profiles: init (vsock ssh &c.)

2025-09-17 16:51:24 +03:00 · 2025-09-17 16:51:24 +03:00 · 1828835a1d
commit 1828835a1d
parent 12e95630b1
8 changed files with 228 additions and 0 deletions
--- a/profiles/uvms-users.nix
+++ b/profiles/uvms-users.nix
@ -0,0 +1,87 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.uvms.users;
+  authorizedKeys.keys = config.uvms.users.pubkeys.ssh;
+  mergeIf = cond: modules: lib.mkIf cond (lib.mkMerge modules);
+in
+
+{
+  imports = [ ./vars-use-wayland.nix ];
+  options = {
+    uvms.users.enable = lib.mkEnableOption "Set up usual immutable users (`root`, `user`)";
+    uvms.users.pubkeys.ssh = lib.mkOption {
+      description = "Authorized SSH keys for user@ and root@";
+      type = lib.types.listOf lib.types.str;
+      defalut = [ ];
+    };
+    uvms.users.pubkeys.enable =
+      lib.mkEnableOption "Deploy (SSH, &c) public (authorized) keys. This leaks certain public IDs into the VM"
+      // {
+        default = true;
+      };
+    uvms.users.proxyWayland = lib.mkEnableOption "Set up wayland-proxy-virtwl";
+  };
+  config = mergeIf cfg.enable [
+    {
+      services.getty.autologinUser = "user";
+      security.sudo.wheelNeedsPassword = false;
+      users.mutableUsers = false;
+      users.users.user = {
+        password = lib.mkDefault "hacktheplanet!";
+        isNormalUser = true;
+        createHome = true;
+        extraGroups = [
+          "video"
+          "wheel"
+        ];
+        uid = 1000;
+      };
+      systemd.tmpfiles.settings."10-user-home" = {
+        "/home/user".z = {
+          user = "user";
+          group = "users";
+        };
+      };
+    }
+    (lib.mkIf cfg.deployPubkeys {
+      users.users.root.openssh = { inherit authorizedKeys; };
+      users.users.user.openssh = { inherit authorizedKeys; };
+    })
+    (lib.mkIf cfg.proxyWayland {
+      hardware.graphics.enable = true;
+      systemd.user.services.wayland-proxy = {
+        enable = true;
+        description = "Wayland Proxy";
+        serviceConfig = with pkgs; {
+          # Environment = "WAYLAND_DISPLAY=wayland-1";
+          ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland --tag \"[${config.networking.hostName}]\"";
+          Restart = "always";
+          RestartSec = 5;
+          OOMScoreAdjust = -800;
+        };
+        wantedBy = [ "default.target" ];
+      };
+      environment.sessionVariables = {
+        WAYLAND_DISPLAY = "wayland-1";
+      };
+      xdg.portal = {
+        enable = true;
+        config.common.default = "*";
+        extraPortals = [
+          pkgs.xdg-desktop-portal-gtk
+          pkgs.xdg-desktop-portal-gnome
+        ];
+      };
+      environment.systemPackages = [
+        pkgs.xdg-utils
+        pkgs.wl-clipboard
+      ];
+    })
+  ];
+}