diff --git a/home-manager/modules/common.nix b/home-manager/modules/common.nix index fbf45b5..82666bb 100644 --- a/home-manager/modules/common.nix +++ b/home-manager/modules/common.nix @@ -46,6 +46,16 @@ in "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+kCHXqtznkT9IBN5WxZHmXI97k3BumT+N4lyHWMo0pykpACCOcGw52EXxQveNqgcwcRUgamL9A2JTE//WRf3O4nBofeTRNKcRxTjRoUVIt/F0xbf09yWBqJOXZ8rqLkXhRvSpr1TCUZtYVp5iLtpERp622OMIqHSwa6HlxBqsCFkBeq1bRyNtYK/IaQAuBPW9MNeFriGqA0Vq078ccXp+JINxJbr+ZJybVg6PVqnMD+PgGMZQLkoWjwjH3vcJZZt584UPtrXKpNZuKy6dcMCb2U+O9NOaO66168sBVuK0kZHh51nJ7ZH38VLGiBipRgIQ1fzic3Ncn6GC9ko3/OwT jackos1998@gmail.com" ]; matchBlocks = { + nix-dev-vm = { + user = "dev"; + hostname = "localhost"; + port = 2222; + extraOptions = { + StrictHostKeyChecking = "no"; + UserKnownHostsFile = "/dev/null"; + }; + }; + "rsync.net" = { host = "rsyncnet"; user = "16413"; diff --git a/nixos/installer.nix b/nixos/installer.nix index 2a7dcd6..f99a9e4 100644 --- a/nixos/installer.nix +++ b/nixos/installer.nix @@ -1,4 +1,4 @@ -{ lib, modulesPath, config, ... }: +{ lib, pkgs, modulesPath, config, ... }: let inherit (lib) mkDefault mkForce; in @@ -39,5 +39,10 @@ in # download-using-manifests.pl from forking even if there is # plenty of free memory. boot.kernel.sysctl."vm.overcommit_memory" = "1"; + + environment.systemPackages = with pkgs; [ + # We disable networking.useDHCP, so bring this in for the user + dhcpcd + ]; }; } diff --git a/nixos/modules/build.nix b/nixos/modules/build.nix index 9977e57..af4cf1a 100644 --- a/nixos/modules/build.nix +++ b/nixos/modules/build.nix @@ -61,6 +61,7 @@ in # Forward declare options that won't exist until the VM module is actually imported virtualisation = { diskImage = dummyOption; + forwardPorts = dummyOption; }; }; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 2312373..f61dab8 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -1,8 +1,8 @@ { lib, pkgs, pkgs', inputs, options, config, ... }: let inherit (builtins) attrValues; - inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions; - inherit (lib.my) mkOpt' dummyOption; + inherit (lib) flatten optional mkIf mkDefault mkMerge mkAliasDefinitions; + inherit (lib.my) mkOpt' mkBoolOpt' dummyOption; defaultUsername = "dev"; uname = config.my.user.name; @@ -13,6 +13,14 @@ in # Pretty hacky but too lazy to figure out if there's a better way to alias the options user = mkOpt' (attrsOf anything) { } "User definition (as `users.users.*`)."; homeConfig = mkOpt' anything { } "Home configuration (as `home-manager.users.*`)"; + + ssh = { + # If enabled, we can't set `authorized_keys` from home-manager because SSH won't like the file being owned by + # root. + strictModes = mkBoolOpt' false + ("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+ + "before accepting login."); + }; }; # Only present in >=22.05, so forward declare @@ -104,6 +112,11 @@ in useDHCP = mkDefault false; enableIPv6 = mkDefault true; }; + virtualisation = { + forwardPorts = flatten [ + (optional config.services.openssh.openFirewall { from = "host"; host.port = 2222; guest.port = 22; }) + ]; + }; environment.systemPackages = with pkgs; [ bash-completion @@ -123,6 +136,7 @@ in openssh = { enable = mkDefault true; + extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}''; }; }; @@ -138,6 +152,9 @@ in }) ]; }) + (mkIf config.my.build.isDevVM { + networking.interfaces.eth0.useDHCP = mkDefault true; + }) ]; meta.buildDocsInSandbox = false;