feat: add ISOs, limit core config size

.gitignore

@@ -4,7 +4,7 @@ doc/index.html
 
 # Result of bud commands
 vm
-iso
+/iso
 doi
 
 # PubSolarOS

hosts/default.nix

@@ -10,26 +10,32 @@
           self.nixosModules.b12f
           self.nixosModules.audio
           self.nixosModules.bluetooth
+          self.nixosModules.desktop-extended
           self.nixosModules.docker
+          self.nixosModules.email
           self.nixosModules.graphical
           self.nixosModules.nextcloud
           self.nixosModules.office
+          self.nixosModules.uhk
         ];
       };
 
       chocolatebar = self.nixos-flake.lib.mkLinuxSystem {
         nixpkgs.hostPlatform = "x86_64-linux";
         imports = [
+          inputs.musnix.nixosModules.musnix
           self.nixosModules.base
           ./chocolatebar
           self.nixosModules.b12f
           self.nixosModules.audio
-          self.nixosModules.virtualisation
+          self.nixosModules.desktop-extended
           self.nixosModules.docker
+          self.nixosModules.email
           self.nixosModules.gaming
           self.nixosModules.graphical
           self.nixosModules.nextcloud
           self.nixosModules.office
+          self.nixosModules.uhk
           self.nixosModules.virtualisation
         ];
       };
@@ -63,6 +69,30 @@
       #     self.nixosModules.yule
       #   ];
       # };
+
+      iso = self.nixos-flake.lib.mkLinuxSystem {
+        nixpkgs.hostPlatform = "x86_64-linux";
+        imports = [
+          "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+          self.nixosModules.base
+          ./iso
+          self.nixosModules.nixos
+        ];
+      };
+
+      iso-graphical = self.nixos-flake.lib.mkLinuxSystem {
+        nixpkgs.hostPlatform = "x86_64-linux";
+        imports = [
+          "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+          self.nixosModules.base
+          ./iso
+          self.nixosModules.nixos
+          self.nixosModules.graphical
+          self.nixosModules.audio
+          self.nixosModules.bluetooth
+          ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; })
+        ];
+      };
     };
   };
 }

hosts/iso/default.nix

@@ -0,0 +1,10 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  pub-solar.core.disk-encryption-active = false;
+  isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+  networking.networkmanager.enable = false;
+}

modules/core/networking.nix

@@ -11,7 +11,7 @@
 
   networking.networkmanager = {
     # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
-    enable = true;
+    enable = lib.mkDefault true;
     wifi.backend = lib.mkDefault "iwd";
   };
 
@@ -21,7 +21,7 @@
 
   # Caddy reverse proxy for local services like cups
   services.caddy = {
-    enable = true;
+    # don't enable by default
     globalConfig = ''
       default_bind 127.0.0.1
       auto_https off

modules/crypto/default.nix

@@ -14,8 +14,6 @@ in {
   services.gnome.gnome-keyring.enable = true;
 
   users.users."${psCfg.user.name}".packages = with pkgs; [
-    gnome.seahorse
-    keepassxc
     libsecret
   ];
 

modules/default.nix

@@ -10,6 +10,7 @@
       bluetooth = import ./bluetooth;
       core = import ./core;
       crypto = import ./crypto;
+      desktop-extended = import ./desktop-extended;
       docker = import ./docker;
       email = import ./email;
       gaming = import ./gaming;
@@ -28,7 +29,6 @@
       base.imports = [
         self.nixosModules.home-manager
         inputs.agenix.nixosModules.default
-        inputs.musnix.nixosModules.musnix
 
