diff options
Diffstat (limited to 'nixos/kompakt/configuration.nix')
-rw-r--r-- | nixos/kompakt/configuration.nix | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/nixos/kompakt/configuration.nix b/nixos/kompakt/configuration.nix index 581af1f..7202a03 100644 --- a/nixos/kompakt/configuration.nix +++ b/nixos/kompakt/configuration.nix @@ -26,6 +26,9 @@ networking.hostName = "kompakt"; # Define your hostname. networking.hostId = "9c8c0140"; + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; # Pick only one of the below networking options. networking.wireless.iwd.enable = true; @@ -69,14 +72,22 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.secrets.root-password.neededForUsers = true; + sops.secrets.sefidel-password.neededForUsers = true; + + users.mutableUsers = false; + # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.sefidel = { - isNormalUser = true; - shell = pkgs.zsh; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - initialPassword = "cube"; - packages = with pkgs; [ - ]; + users.users = { + root.passwordFile = config.sops.secrets.root-password.path; + sefidel = { + isNormalUser = true; + shell = pkgs.zsh; + passwordFile = config.sops.secrets.sefidel-password.path; + + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + }; }; # List packages installed in system profile. To search, run: @@ -97,7 +108,12 @@ # List services that you want to enable: # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; + + environment.persistence."/persist".directories = [ + "/etc/ssh" + "/etc/nixos" + ]; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; |