true;
# changes in each release.
# home.stateVersion = "22.05";
home.stateVersion = "23.05";
programs.bash.enable = true;
programs.firefox.enable = true;
programs.gnome-terminal.enable = true;
programs.gnome-terminal.profile = {
"f2afd3c7-cb35-4d08-b6c2-523b444be64d" = {
visibleName = "Stu";
showScrollbar = true;
default = true;
font = "DejaVu Sans Mono 12";
colors = {
backgroundColor = "rgb(23,20,33)";
foregroundColor = "rgb(208,207,204)";
palette = [
"#272224"
"#FF473D"
"#3DCCB2"
"#FF9600"
"#3B7ECB"
"#F74C6D"
"#00B5FC"
"#3E3E3E"
"#52494C"
"#FF6961"
"#85E6D4"
"#FFB347"
"#779ECB"
"#F7A8B8"
"#55CDFC"
"#EEEEEC"
];
};
};
};
xdg.configFile."gnome-initial-setup-done".text = "yes";
xdg.configFile."gtk-3.0/bookmarks".text = ''
file:///mnt/Public Public
'';
dconf.settings = {
# ...
"org/gnome/shell" = {
favorite-apps = [
"firefox.desktop"
"org.gnome.Terminal.desktop"
"org.gnome.Nautilus.desktop"
];
};
"org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; };
};
}

