From d9046b8321dcfd7cbf186f3a9af728eca7983e4d Mon Sep 17 00:00:00 2001 From: Whovian9369 Date: Sun, 9 Jun 2024 05:05:25 -0400 Subject: [PATCH] Various changes to config, see notes under the fold. - Adds `mySSHKeys` via `inherit` from `system/sshKeys.nix` for easier setting of allowed SSH keys - Especially useful for self-built `x86_64-linux` NixOS ISO. - Swap where user groups are set to `system/users.nix` - Add `myOptions.isWSL` to identify if an environment is used in WSL or not. - Used for setting user groups between WSL and bare-metal. - Requires adding `myOptions` as module to WSL systems? - Need to investiage if this properly works on bare-metal machines - So likely needs tested in VM? - Added `myOptions.isWSL` option to `nixos-wsl` for group setting reasons, see above. - Fleshed out `nixosConfigurations.isoimage-pc` to make keep some tools handy for live environment. - Plus, gave ssh key access to `root` user on ISO. - Need to double check if `nixos` user needs keys too. - Is that user still even generated with current config? Need to test. - Added `unnix_script` to `home-manager` environment's `home.packages`, so I can remove Nix Store paths from text input easily for ease of comparing against other builds. --- chimchar-hold_for_flake.nix | 4 +- flake.nix | 78 +++++++++++++++++++++++++++--- home/pkgs_and_programs.nix | 10 +++- system/groups.nix | 23 +++++++++ system/nixos-wsl/configuration.nix | 2 +- system/sshKeys.nix | 5 ++ system/users.nix | 30 ++++++++++++ 7 files changed, 141 insertions(+), 11 deletions(-) create mode 100644 system/groups.nix create mode 100644 system/sshKeys.nix create mode 100644 system/users.nix diff --git a/chimchar-hold_for_flake.nix b/chimchar-hold_for_flake.nix index f34d09a..3d7bac2 100644 --- a/chimchar-hold_for_flake.nix +++ b/chimchar-hold_for_flake.nix @@ -91,11 +91,13 @@ # Am I going to use "configuration.nix" in this next config? # Am I going to put it all into the flake itself? # Am I going to do something else? - ./system/chimchar/users.nix ./system/dotnet_os_codename-workaround.nix # Source of this fix file is # https://github.com/nazarewk-iac/nix-configs/blob/main/modules/ascii-workaround.nix ./system/nix_lix.nix + # Enable Nix fork "Lix" instead of default "Nix" version from + # upstream + ./system/users.nix lix-module.nixosModules.default home-manager.nixosModules.home-manager { diff --git a/flake.nix b/flake.nix index d720eee..7e9812f 100644 --- a/flake.nix +++ b/flake.nix @@ -87,23 +87,48 @@ system = "x86_64-linux"; config.allowUnfree = true; }; + + inherit (import ./system/sshKeys.nix) mySSHKeys; + # inherit (import ./system/groups.nix) myWslGroups myHardwareGroups; + + myOptions = { lib, ... }: { + options = { + isWSL = lib.mkOption { + default = false; + type = lib.types.bool; + }; + }; + }; + in { + nixosConfigurations = { nixos-wsl = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + myOptions ./system/nixos-wsl/configuration.nix ./system/dotnet_os_codename-workaround.nix # Source of this fix file is # https://github.com/nazarewk-iac/nix-configs/blob/main/modules/ascii-workaround.nix ./system/nix_lix.nix + ./system/users.nix nixos-wsl.nixosModules.wsl lix-module.nixosModules.default home-manager.nixosModules.home-manager { system.configurationRevision = self.shortRev or self.dirtyShortRev or "dirty"; + isWSL = true; + + users.users.whovian = { + # extraGroups = myWslGroups; + # See above "let" expression + # and/or look at "system/groups.nix" + openssh.authorizedKeys.keys = mySSHKeys; + }; + home-manager = { useGlobalPkgs = true; useUserPackages = true; @@ -134,26 +159,65 @@ ]; }; - isoimage = nixpkgs.lib.nixosSystem { + isoimage-pc = nixpkgs.lib.nixosSystem { + # How to build: + # $ nix build .