         self.nixosModules.overlays
         self.nixosModules.core

modules/desktop-extended/default.nix

@@ -0,0 +1,58 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+in {
+  # Needed for the udev rules for solaar
+  hardware.logitech.wireless.enable = true;
+
+  users.users."${psCfg.user.name}".packages = with pkgs; [
+    ungoogled-chromium
+    gimp
+    wine
+
+    present-md
+    inkscape
+    gpxsee
+    digikam
+    nix-output-monitor
+    tigervnc
+    nodejs
+    solaar
+    insomnia
+    concourse
+
+    signal-desktop
+    tdesktop
+    element-desktop
+    irssi
+
+    # Nix specific utilities
+    alejandra
+    manix
+    nix-index
+    nix-tree
+    nvd
+  ];
+
+  fonts = {
+    fonts = with pkgs; [
+      dejavu_fonts
+      fira-code
+      fira-code-symbols
+      google-fonts
+      lato
+      montserrat
+      nerdfonts
+      noto-fonts
+      noto-fonts-cjk
+      open-sans
+      powerline-fonts
+      source-sans-pro
+    ];
+  };
+}

modules/graphical/default.nix

@@ -31,8 +31,6 @@ in {
 
   config = {
     hardware.opengl.enable = true;
-    # Needed for the udev rules for solaar
-    hardware.logitech.wireless.enable = true;
 
     environment = {
       systemPackages = with pkgs; [
@@ -77,17 +75,7 @@ in {
     fonts = {
       fonts = with pkgs; [
         dejavu_fonts
-        fira-code
-        fira-code-symbols
-        google-fonts
-        lato
-        montserrat
-        nerdfonts
-        noto-fonts
-        noto-fonts-cjk
-        open-sans
         powerline-fonts
-        source-sans-pro
       ];
       enableDefaultFonts = true;
       fontconfig.enable = true;
@@ -99,20 +87,19 @@ in {
 
     users.users."${psCfg.user.name}".packages = with pkgs; [
       alacritty
-      ungoogled-chromium
       firefox-wayland
       flameshot
-      libnotify
       gnome.adwaita-icon-theme
       gnome.eog
       gnome.nautilus
+      gnome.seahorse
       gnome.yelp
       hicolor-icon-theme
-      wine
+      keepassxc
+      libnotify
       toggle-kbd-layout
-      wcwd
       vlc
-      gimp
+      wcwd
     ];
 
     home-manager.users."${psCfg.user.name}" = {

modules/paperless/default.nix

@@ -45,10 +45,13 @@ in {
   };
 
   networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
-  services.caddy.extraConfig = ''
-    paperless.local:80 {
-      request_header Host localhost:${builtins.toString config.services.paperless.port}
-      reverse_proxy localhost:${builtins.toString config.services.paperless.port}
-    }
-  '';
+  services.caddy = {
+    enable = true;
+    extraConfig = ''
+      paperless.local:80 {
+        request_header Host localhost:${builtins.toString config.services.paperless.port}
+        reverse_proxy localhost:${builtins.toString config.services.paperless.port}
+      }
+    '';
+  };
 }

modules/printing/default.nix

@@ -27,6 +27,7 @@
   networking.hosts = flake.self.lib.addLocalHostname ["cups.local"];
 
   services.caddy = {
+    enable = true;
     extraConfig = ''
     cups.local:80 {
       request_header Host localhost:631

modules/terminal-life/default.nix

@@ -11,9 +11,9 @@ in {
   options.pub-solar.terminal-life = {
     full = mkOption {
       description = ''
-        Enable a full version
+        Enable a full version, which includes more nvim plugins and lsps.
       '';
-      default = true;
+      default = false;
       type = types.bool;
     };
   };

modules/user/session-variables.nix

@@ -110,7 +110,7 @@
     {IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames;}
   ];
 in {
-  home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+  home-manager.users."${psCfg.user.name}" = {
     home.sessionVariables = variablesWithMeta;
     systemd.user.sessionVariables = variablesWithMeta;
   };

users/b12f/concepts-and-training.nix

@@ -29,7 +29,7 @@ in {
 
   systemd.services.openvpn-catVPN.serviceConfig.ExecStartPre = "${pkgs.fwknop}/bin/fwknop --rc-file=${config.age.secrets.".fwknoprc".path} --no-save-args --no-home-dir --save-args-file=/dev/null -n hetzner_test_cloud --wget-cmd=${pkgs.wget}/bin/wget";
 
