added stuff

nyx/modules/core/roles/microvm/system/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./nix
+    ./os
+    ./securiy
+  ];
+}

nyx/modules/core/roles/microvm/system/nix/default.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  nix = {
+    settings.trusted-users = ["admin"];
+    package = pkgs.nixUnstable;
+    keep-outputs = true;
+    keep-derivations = true;
+    extra-experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+}

nyx/modules/core/roles/microvm/system/os/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./programs
+    ./users
+
+    ./environment.nix
+    ./networking.nix
+  ];
+}

nyx/modules/core/roles/microvm/system/os/environment.nix

@@ -0,0 +1,31 @@
+{pkgs, ...}: {
+  time.timeZone = "UTC";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  console = {
+    font = "ter-v32n";
+    packages = [pkgs.terminus-font];
+  };
+
+  environment = {
+    shells = with pkgs; [bash zsh];
+    systemPackages = with pkgs; [
+      vim
+      git
+      killall
+      bind.dnsutils
+      tcpdump
+      nmap
+      usbutils
+      wget
+      tmux
+      direnv
+      nix-direnv
+      sops
+      rage
+      ssh-to-age
+      pwgen
+      w3m
+    ];
+  };
+}

nyx/modules/core/roles/microvm/system/os/networking.nix

@@ -0,0 +1,17 @@
+{lib, ...}: {
+  systemd.network.enable = true;
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  networking = {
+    useDHCP = false;
+    networkmanager.enable = false;
+    firewall = {
+      enable = true;
+      allowPing = lib.mkForce false;
+      allowedTCPPorts = lib.mkForce [];
+      allowedUDPPorts = lib.mkForce [];
+    };
+  };
+}

nyx/modules/core/roles/microvm/system/os/programs/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./git.nix
+    ./neovim.nix
+    ./tmux.nix
+    ./zsh.nix
+  ];
+}

nyx/modules/core/roles/microvm/system/os/programs/git.nix

@@ -0,0 +1 @@
+{programs.git.enable = true;}

nyx/modules/core/roles/microvm/system/os/programs/neovim.nix

@@ -0,0 +1,23 @@
+{
+  programs.neovim = {
+    enable = true;
+    viAlias = true;
+    vimAlias = true;
+
+    configure.customRC = ''
+      syntax enable
+
+      set noexpandtab
+      set shiftwidth=2
+      set tabstop=2
+
+      set cindent
+      set smartindent
+      set autoindent
+      set foldmethod=syntax
+      nmap <F2> zA
+      nmap <F3> zR
+      nmap <F4> zM
+    '';
+  };
+}

nyx/modules/core/roles/microvm/system/os/programs/tmux.nix

@@ -0,0 +1,20 @@
+{
+  programs.tmux = {
+    enable = true;
+    baseIndex = 1;
+    clock24 = true;
+    historyLimit = 10000;
+    terminal = "tmux-256color";
+    extraConfig = ''
+      unbind C-b
+      set-option -g prefix C-a
+      bind-key C-a last-window
+      set-option -g set-titles on
+      set-option -g set-titles-string '#H:#S.#I.#P #W #T'
+      setw -g monitor-activity on
+      set-option -g status-justify left
+      set-option -g status-bg yellow
+      set-option -g status-fg black
+    '';
+  };
+}

nyx/modules/core/roles/microvm/system/os/programs/zsh.nix

@@ -0,0 +1,11 @@
+{
+  environment.pathsToLink = ["/share/zsh"];
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    autosuggestions = {
+      enable = true;
+      async = true;
+    };
+  };
+}

nyx/modules/core/roles/microvm/system/os/users/admin.nix

@@ -0,0 +1,7 @@
+{
+  users.users.admin = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    openssh.authorizedKeys.keys = [];
+  };
+}

nyx/modules/core/roles/microvm/system/os/users/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./admin.nix
+  ];
+}

nyx/modules/core/roles/microvm/system/security/default.nix

@@ -0,0 +1,13 @@
+{
+  security.sudo.extraRules = [
+    {
+      users = ["admin"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["SETENV" "NOPASSWD"];
+        }
+      ];
+    }
+  ];
+}