Merge pull request #1 from lambdaclass/custom-infect

Modified custom nixos-infect script.
2025-03-14 13:46:59 +00:00 · 2024-03-18 15:06:57 -03:00 · 2024-03-18 15:06:57 -03:00 · cf4aa05af1
commit cf4aa05af1
parent 9c5b46d78e 976db93859
1 changed files with 61 additions and 7 deletions
--- a/68
+++ b/68
@ -2,7 +2,7 @@

 # More info at: https://github.com/elitak/nixos-infect

-set -e -o pipefail
+set -ex -o pipefail

 makeConf() {
  # Skip everything if main config already present
@ -28,23 +28,77 @@ makeConf() {

  [[ -n "$doNetConf" ]] && network_import="./networking.nix # generated at runtime by nixos-infect"
  cat > /etc/nixos/configuration.nix << EOF
-{ ... }: {
+{ config, pkgs, ... }: {
  imports = [
    ./hardware-configuration.nix
    $network_import
    $NIXOS_IMPORT
  ];
+  nix.settings = {
+    # Enable flakes and new 'nix' command
+    experimental-features = "nix-command flakes";
+    # Deduplicate and optimize nix store
+    auto-optimise-store = true;
+  };
+

  boot.cleanTmpDir = true;
+  # boot.loader.systemd-boot.enable = true;
+  # boot.loader.efi.canTouchEfiVariables = true;
  zramSwap.enable = ${zramswap};
+
  networking.hostName = "$(hostname -s)";
  networking.domain = "$(hostname -d)";
+  time.timeZone = "America/Argentina/Buenos_Aires";
+
+  users.extraUsers.admin = {
+    isNormalUser = true;
+    createHome = true;
+    home = "/home/admin";
+    uid = 1000;
+    group = "users";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPGTH2Nm14VMFsPT6qyLp7sSvUmO58wJ5mss+WYdc1hY tomascasagrande"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+Pn4eeMouj+BUj3ynUYzjvpxeepJC8GU3RFTE+eOch hetzner_lambda"
+    ];
+  };
+  users.extraUsers.dev = {
+    isNormalUser = true;
+    createHome = true;
+    home = "/home/dev";
+    uid = 1001;
+    group = "users";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPGTH2Nm14VMFsPT6qyLp7sSvUmO58wJ5mss+WYdc1hY tomascasagrande"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+Pn4eeMouj+BUj3ynUYzjvpxeepJC8GU3RFTE+eOch hetzner_lambda"
+    ];
+  };
+  security.sudo.extraRules = [
+    {
+      users = [ "admin" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "SETENV" "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+  environment.systemPackages = with pkgs; [
+    curl
+    gnupg
+    vim
+    git
+    zip
+    unzip
+    caddy
+  ];
  services.openssh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = [$(while read -r line; do
-    line=$(echo -n "$line" | sed 's/\r//g')
-    trimmed_line=$(echo -n "$line" | xargs)
-    echo -n "''$trimmed_line'' "
-  done <<< "$keys")];
+  services.tailscale.enable = true;
+
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.enable = false; # Preferably, use provider's FW
  system.stateVersion = "23.11";
 }
 EOF