From c69d8b169f6a4bfc35a7d6906ebc062e76197528 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 27 Oct 2016 19:32:48 +0200
Subject: init

---
 base.nix | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 base.nix

(limited to 'base.nix')

diff --git a/base.nix b/base.nix
new file mode 100644
index 0000000..0db539a
--- /dev/null
+++ b/base.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+{
+  options = {
+    ni-disk = lib.mkOption {
+      default = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+    };
+    ni-key-path = lib.mkOption {
+      # TODO type = types.absolute-path
+      default = "/root/keys";
+    };
+    ni-nix-path = lib.mkOption {
+      # TODO type = types.absolute-path
+      default = "/root/config";
+    };
+  };
+  config = {
+    boot.initrd.availableKernelModules = [
+      "virtio_balloon"
+      "virtio_blk"
+      "virtio_console"
+      "virtio_net"
+      "virtio_pci"
+      "virtio_scsi"
+    ];
+    users.users.root.openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"
+    ];
+
+    #
+    # XXX following stuff is not necessary for install
+    # XXX but there's stuff that will reduce it's size
+    #
+    environment.systemPackages = [
+      pkgs.rsync
+      pkgs.rxvt_unicode.terminfo
+    ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.use_tempaddr" = 2;
+      "net.ipv6.conf.default.use_tempaddr" = 2;
+    };
+    environment.noXlibs = true;
+    environment.profileRelativeEnvVars.PATH = lib.mkForce [ "/bin" ];
+    i18n.defaultLocale = "en_US.UTF-8";
+    i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+    nix.binaryCaches = [ "https://cache.nixos.org" ];
+    nix.requireSignedBinaryCaches = true;
+    #nix.sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+    nix.useSandbox = true;
+    programs.info.enable = false;
+    programs.man.enable = false;
+    security.hideProcessInformation = true;
+    services.nixosManual.enable = false;
+    services.nscd.enable = false;
+    services.ntp.enable = false;
+    services.openssh.enable = true;
+    services.udisks2.enable = false;
+    sound.enable = false;
+    users.mutableUsers = false;
+  };
+}
-- 
cgit v1.2.3