uvms/profiles/uvms-users.nix

{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.uvms.users;
  authorizedKeys.keys = config.uvms.users.pubkeys.ssh;
  mergeIf = cond: modules: lib.mkIf cond (lib.mkMerge modules);
in

{
  imports = [ ./vars-use-wayland.nix ];
  options = {
    uvms.users.enable = lib.mkEnableOption "Set up usual immutable users (`root`, `user`)";
    uvms.users.pubkeys.ssh = lib.mkOption {
      description = "Authorized SSH keys for user@ and root@";
      type = lib.types.listOf lib.types.str;
      defalut = [ ];
    };
    uvms.users.pubkeys.enable =
      lib.mkEnableOption "Deploy (SSH, &c) public (authorized) keys. This leaks certain public IDs into the VM"
      // {
        default = true;
      };
    uvms.users.proxyWayland = lib.mkEnableOption "Set up wayland-proxy-virtwl";
  };
  config = mergeIf cfg.enable [
    {
      services.getty.autologinUser = "user";
      security.sudo.wheelNeedsPassword = false;
      users.mutableUsers = false;
      users.users.user = {
        password = lib.mkDefault "hacktheplanet!";
        isNormalUser = true;
        createHome = true;
        extraGroups = [
          "video"
          "wheel"
        ];
        uid = 1000;
      };
      systemd.tmpfiles.settings."10-user-home" = {
        "/home/user".z = {
          user = "user";
          group = "users";
        };
      };
    }
    (lib.mkIf cfg.deployPubkeys {
      users.users.root.openssh = { inherit authorizedKeys; };
      users.users.user.openssh = { inherit authorizedKeys; };
    })
    (lib.mkIf cfg.proxyWayland {
      hardware.graphics.enable = true;
      systemd.user.services.wayland-proxy = {
        enable = true;
        description = "Wayland Proxy";
        serviceConfig = with pkgs; {
          # Environment = "WAYLAND_DISPLAY=wayland-1";
          ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland --tag \"[${config.networking.hostName}]\"";
          Restart = "always";
          RestartSec = 5;
          OOMScoreAdjust = -800;
        };
        wantedBy = [ "default.target" ];
      };
      environment.sessionVariables = {
        WAYLAND_DISPLAY = "wayland-1";
      };
      xdg.portal = {
        enable = true;
        config.common.default = "*";
        extraPortals = [
          pkgs.xdg-desktop-portal-gtk
          pkgs.xdg-desktop-portal-gnome
        ];
      };
      environment.systemPackages = [
        pkgs.xdg-utils
        pkgs.wl-clipboard
      ];
    })
  ];
}