commit 6aa7c26933f536d044ab920a5870e3f24fb04d8c
author Skyler Grey <skyler3665@gmail.com> Sat Aug 20 22:22:03 2022 +0100
committer Skyler Grey <skyler3665@gmail.com> Sat Aug 20 22:22:03 2022 +0100
tree f986fc9873c716a0807ea8b093e76dabab636768
parent 7dfe5c61b9e503994bc841b7003f0581d325b068

Add some basic initial modules

flake.lock

diff --git a/flake.lock b/flake.lock
index c0bca6c..87672f8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -15,6 +15,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1646131459,
+        "narHash": "sha256-GPmgxvUFvQ1GmsGfWHy9+rcxWrczeDhS9XnAIPHi9XQ=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "2f39baeb7d039fda5fc8225111bb79474138e6f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1660817299,
@@ -50,6 +65,7 @@
     "root": {
       "inputs": {
         "flake-utils": "flake-utils",
+        "impermanence": "impermanence",
         "nixpkgs": "nixpkgs",
         "registry": "registry"
       }

flake.nix

diff --git a/flake.nix b/flake.nix
index d2dc6af..6725e32 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,6 +6,7 @@
     url = "github:nixos/flake-registry";
     flake = false;
   };
+  inputs.impermanence.url = "github:nix-community/impermanence";
 
   outputs = inputs: let
     inherit (inputs) self nixpkgs flake-utils;

modules/boot.nix

diff --git a/modules/boot.nix b/modules/boot.nix
new file mode 100644
index 0000000..5905245
--- /dev/null
+++ b/modules/boot.nix
@@ -0,0 +1,8 @@
+{
+  config = {
+    boot.loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+}

modules/filesystems.nix

diff --git a/modules/filesystems.nix b/modules/filesystems.nix
new file mode 100644
index 0000000..2c30ee9
--- /dev/null
+++ b/modules/filesystems.nix
@@ -0,0 +1,17 @@
+{impermanence}: {
+  imports = [
+    impermanence.nixosModules.impermanence
+  ];
+
+  config = {
+    environment.persistence."/nix/persist" = {
+      hideMounts = true;
+    };
+
+    fileSystems."/" = {
+      device = "none";
+      fsType = "tmpfs";
+      options = ["defaults" "size=4G" "mode=755"];
+    };
+  };
+}

modules/locale.nix

diff --git a/modules/locale.nix b/modules/locale.nix
new file mode 100644
index 0000000..dbc07b1
--- /dev/null
+++ b/modules/locale.nix
@@ -0,0 +1,10 @@
+{
+  config = {
+    time.timeZone = "Europe/London";
+    i18n.defaultLocale = "en_US.UTF-8";
+    console = {
+      font = "Lat2-Terminus16";
+      keyMap = "uk";
+    };
+  };
+}

modules/neovim.nix

diff --git a/modules/neovim.nix b/modules/neovim.nix
new file mode 100644
index 0000000..e3d753c
--- /dev/null
+++ b/modules/neovim.nix
@@ -0,0 +1,13 @@
+{pkgs, ...}: {
+  config = {
+    environment.variables = {
+      EDITOR = "${pkgs.nvim}/bin/nvim";
+    };
+    environment.defaultPackages = [
+      pkgs.perl
+      pkgs.rsync
+      pkgs.strace
+      pkgs.nvim # I'm installing vim here even though it isn't normally a default package, as I've removed nano
+    ]; # The basic default packages, although without nano
+  };
+}

modules/security.nix

diff --git a/modules/security.nix b/modules/security.nix
new file mode 100644
index 0000000..d7bdbda
--- /dev/null
+++ b/modules/security.nix
@@ -0,0 +1,6 @@
+{
+  config.security.apparmor = {
+    enable = true;
+    killUnconfinedConfinables = true;
+  };
+}

modules/ssh.nix

diff --git a/modules/ssh.nix b/modules/ssh.nix
new file mode 100644
index 0000000..862310a
--- /dev/null
+++ b/modules/ssh.nix
@@ -0,0 +1,24 @@
+{
+  config = {
+    services.openssh.enable = true;
+
+    environment.persistence."/nix/persist".files = [
+      {
+        file = "/etc/ssh_host_rsa_key";
+        parentDirectory = {mode = 755;};
+      }
+      {
+        file = "/etc/ssh_host_rsa_key.pub";
+        parentDirectory = {mode = 755;};
+      }
+      {
+        file = "/etc/ssh_host_ed25519_key";
+        parentDirectory = {mode = 755;};
+      }
+      {
+        file = "/etc/ssh_host_ed25519_key.pub";
+        parentDirectory = {mode = 755;};
+      }
+    ];
+  };
+}

modules/systemd.nix

diff --git a/modules/systemd.nix b/modules/systemd.nix
new file mode 100644
index 0000000..4b39b44
--- /dev/null
+++ b/modules/systemd.nix
@@ -0,0 +1,7 @@
+{
+  config = {
+    environment.persistence."/nix/persist".files = [
+      "/etc/machine-id"
+    ];
+  };
+}

modules/users.nix

diff --git a/modules/users.nix b/modules/users.nix
new file mode 100644
index 0000000..15f1e4f
--- /dev/null
+++ b/modules/users.nix
@@ -0,0 +1,13 @@
+{pkgs, ...}: {
+  users.mutableUsers = false;
+
+  users.users.minion = {
+    isNormalUser = true;
+    extraGroups = ["wheel" "kvm" "docker" "containerd" "dialout" "libvirtd" "video" config.users.groups.keys.name];
+    shell = pkgs.zsh;
+  };
+
+  users.users.root.initialPassword = "hunter2";
+  # TODO: Change this as soon as we know the system boots properly and we make
+  # user passwords persist
+}