infra/nix/os/devices/steveej-x13s/configuration.nix

{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:

{
  imports = [
    # repoFlake.inputs.sops-nix.nixosModules.sops

    # ../../profiles/common/user.nix

    {
      nix.nixPath = [
        "nixpkgs=${pkgs.path}"
      ];

      nix.settings.experimental-features = [
        "nix-command"
        "flakes"
      ];

      nix.settings.max-jobs = lib.mkDefault "auto";
      nix.settings.cores = lib.mkDefault 0;
    }

    {
      services.openssh.enable = true;
      services.openssh.settings.PermitRootLogin = "yes";

      # users.commonUsers = {
      #   enable = true;
      #   enableNonRoot = false;
      #   rootPasswordFile = config.sops.secrets.passwords-root.path;
      # };

      users.users.root.password = "install";

      # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
      # sops.defaultSopsFormat = "yaml";

      # sops.secrets.passwords-root.neededForUsers = true;
    }
  ];

  networking = {
    hostName = nodeName;
    useNetworkd = false;

    networkmanager.enable = false;

    firewall.enable = false;
  };

  system.stateVersion = "23.11";

  # We exclude a number of modules included in the default list. A non-insignificant amount do
  # not apply to embedded hardware like this, so simply skip the defaults.
  #
  # Custom kernel is required as a lot of MTK components misbehave when built as modules.
  # They fail to load properly, leaving the system without working ethernet, they'll oops on
  # remove. MTK-DSA parts and PCIe were observed to do this.

  # boot.initrd.includeDefaultModules = false;
  # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
  # boot.initrd.availableKernelModules = ["nvme"];

  nixpkgs.config.allowUnfree = true;

  # hardware.enableRedistributableFirmware = true;

  environment.systemPackages = [
    pkgs.busybox
  ];

  fileSystems."/".label = "x13s_root";
}
WIP everything 2024-01-18 14:59:17 +00:00			`{ repoFlake`
			`, pkgs`
			`, lib`
			`, config`
			`, nodeFlake`
			`, nodeName`
			`, localDomainName`
			`, system`
			`, ...`
			`}:`

			`{`
			`imports = [`
			`# repoFlake.inputs.sops-nix.nixosModules.sops`

			`# ../../profiles/common/user.nix`

			`{`
			`nix.nixPath = [`
			`"nixpkgs=${pkgs.path}"`
			`];`

			`nix.settings.experimental-features = [`
			`"nix-command"`
			`"flakes"`
			`];`

			`nix.settings.max-jobs = lib.mkDefault "auto";`
			`nix.settings.cores = lib.mkDefault 0;`
			`}`

			`{`
			`services.openssh.enable = true;`
			`services.openssh.settings.PermitRootLogin = "yes";`

			`# users.commonUsers = {`
			`# enable = true;`
			`# enableNonRoot = false;`
			`# rootPasswordFile = config.sops.secrets.passwords-root.path;`
			`# };`

			`users.users.root.password = "install";`

			`# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;`
			`# sops.defaultSopsFormat = "yaml";`

			`# sops.secrets.passwords-root.neededForUsers = true;`
			`}`
			`];`

			`networking = {`
			`hostName = nodeName;`
			`useNetworkd = false;`

			`networkmanager.enable = false;`

			`firewall.enable = false;`
			`};`

			`system.stateVersion = "23.11";`

			`# We exclude a number of modules included in the default list. A non-insignificant amount do`
			`# not apply to embedded hardware like this, so simply skip the defaults.`
			`#`
			`# Custom kernel is required as a lot of MTK components misbehave when built as modules.`
			`# They fail to load properly, leaving the system without working ethernet, they'll oops on`
			`# remove. MTK-DSA parts and PCIe were observed to do this.`

			`# boot.initrd.includeDefaultModules = false;`
			`# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];`
			`# boot.initrd.availableKernelModules = ["nvme"];`

			`nixpkgs.config.allowUnfree = true;`

			`# hardware.enableRedistributableFirmware = true;`

			`environment.systemPackages = [`
			`pkgs.busybox`
			`];`

			`fileSystems."/".label = "x13s_root";`
			`}`