-
Notifications
You must be signed in to change notification settings - Fork 0
/
orbstack.nix
99 lines (87 loc) · 3.07 KB
/
orbstack.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Generated by OrbStack.
# This MAY be overwritten in the future. Make a copy and update the include
# in configuration.nix if you want to keep your changes.
{
lib,
config,
pkgs,
...
}:
with lib;
{
# sudoers
security.sudo.extraRules = [
{
users = [ "omar" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
# add OrbStack CLI tools to PATH
environment.shellInit = ''
. /opt/orbstack-guest/etc/profile-early
# add your customizations here
. /opt/orbstack-guest/etc/profile-late
'';
time.timeZone = "America/Los_Angeles";
# faster DHCP - OrbStack uses SLAAC exclusively
networking.dhcpcd.extraConfig = ''
noarp
noipv6
'';
# disable sshd
services.openssh.enable = false;
systemd = {
services = {
"systemd-oomd".serviceConfig.WatchdogSec = 0;
"systemd-resolved".serviceConfig.WatchdogSec = 0;
"systemd-userdbd".serviceConfig.WatchdogSec = 0;
"systemd-udevd".serviceConfig.WatchdogSec = 0;
"systemd-timesyncd".serviceConfig.WatchdogSec = 0;
"systemd-timedated".serviceConfig.WatchdogSec = 0;
"systemd-portabled".serviceConfig.WatchdogSec = 0;
"systemd-nspawn@".serviceConfig.WatchdogSec = 0;
"systemd-networkd".serviceConfig.WatchdogSec = 0;
"systemd-machined".serviceConfig.WatchdogSec = 0;
"systemd-localed".serviceConfig.WatchdogSec = 0;
"systemd-logind".serviceConfig.WatchdogSec = 0;
"systemd-journald@".serviceConfig.WatchdogSec = 0;
"systemd-journald".serviceConfig.WatchdogSec = 0;
"systemd-journal-remote".serviceConfig.WatchdogSec = 0;
"systemd-journal-upload".serviceConfig.WatchdogSec = 0;
"systemd-importd".serviceConfig.WatchdogSec = 0;
"systemd-hostnamed".serviceConfig.WatchdogSec = 0;
"systemd-homed".serviceConfig.WatchdogSec = 0;
};
};
# ssh config
programs.ssh.extraConfig = ''
Include /opt/orbstack-guest/etc/ssh_config
'';
# extra certificates
security.pki.certificates = [
# (builtins.readFile "/opt/orbstack-guest/run/extra-certs.crt")
''
-----BEGIN CERTIFICATE-----
MIICDTCCAbKgAwIBAgIQeXEwUyJzN/MdRJ79MY2AWjAKBggqhkjOPQQDAjBmMR0w
GwYDVQQKExRPcmJTdGFjayBEZXZlbG9wbWVudDEeMBwGA1UECwwVQ29udGFpbmVy
cyAmIFNlcnZpY2VzMSUwIwYDVQQDExxPcmJTdGFjayBEZXZlbG9wbWVudCBSb290
IENBMB4XDTI0MDEwNTE0NDM1MVoXDTM0MDEwNTE0NDM1MVowZjEdMBsGA1UEChMU
T3JiU3RhY2sgRGV2ZWxvcG1lbnQxHjAcBgNVBAsMFUNvbnRhaW5lcnMgJiBTZXJ2
aWNlczElMCMGA1UEAxMcT3JiU3RhY2sgRGV2ZWxvcG1lbnQgUm9vdCBDQTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABMxlU8hGEWQyJDkneQV5nBz/r+wzL9UYPlAf
aupq8k/hiW4/nhCM43vNOWmyE9+sw5WYac0hvqc0jdDOs14Xv42jQjBAMA4GA1Ud
DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRIsbuHjpBAlM3G
wfV/wAKGrjGYATAKBggqhkjOPQQDAgNJADBGAiEA2FD1EdejrBM3HOWXDh5/Lfnd
z4lVIAB21rrZg+/g2ZACIQCEAnVD2LNnJr2sZLcvfbaaOH3DQRwWbchuyPVrAZ+W
AQ==
-----END CERTIFICATE-----
''
];
# indicate builder support for emulated architectures
nix.extraOptions = "extra-platforms = x86_64-linux i686-linux";
}