DEVELOPMENT ENVIRONMENT

~liljamo/nix-arta

ref: 503bc69948ca09d1ff70038e7819954b5d65dac0 nix-arta/systems/profiles/lxc/lxc.nix -rw-r--r-- 1.5 KiB
503bc699Jonni Liljamo feat(roles/gaming): make gamescope work in steam-fhs a month ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

{
  artautil,
  config,
  lib,
  ...
}: {
  sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;

  boot.isContainer = true;

  # Install new init script
  system.activationScripts.installInitScript = lib.mkForce ''
    mkdir -p /sbin
    ln -fs $systemConfig/init /sbin/init
  '';

  time.timeZone = "Europe/Helsinki";

  networking.defaultGateway = {
    address = "10.1.2.1";
    interface = "eth0";
  };
  networking.nameservers = ["10.1.2.3"];
  networking.interfaces."eth0".ipv4.addresses = [
    {
      address = artautil.getIPv4 "lxc" config.networking.hostName;
      prefixLength = 24;
    }
  ];

  nix.settings.trusted-users = ["root"];

  users.users.root = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
    ];
  };

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = lib.mkForce false;
      KbdInteractiveAuthentication = lib.mkForce false;
      PermitRootLogin = lib.mkForce "prohibit-password";
    };
  };

  systemd.suppressedSystemUnits = [
    "console-getty.service"
    "getty@.service"
    "systemd-udev-trigger.service"
    "systemd-udevd.service"
    "sys-fs-fuse-connections.mount"
    "sys-kernel-debug.mount"
    "dev-mqueue.mount"
  ];
  services = {
    journald.extraConfig = "SystemMaxUse=4G";
    cron.systemCronJobs = [
      "0 22 * * * root journalctl --vacuum-time=7d"
    ];
  };
}