245
modules/home-manager/configs/nicotine Normal file
View File

@@ -0,0 +1,245 @@
[server]
login = shapechecker
passw = 6EbCdhRR7yUdN5ImeY9S
server = ('server.slsknet.org', 2242)
interface =
ctcpmsgs = False
autosearch = []
autoreply =
portrange = (2234, 2239)
upnp = True
upnp_interval = 4
auto_connect_startup = True
userlist = []
banlist = []
ignorelist = []
ipignorelist = {}
ipblocklist = {}
autojoin = ['nicotine']
autoaway = 15
away = False
private_chatrooms = False
command_aliases = {}
[transfers]
incompletedir = /home/sstent/.local/share/nicotine/incomplete
downloaddir = /home/sstent/.local/share/nicotine/downloads
uploaddir = /home/sstent/.local/share/nicotine/received
usernamesubfolders = False
shared = []
buddyshared = []
uploadbandwidth = 50
uselimit = False
usealtlimits = False
uploadlimit = 1000
uploadlimitalt = 100
downloadlimit = 0
downloadlimitalt = 100
preferfriends = False
useupslots = False
uploadslots = 2
afterfinish =
afterfolder =
lock = True
reverseorder = False
fifoqueue = False
usecustomban = False
limitby = True
customban = Banned, don't bother retrying
usecustomgeoblock = False
customgeoblock = Sorry, your country is blocked
queuelimit = 10000
filelimit = 100
buddysharestrustedonly = False
friendsnolimits = False
groupdownloads = folder_grouping
groupuploads = folder_grouping
geoblock = False
geoblockcc = ['']
remotedownloads = True
uploadallowed = 2
autoclear_downloads = False
autoclear_uploads = False
uploadsinsubdirs = True
rescanonstartup = True
enablefilters = False
downloadregexp = (\\(.*\.url|albumart(_{........-....-....-....-............}_)?(_?(large|small))?\.jpg|desktop\.ini|folder\.jpg|thumbs\.db)$)
downloadfilters = [['desktop.ini', 1], ['folder.jpg', 1], ['*.url', 1], ['thumbs.db', 1], ['albumart(_{........-....-....-....-............}_)?(_?(large|small))?\\.jpg', 0]]
download_doubleclick = 2
upload_doubleclick = 2
downloadsexpanded = True
uploadsexpanded = True
[userinfo]
descr = ''
pic =
[userbrowse]
expand_folders = True
[words]
censored = []
autoreplaced = {'teh ': 'the ', 'taht ': 'that ', 'tihng': 'thing', 'youre': "you're", 'jsut': 'just', 'thier': 'their', 'tihs': 'this'}
censorfill = *
censorwords = False
replacewords = False
tab = True
cycle = False
dropdown = False
characters = 3
roomnames = False
buddies = True
roomusers = True
commands = True
aliases = True
onematch = False
[logging]
debug = False
debugmodes = []
debuglogsdir = /home/sstent/.local/share/nicotine/logs/debug
logcollapsed = True
transferslogsdir = /home/sstent/.local/share/nicotine/logs/transfers
rooms_timestamp = %H:%M:%S
private_timestamp = %Y-%m-%d %H:%M:%S
log_timestamp = %Y-%m-%d %H:%M:%S
privatechat = True
chatrooms = True
transfers = False
debug_file_output = False
roomlogsdir = /home/sstent/.local/share/nicotine/logs/rooms
privatelogsdir = /home/sstent/.local/share/nicotine/logs/private
readroomlogs = True
readroomlines = 15
readprivatelines = 15
rooms = ['nicotine']
[privatechat]
store = True
users = []
[columns]
file_search = {}
download = {}
upload = {}
user_browse = {}
buddy_list = {}
chat_room = {'nicotine': {}}
[searches]
expand_searches = True
group_searches = folder_grouping
maxresults = 150
enable_history = True
history = []
enablefilters = False
filters_visible = False
defilter = ['', '', '', '', False, '', '']
filtercc = []
filterin = []
filterout = []
filtersize = []
filterbr = []
filtertype = []
search_results = True
max_displayed_results = 1500
min_search_chars = 3
remove_special_chars = True
private_search_results = True
[ui]
dark_mode = False
header_bar = True
icontheme =
chatme = #908e8b
chatremote =
chatlocal =
chathilite = #5288ce
urlcolor = #5288ce
useronline = #16bb5c
useraway = #c9ae13
useroffline = #e04f5e
usernamehotspots = True
usernamestyle = bold
textbg =
search =
searchq = GREY
inputcolor =
spellcheck = True
exitdialog = 1
tab_default =
tab_hilite = #497ec2
tab_changed = #497ec2
tab_select_previous = True
tabmain = Top
tabrooms = Top
tabprivate = Top
tabinfo = Top
tabbrowse = Top
tabsearch = Top
tab_status_icons = True
globalfont = Normal
chatfont = Normal
tabclosers = True
searchfont = Normal
listfont = Normal
browserfont = Normal
transfersfont = Normal
last_tab_id =
modes_visible = {'search': True, 'downloads': True, 'uploads': True, 'userbrowse': True, 'userinfo': True, 'private': True, 'userlist': True, 'chatrooms': True, 'interests': True}
modes_order = ['search', 'downloads', 'uploads', 'userbrowse', 'userinfo', 'private', 'userlist', 'chatrooms', 'interests']
buddylistinchatrooms = tab
trayicon = True
startup_hidden = False
filemanager =
speechenabled = False
speechprivate = User %(user)s told you: %(message)s
speechrooms = In room %(room)s, user %(user)s said: %(message)s
speechcommand = flite -t $
width = 800
height = 600
xposition = -1
yposition = -1
maximized = True
urgencyhint = True
file_path_tooltips = True
reverse_file_paths = True
[private_rooms]
rooms = {}
[urls]
protocols = {}
[interests]
likes = []
dislikes = []
[players]
default =
npothercommand =
npplayer = mpris
npformatlist = []
npformat =
[notifications]
notification_window_title = True
notification_tab_colors = False
notification_popup_sound = False
notification_popup_file = True
notification_popup_folder = True
notification_popup_private_message = True
notification_popup_chatroom = False
notification_popup_chatroom_mention = True
[plugins]
enable = True
enabled = []
[statistics]
started_downloads = 0
completed_downloads = 0
downloaded_size = 0
started_uploads = 0
completed_uploads = 0
uploaded_size = 0

8
modules/home-manager/nicotine.nix Normal file
View File

@@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
nicotine-plus
];
xdg.configFile."nicotine/config.old".source = ./configs/nicotine;
}

