patos/modules/profiles/server.nix

{ config, lib, pkgs, modulesPath, ... }: {

  imports = [
    (modulesPath + "/profiles/minimal.nix")
    ./network.nix
  ];

  boot.kernel.minimalModules = true;

  # system.etc.overlay.mutable = true;
  # users.mutableUsers = true;

  users.users."admin" = {
    isNormalUser = true;
    linger = true;
    extraGroups = [ "wheel" ];
  };

  # perlless activation doesn't seem to support subuid / subgid yet
  environment.etc."subuid" = {
    text = ''
      admin:100000:65536
    '';
    mode = "0644";
  };

  environment.etc."subgid" = {
    text = ''
      admin:100000:65536
    '';
    mode = "0644";
  };

  security.doas.wheelNeedsPassword = false;

  services.openssh.enable = true;
  system.image.sshKeys.enable = true;
  system.image.sshKeys.keys = [
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln1"
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln2"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDx+7ZEJi7lUCAtoHRRIduJzH3hrpx4YS1f0ZxrJ+uW dln3"
  ];

  virtualisation.podman.enable = true;

  boot.kernel.sysctl = {
    "net.ipv4.ip_unprivileged_port_start" = 0;
  };

  networking.firewall.enable = false;

  services.resolved.extraConfig = ''
    DNSStubListener=no
  '';

}
WIP: next step on image build 2024-11-11 23:02:38 +01:00			`{ config, lib, pkgs, modulesPath, ... }: {`

			`imports = [`
			`(modulesPath + "/profiles/minimal.nix")`
			`./network.nix`
			`];`

			`boot.kernel.minimalModules = true;`

			`# system.etc.overlay.mutable = true;`
			`# users.mutableUsers = true;`

			`users.users."admin" = {`
			`isNormalUser = true;`
			`linger = true;`
			`extraGroups = [ "wheel" ];`
			`};`

			`# perlless activation doesn't seem to support subuid / subgid yet`
			`environment.etc."subuid" = {`
			`text = ''`
			`admin:100000:65536`
			`'';`
			`mode = "0644";`
			`};`

			`environment.etc."subgid" = {`
			`text = ''`
			`admin:100000:65536`
			`'';`
			`mode = "0644";`
			`};`

			`security.doas.wheelNeedsPassword = false;`

			`services.openssh.enable = true;`
			`system.image.sshKeys.enable = true;`
			`system.image.sshKeys.keys = [`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln1"`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln2"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDx+7ZEJi7lUCAtoHRRIduJzH3hrpx4YS1f0ZxrJ+uW dln3"`
			`];`

			`virtualisation.podman.enable = true;`

			`boot.kernel.sysctl = {`
			`"net.ipv4.ip_unprivileged_port_start" = 0;`
			`};`

			`networking.firewall.enable = false;`

			`services.resolved.extraConfig = ''`
			`DNSStubListener=no`
			`'';`

			`}`