{ config, lib, pkgs, ... }: let cfg = config.uvms.users; authorizedKeys.keys = config.uvms.users.pubkeys.ssh; mergeIf = cond: modules: lib.mkIf cond (lib.mkMerge modules); in { imports = [ ./vars-use-wayland.nix ]; options = { uvms.users.enable = lib.mkEnableOption "Set up usual immutable users (`root`, `user`)"; uvms.users.pubkeys.ssh = lib.mkOption { description = "Authorized SSH keys for user@ and root@"; type = lib.types.listOf lib.types.str; defalut = [ ]; }; uvms.users.pubkeys.enable = lib.mkEnableOption "Deploy (SSH, &c) public (authorized) keys. This leaks certain public IDs into the VM" // { default = true; }; uvms.users.proxyWayland = lib.mkEnableOption "Set up wayland-proxy-virtwl"; }; config = mergeIf cfg.enable [ { services.getty.autologinUser = "user"; security.sudo.wheelNeedsPassword = false; users.mutableUsers = false; users.users.user = { password = lib.mkDefault "hacktheplanet!"; isNormalUser = true; createHome = true; extraGroups = [ "video" "wheel" ]; uid = 1000; }; systemd.tmpfiles.settings."10-user-home" = { "/home/user".z = { user = "user"; group = "users"; }; }; } (lib.mkIf cfg.deployPubkeys { users.users.root.openssh = { inherit authorizedKeys; }; users.users.user.openssh = { inherit authorizedKeys; }; }) (lib.mkIf cfg.proxyWayland { hardware.graphics.enable = true; systemd.user.services.wayland-proxy = { enable = true; description = "Wayland Proxy"; serviceConfig = with pkgs; { # Environment = "WAYLAND_DISPLAY=wayland-1"; ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland --tag \"[${config.networking.hostName}]\""; Restart = "always"; RestartSec = 5; OOMScoreAdjust = -800; }; wantedBy = [ "default.target" ]; }; environment.sessionVariables = { WAYLAND_DISPLAY = "wayland-1"; }; xdg.portal = { enable = true; config.common.default = "*"; extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal-gnome ]; }; environment.systemPackages = [ pkgs.xdg-utils pkgs.wl-clipboard ]; }) ]; }