From 8851075c2764fecde2a112815d7958d5d29fb406 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Tue, 31 May 2022 15:34:33 -0400
Subject: feat(grfn/system): Resuscitate roswell

Resuscitate the configuration for roswell, the semi-portable
configuration I use for ec2 development boxes. Lots of the changes here
are trying to get Tramp working.

Change-Id: I2dc2fd1d9aa76e145fa3f3f847af761cb652ab47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5798
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
---
 users/grfn/system/system/machines/roswell.nix    | 12 ++++++++++++
 users/grfn/system/system/machines/yeren.nix      |  9 ---------
 users/grfn/system/system/modules/common.nix      |  1 -
 users/grfn/system/system/modules/development.nix |  9 +++++++++
 4 files changed, 21 insertions(+), 10 deletions(-)

(limited to 'users/grfn/system/system')

diff --git a/users/grfn/system/system/machines/roswell.nix b/users/grfn/system/system/machines/roswell.nix
index 6eb4a510b8cd..8f7ed8474200 100644
--- a/users/grfn/system/system/machines/roswell.nix
+++ b/users/grfn/system/system/machines/roswell.nix
@@ -3,10 +3,13 @@
 {
   imports = [
     ../modules/common.nix
+    ../modules/development.nix
     "${modulesPath}/installer/scan/not-detected.nix"
     "${modulesPath}/virtualisation/amazon-image.nix"
   ];
 
+  system.stateVersion = "22.05";
+
   ec2.hvm = true;
 
   networking.hostName = "roswell";
@@ -14,4 +17,13 @@
   users.users.grfn.openssh.authorizedKeys.keys = [
     depot.users.grfn.keys.main
   ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
+
+  services.openssh.passwordAuthentication = false;
+
+  services.tailscale.enable = true;
+
+  security.sudo.wheelNeedsPassword = false;
 }
diff --git a/users/grfn/system/system/machines/yeren.nix b/users/grfn/system/system/machines/yeren.nix
index 228631c8cc6f..847adf01e9da 100644
--- a/users/grfn/system/system/machines/yeren.nix
+++ b/users/grfn/system/system/machines/yeren.nix
@@ -105,15 +105,6 @@
   systemd.services.fprintd.environment.FP_TOD_DRIVERS_DIR =
     "${pkgs.libfprint-2-tod1-goodix}/usr/lib/libfprint-2/tod-1";
 
-  security.pam.loginLimits = [
-    {
-      domain = "grfn";
-      type = "soft";
-      item = "nofile";
-      value = "65535";
-    }
-  ];
-
   security.pam.services = {
     login.fprintAuth = true;
     sudo.fprintAuth = true;
diff --git a/users/grfn/system/system/modules/common.nix b/users/grfn/system/system/modules/common.nix
index a7d5a62e686c..fb0e377d9fe2 100644
--- a/users/grfn/system/system/modules/common.nix
+++ b/users/grfn/system/system/modules/common.nix
@@ -55,7 +55,6 @@ with lib;
       "wheel"
       "networkmanager"
       "audio"
-      "docker"
     ];
     shell = pkgs.zsh;
   };
diff --git a/users/grfn/system/system/modules/development.nix b/users/grfn/system/system/modules/development.nix
index bfa0e22cff0a..d17e9d424c28 100644
--- a/users/grfn/system/system/modules/development.nix
+++ b/users/grfn/system/system/modules/development.nix
@@ -3,4 +3,13 @@
 {
   virtualisation.docker.enable = true;
   users.users.grfn.extraGroups = [ "docker" ];
+
+  security.pam.loginLimits = [
+    {
+      domain = "grfn";
+      type = "soft";
+      item = "nofile";
+      value = "65535";
+    }
+  ];
 }
-- 
cgit 1.4.1