diff options
author | sefidel <contact@sefidel.net> | 2023-02-15 00:39:38 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2023-02-15 00:39:38 +0900 |
commit | acb4dd1dfc20df79777edcd4c3eeefe2e1d78c8a (patch) | |
tree | 3a593c25ca00f245d1741bebaf59981fcc13a646 /nixos/kompakt/configuration.nix | |
parent | dd34ba371aeb5a17960a58d418007a5083279957 (diff) | |
download | nixrc-acb4dd1dfc20df79777edcd4c3eeefe2e1d78c8a.tar.gz nixrc-acb4dd1dfc20df79777edcd4c3eeefe2e1d78c8a.zip |
feat(nixos/kompakt): activate volatile root
Diffstat (limited to 'nixos/kompakt/configuration.nix')
-rw-r--r-- | nixos/kompakt/configuration.nix | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/nixos/kompakt/configuration.nix b/nixos/kompakt/configuration.nix index 581af1f..7202a03 100644 --- a/nixos/kompakt/configuration.nix +++ b/nixos/kompakt/configuration.nix @@ -26,6 +26,9 @@ networking.hostName = "kompakt"; # Define your hostname. networking.hostId = "9c8c0140"; + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; # Pick only one of the below networking options. networking.wireless.iwd.enable = true; @@ -69,14 +72,22 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.secrets.root-password.neededForUsers = true; + sops.secrets.sefidel-password.neededForUsers = true; + + users.mutableUsers = false; + # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.sefidel = { - isNormalUser = true; - shell = pkgs.zsh; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - initialPassword = "cube"; - packages = with pkgs; [ - ]; + users.users = { + root.passwordFile = config.sops.secrets.root-password.path; + sefidel = { + isNormalUser = true; + shell = pkgs.zsh; + passwordFile = config.sops.secrets.sefidel-password.path; + + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + }; }; # List packages installed in system profile. To search, run: @@ -97,7 +108,12 @@ # List services that you want to enable: # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; + + environment.persistence."/persist".directories = [ + "/etc/ssh" + "/etc/nixos" + ]; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; |