76
modules/homemanager_hyperv.nix Normal file
View File

@@ -0,0 +1,76 @@
{ config, pkgs, ... }:
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "sstent";
home.homeDirectory = "/home/sstent";
#targets.genericLinux.enable = true;
# changes in each release.
# home.stateVersion = "22.05";
home.stateVersion = "23.05";
home.shellAliases = {
revert_base_config = "sudo cp /etc/nixos/{orig_,}configuration.nix; sudo cp /etc/nixos/{orig_,}flake.nix; sudo cp /etc/nixos/{orig_,}homemanager.nix; sudo nixos-generate-config";
};
# Let Home Manager install and manage itself.
# programs.home-manager.enable = true;
home.packages = with pkgs; [
nicotine-plus
gnomeExtensions.mullvad-indicator
mullvad-vpn
];
programs.bash.enable = true;
programs.firefox.enable = true;
programs.gnome-terminal.enable = true;
programs.gnome-terminal.profile = {
"f2afd3c7-cb35-4d08-b6c2-523b444be64d" = {
visibleName = "Stu";
showScrollbar = true;
default = true;
font = "DejaVu Sans Mono 12";
colors = {
backgroundColor = "rgb(23,20,33)";
foregroundColor = "rgb(208,207,204)";
palette = [
"#272224"
"#FF473D"
"#3DCCB2"
"#FF9600"
"#3B7ECB"
"#F74C6D"
"#00B5FC"
"#3E3E3E"
"#52494C"
"#FF6961"
"#85E6D4"
"#FFB347"
"#779ECB"
"#F7A8B8"
"#55CDFC"
"#EEEEEC"
];
};
};
};
xdg.configFile."nicotine/config.old".source = ./configs/nicotine;
xdg.configFile."gnome-initial-setup-done".text = "yes";
xdg.configFile."gtk-3.0/bookmarks".text = ''
file:///mnt/Public Public
'';
dconf.settings = {
# ...
"org/gnome/shell" = {
favorite-apps = [
"firefox.desktop"
"org.gnome.Terminal.desktop"
"org.gnome.Nautilus.desktop"
];
};
"org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; };
};
}

16
modules/ssh.nix Normal file
View File

@@ -0,0 +1,16 @@
{ lib, config, pkgs, ... }: {
#define option to enable this
options.mymods.sshd.enable = lib.mkEnableOption "Enable SSH";
config = lib.mkIf config.mymods.sshd.enable {
services.openssh = {
enable = true;
settings.permitRootLogin = "no";
settings.passwordAuthentication = false;
};
networking.firewall.allowedTCPPorts = [ 22 ];
};
}

19
modules/user.nix Normal file
View File

@@ -0,0 +1,19 @@
{ lib, config, pkgs, ... }: {
options.mymods.user_sstent.enable = lib.mkEnableOption "Create sstent user";
config = lib.mkIf config.mymods.user_sstent.enable {
users.users = {
sstent = {
initialPassword = "farscape5";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
];
extraGroups = [ "wheel" "video" ];
};
};
security.sudo.wheelNeedsPassword = false;
};
}

1
result Symbolic link
View File

@@ -0,0 +1 @@
/nix/store/gcif5m5129qmsf525m75dhhjqz4xfsh8-nixos-hyperv-23.05.20230213.545c7a3-x86_64-linux

15
secrets/secret1.age Normal file
View File

@@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-rsa 54tmtw
t+UTY3Qh6jSy9pBIhaZLjWgpMiTD+x5rJ2+nD5tIuCWDL3U5h8Z4L99cVKOIsnMU
8XMlaPdJnd6Y6A1RuCDzqzhnjCIcYXoWMBNSe6JgJ/dKi69q/fO8GNrt6LN1SNIg
tAaMOIuF6mL0vXonaIkAU8zXIsJvDSlN7aKt3eIOYvq/0WdBMTC7pbkHJ6UcA2DF
gVIAnZ2hMzDZ1VwklSywGYoCcVh7IQXY588loDb/X9vgpXyVfxmIldgx0BulnHHH
fikV51VUT4xpIM0dPfLwM5EEfddUVCinHZGE4i1gM7t6bkmW6ePdAeSWpLgM/olJ
jPmcMO7goV4WuGGmkliICA
-> ssh-ed25519 KLPP8w tOUeFUot+3c5/uCMmRf2+iEff44oH1+16LodxcZ8tRI
Lh/DGBwAxreX1mikM1vXYmwTpTMQfzdk0OfAS9ZcWgg
-> ^>!"k-grease Oao
HDL8eWp4pvf8tLucvncf6e8rdeL+Jx0wqc29gX3LiW1/39wDngd85ldEwJwTNpLm
wsYQibvHluCFNeduW95Y41nvScAU1E+DdtbvkFQ9
--- Hs1+jKn3TiUMbCnplc713eslRXWB+wZNa671sCh/Fv0
<EFBFBD>.<2E>Y<EFBFBD>-"<22>N-<2D>9<EFBFBD>bt<><74><EFBFBD>>CyJz<4A><7A><EFBFBD><EFBFBD><EFBFBD><13><01>!)"x<><78>a<>

11
secrets/secrets.nix Normal file
View File

@@ -0,0 +1,11 @@
let
sstent = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC";
users = [ sstent ];
HyperV = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
systems = [ HyperV ];
in
{
"secret1.age".publicKeys = [ sstent HyperV ];
"secret2.age".publicKeys = users ++ systems;
}