first commit

modules/core/default.nix

@@ -0,0 +1,10 @@
+{
+  ...
+}:
+{
+  imports = [
+    ./grub.nix
+    ./packages.nix
+    ./users.nix
+  ];
+}

modules/core/grub.nix

@@ -0,0 +1,18 @@
+{
+  ...
+}:
+{
+  ## Configure boot loader
+  boot.loader = {
+    # Use grub without NVRAM
+    grub = {
+      enable = true;
+      efiSupport = true;
+      device = "nodev";
+      efiInstallAsRemovable = true;
+      useOSProber = true;
+    };
+    # Do not edit NVRAM
+    efi.canTouchEfiVariables = false;
+  };
+}

modules/core/packages.nix

@@ -0,0 +1,19 @@
+{
+  pkgs,
+  ...
+}:
+{
+  environment.systemPackages = [
+    pkgs.curl
+    pkgs.pciutils
+    # pkgs.clinfo <- IDC info, move to GPU
+    pkgs.git
+    pkgs.htop
+    pkgs.killall
+    pkgs.bind
+    pkgs.git
+    pkgs.neovim
+    pkgs.unzip
+
+  ];
+}

modules/core/users.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  username,
+  ...
+}:
+{
+  users = {
+    users = {
+      ${username} = {
+        isNormalUser = true;
+        createHome = true;
+        hashedPasswordFile = config.sops.secrets."users_password/beastie".path;
+        description = "Admin account";
+        extraGroups = [
+          "wheel"
+        ];
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
+        ];
+      };
+      root = {
+        password = null;
+      };
+    };
+    mutableUsers = false;
+  };
+}

modules/optionnal/hosts/test-kvm.nix

@@ -0,0 +1,9 @@
+{
+  ...
+}:
+{
+  imports = [
+    ../sops-desktop.nix
+    ../sudo-nopasswd.nix
+  ];
+}

modules/optionnal/sops-desktop.nix

@@ -0,0 +1,68 @@
+{
+  inputs,
+  username,
+  ...
+}:
+let
+  secretsPath = builtins.toString inputs.mysecrets;
+in
+{
+  sops = {
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    age = {
+      sshKeyPaths = [
+        "/etc/ssh/ssh_host_ed25519_key"
+      ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+
+    secrets = {
+      "ldap_password/beastie" = {
+      };
+      "users_password/beastie" = {
+        neededForUsers = true;
+      };
+      "ssh_keys/default_pub" = {
+        owner = "${username}";
+        mode = "0644";
+        path = "/home/${username}/.ssh/id_ed25519.pub";
+      };
+      "ssh_keys/default_priv" = {
+        owner = "${username}";
+        mode = "0600";
+        path = "/home/${username}/.ssh/id_ed25519";
+      };
+      "ssh_keys/ansible_pub" = {
+        owner = "${username}";
+        mode = "0644";
+        path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
+      };
+      "ssh_keys/ansible_priv" = {
+        owner = "${username}";
+        mode = "0600";
+        path = "/home/${username}/.ssh/id_ed25519_ansible";
+      };
+      "ssh_keys/beastie_pub" = {
+        owner = "${username}";
+        mode = "0644";
+        path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
+      };
+      "ssh_keys/beastie_priv" = {
+        owner = "${username}";
+        mode = "0600";
+        path = "/home/${username}/.ssh/id_ed25519_beastie";
+      };
+      "ssh_keys/gitea_semaphore_pub" = {
+        owner = "${username}";
+        mode = "0644";
+        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
+      };
+      "ssh_keys/gitea_semaphore_priv" = {
+        owner = "${username}";
+        mode = "0600";
+        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
+      };
+    };
+  };
+}

modules/optionnal/sudo-nopasswd.nix

@@ -0,0 +1,24 @@
+{
+  username,
+  ...
+}:
+{
+  # https://dev.to/patimapoochai/how-to-edit-the-sudoers-file-in-nixos-with-examples-4k34
+  security.sudo = {
+    enable = true;
+    extraRules = [
+      {
+        users = [ "${username}" ];
+        host = "ALL";
+        runAs = "ALL:ALL";
+        commands = [
+          {
+            command = "ALL";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }
+    ];
+    #extraConfig = "#includedir /etc/sudoers.d";
+  };
+}