patos/modules/profiles/base.nix

{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}:
{
  imports = [
    (modulesPath + "/profiles/image-based-appliance.nix")
    (modulesPath + "/profiles/perlless.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  # system.forbiddenDependenciesRegexes = lib.mkForce [ ];

  nixpkgs.flake.setNixPath = false;
  nixpkgs.flake.setFlakeRegistry = false;
  boot.enableContainers = false;

  boot.kernelModules = [
    "zram"
    "usb_storage"
    "uas"
    "sd_mod"
    "r8169"
    "ehci-hcd"
    "ehci-pci"
    "xhci-hcd"
    "xhci-pci"
    "xhci-pci-renesas"
    "nvme"
    "virtio_net"
  ];

  system.etc.overlay.mutable = lib.mkDefault false;

  systemd.watchdog = lib.mkDefault {
    runtimeTime = "10s";
    rebootTime = "30s";
  };

  zramSwap.enable = true;

  # FIXME: fstrim should only be enabled for virtual machine images?
  services.fstrim.enable = true;


  services.openssh.settings.PasswordAuthentication = lib.mkDefault false;

  users.allowNoPasswordLogin = true;
  security.sudo.enable = lib.mkDefault false;

  security.polkit = {
    enable = true;
    extraConfig = ''
      polkit.addRule(function(action, subject) {
        if (subject.isInGroup("wheel")) {
          return polkit.Result.YES;
        }
      });
    '';
  };

  i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];

  # Console
  # FIXME: Add option for toggle
  # console.enable = false;
  # systemd.services."getty@tty1".enable = lib.mkDefault false;
  # systemd.services."autovt@".enable = lib.mkDefault false;

  systemd.enableEmergencyMode = false;
  boot.consoleLogLevel = lib.mkDefault 1;
  boot.kernelParams = [
    # "quiet"
    "panic=1"
    "boot.panic_on_fail"
    "nomodeset"
    "console=tty1"
    "console=ttyS0,38400"
    # "systemd.log_level=info"
    # "systemd.log_target=console"
    # "systemd.journald.forward_to_console"
  ];

  # This is vi country
  programs.nano.enable = false;
  programs.vim.enable = true;
  programs.vim.defaultEditor = lib.mkDefault true;

  # Temporary file
  boot.tmp.useTmpfs = true;

  # Logging
  services.journald = {
    storage = "volatile";
    extraConfig = ''
      SystemMaxUse=10M
    '';
  };

}
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`modulesPath,`
			`...`
			`}:`
			`{`
			`imports = [`
			`(modulesPath + "/profiles/image-based-appliance.nix")`
			`(modulesPath + "/profiles/perlless.nix")`
			`(modulesPath + "/profiles/qemu-guest.nix")`
			`];`

			`# system.forbiddenDependenciesRegexes = lib.mkForce [ ];`

			`nixpkgs.flake.setNixPath = false;`
			`nixpkgs.flake.setFlakeRegistry = false;`
chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`boot.enableContainers = false;`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00
			`boot.kernelModules = [`
			`"zram"`
			`"usb_storage"`
			`"uas"`
			`"sd_mod"`
			`"r8169"`
			`"ehci-hcd"`
			`"ehci-pci"`
			`"xhci-hcd"`
			`"xhci-pci"`
			`"xhci-pci-renesas"`
			`"nvme"`
			`"virtio_net"`
			`];`

			`system.etc.overlay.mutable = lib.mkDefault false;`

			`systemd.watchdog = lib.mkDefault {`
			`runtimeTime = "10s";`
			`rebootTime = "30s";`
			`};`

			`zramSwap.enable = true;`

chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`# FIXME: fstrim should only be enabled for virtual machine images?`
			`services.fstrim.enable = true;`


Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`services.openssh.settings.PasswordAuthentication = lib.mkDefault false;`

			`users.allowNoPasswordLogin = true;`
			`security.sudo.enable = lib.mkDefault false;`

			`security.polkit = {`
			`enable = true;`
chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`extraConfig = ''`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`polkit.addRule(function(action, subject) {`
			`if (subject.isInGroup("wheel")) {`
			`return polkit.Result.YES;`
			`}`
			`});`
			`'';`
			`};`

			`i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];`

chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`# Console`
			`# FIXME: Add option for toggle`
			`# console.enable = false;`
			`# systemd.services."getty@tty1".enable = lib.mkDefault false;`
			`# systemd.services."autovt@".enable = lib.mkDefault false;`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00
chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`systemd.enableEmergencyMode = false;`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`boot.consoleLogLevel = lib.mkDefault 1;`
			`boot.kernelParams = [`
chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`# "quiet"`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`"panic=1"`
			`"boot.panic_on_fail"`
			`"nomodeset"`
chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`"console=tty1"`
			`"console=ttyS0,38400"`
feat: add devel image 2024-11-16 17:15:56 +01:00			`# "systemd.log_level=info"`
			`# "systemd.log_target=console"`
			`# "systemd.journald.forward_to_console"`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`];`

			`# This is vi country`
			`programs.nano.enable = false;`
			`programs.vim.enable = true;`
			`programs.vim.defaultEditor = lib.mkDefault true;`

chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`# Temporary file`
			`boot.tmp.useTmpfs = true;`

Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`# Logging`
chore: cleanup config and bring settings over from earlier 2024-11-15 21:09:57 +01:00			`services.journald = {`
			`storage = "volatile";`
			`extraConfig = ''`
			`SystemMaxUse=10M`
			`'';`
			`};`

Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`}`