-  home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+  home-manager.users."${psCfg.user.name}" = {
     programs.ssh = {
       matchBlocks = {
         "salt.base.test" = {

users/b12f/home.nix

@@ -15,31 +15,6 @@ in {
   ];
 
   home-manager.users."${psCfg.user.name}" = {
-    home.packages = with pkgs; [
-      present-md
-      inkscape
-      gpxsee
-      digikam
-      nix-output-monitor
-      tigervnc
-      nodejs
-      solaar
-      insomnia
-      concourse
-
-      signal-desktop
-      tdesktop
-      element-desktop
-      irssi
-
-      # Nix specific utilities
-      alejandra
-      manix
-      nix-index
-      nix-tree
-      nvd
-    ];
-
     programs.ssh = {
       enable = true;
       matchBlocks = {
@@ -105,13 +80,6 @@ in {
     '';
   };
 
-  age.secrets."mopidy.conf" = {
-    file = "${flake.self}/secrets/mopidy.conf";
-    mode = "700";
-    owner = "b12f";
-  };
-  services.mopidy.extraConfigFiles = ["/run/agenix/mopidy.conf"];
-
   programs.ssh.extraConfig = "
     PubkeyAcceptedKeyTypes +ssh-rsa
   ";

users/default.nix

@@ -3,16 +3,9 @@
   flake = {
     nixosModules = rec {
       root = import ./root;
-
-      b12f = {
-        imports = [
-          ./b12f
-          self.nixosModules.email
-          self.nixosModules.uhk
-        ];
-      };
-
+      b12f = import ./b12f;
       yule = import ./yule;
+      nixos = import ./nixos;
     };
   };
 }

users/nixos/default.nix

@@ -0,0 +1,36 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  psCfg = config.pub-solar;
+in {
+  config = {
+    pub-solar = {
+      # These are your personal settings
+      # The only required settings are `name` and `password`,
+      # The rest is used for programs like git
+      user = {
+        name = "nixos";
+        description = "nixos";
+        password = "";
+        fullName = "nixos user";
+        email = "nixos-iso@benjaminbaedorf.eu";
+        publicKeys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
+
+          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
+          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
+
+          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
+
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCelYBqrnyU1AI2p9urIrbVxRwnH81qDWF16BXU8sqMY47htvGji8FAnCBxCnd/9r5aOsOem4lKNoPQmzGFkZQZFn7xdxVO9uzcgIEFDWKK8dQ9MzmuB2W7JXMNjCs0zktkVu5hWpYiFGhN3QEMkqKoB+fJPBQ7d6J1488Yu3Zd3odyt8x1UMWfU7ObZIOCIzJIR0F23jACkh5Q1xWJXI7rUcycCZen4aWE6uYVTE7w94ARpTHHs6NlsQwUz3+aXKaWIoFLoXHumNO3mgrs/XzMgc96pS5HrbiauwL0GS5SRkskxMPbGr93mWeTEVsDd7Q6pszTzNeVM+0O9V/iVUfwyQ6L2OVUa+fYcGiCIjSJ7DzpPW7dx/bWDTtEyPb0amf1hvof9Q0R1LLHuYUPlxSy9ySp4aHM3++u4B10PKQnebvafkXAn98lgQolFiiuAn5dekGcHiFj1vQu2NP+E+LnQFDhPa61YQD2GVvAzR5Uh/2tZLIvXEoqDMZvKY9n02SsTGBeSweGd8kgT9WVkhQ3c2zAkfkGqPiJwYpaFVd8s/z+vLp+ViCgPY401sNNPQ81AoERY7BrcIRFG1Ed29jMVuzySDKpRGOYo/9H/RiHigIqAyUs2D0VOTYPbmCUZa17iZuPHhc6VLX/ar9optIBbV5EsXfDWhoy+fIXlQ+pw== root@nougat"
+        ];
+      };
+    };
+  };
+}