#nixosConfigurations.isoimage-pc.config.system.build.isoImage + # TODO: Add to "packages.x86_64-linux" later? + # "packages.x86_64-linux.isoimage-pc = self." system = "x86_64-linux"; modules = [ - # ./configuration.nix + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix" { - nix = { - extraOptions = " + environment.systemPackages = [ + pkgs._7zz + pkgs.bat + pkgs.dhex + pkgs.fd + pkgs.file + pkgs.git + pkgs.lynx + pkgs.ncdu + pkgs.progress + pkgs.ripgrep + pkgs.sshfs + pkgs.wget + pkgs.xxd + pkgs.yq + xil.packages.x86_64-linux.xil + ]; + + nix.extraOptions = '' experimental-features = nix-command flakes - "; - }; + ''; + programs = { + nano.enable = true; + screen.enable = true; zsh = { enable = true; + # Honestly unsure if I should be using `programs.zsh.envExtra` or + # `programs.zsh.localVariables` here. + /* + localVariables = { + DISABLE_MAGIC_FUNCTIONS = true; + }; + */ + ohMyZsh = { + enable = true; + theme = "bira"; + }; }; }; + users = { defaultUserShell = pkgs.zsh; + users.root = { + shell = pkgs.zsh; + openssh.authorizedKeys.keys = mySSHKeys; + # Check if needed for "nixos" ISO user. + }; }; } - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix" ]; }; diff --git a/home/pkgs_and_programs.nix b/home/pkgs_and_programs.nix index dfe18ed..0ff07e9 100644 --- a/home/pkgs_and_programs.nix +++ b/home/pkgs_and_programs.nix @@ -22,9 +22,14 @@ let patches = [ ./packages/new_rclone/patches/rclone_8ffe3e462cbf5688c37c54009db09d8dcb486860.diff ]; } ); + unnix_script = pkgs.writeShellApplication { + name = "unnix"; + /* runtimeInputs = [ sed ]; */ + text = '' sed -r 's@/nix/store/[0-9a-z]{32}-@/<>/@g' ''; + # Quick command to remove Nix Store paths from output. Original source: + # https://trofi.github.io/posts/247-NixOS-22.05-release.html + }; }; - - in { programs = { @@ -126,6 +131,7 @@ in my_packages.sabretools my_packages.new_rclone my_packages.rom-properties + my_packages.unnix_script # my_packages.hactoolnet-bin agenix.packages.${system}.default diff --git a/system/groups.nix b/system/groups.nix new file mode 100644 index 0000000..d0283cc --- /dev/null +++ b/system/groups.nix @@ -0,0 +1,23 @@ +{ + myWslGroups = [ + "wheel" + # Enable 'sudo' for the user. + ]; + + myHardwareGroups = [ + "wheel" + # Enable 'sudo' for the user. + "networkmanager" + # Enable use of NetworkManager + "usb" + # This should enable access to usb devices. + "docker" + # Enable 'docker' for the user. + ]; + + users.groups = { + usb = { + # Placeholder to create group. + }; + }; +} diff --git a/system/nixos-wsl/configuration.nix b/system/nixos-wsl/configuration.nix index dbb3fa5..9805233 100644 --- a/system/nixos-wsl/configuration.nix +++ b/system/nixos-wsl/configuration.nix @@ -9,7 +9,7 @@ { imports = [ ./packages.nix - ./users.nix + # ./users.nix ./wsl.nix ]; diff --git a/system/sshKeys.nix b/system/sshKeys.nix new file mode 100644 index 0000000..57e5e31 --- /dev/null +++ b/system/sshKeys.nix @@ -0,0 +1,5 @@ +{ + mySSHKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5E4BLKTeFAeRdIMJbdi1ZcphWF3WnJAZ6FX6zbKHI3" # NixOS WSL + ]; +} diff --git a/system/users.nix b/system/users.nix new file mode 100644 index 0000000..a8226fa --- /dev/null +++ b/system/users.nix @@ -0,0 +1,30 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + users = { + users = { + whovian = { + name = "whovian"; + description = "Whovian9369"; + shell = pkgs.zsh; + initialPassword = "abcde"; # I need to log in somehow + extraGroups = [ + "wheel" + # Enable 'sudo' for the user. + ] ++ lib.optionals (!config.isWSL) [ + # These are the groups for baremetal machines, or possibly VMs. + "networkmanager" + # Enable use of NetworkManager + "usb" + # This should enable access to usb devices. + "docker" + # Enable 'docker' for the user. + ]; + }; + }; + }; +}