feat(nixosProfiles): add srvos.common.openssh

docs/org/homeProfiles.org

@@ -10,8 +10,8 @@
 
 - tags :: [[id:84d2da32-5e9d-4bf0-9bec-7192415d8fe5][homeModules]]
 
-** Suites
-*** shell
+* Suites
+** shell
 
 #+begin_src nix :tangle (concat (org-entry-get nil "PRJ-DIR" t) "/shell.nix")
 { root }:
@@ -35,7 +35,7 @@ with presets; {
 }
 #+end_src
 
-*** audio
+** audio
 :PROPERTIES:
 :ID:       28ab95ad-1c3f-4bab-b23c-c9c6e18beacc
 :END:

docs/org/nixosProfiles.org

@@ -1,9 +1,36 @@
 :PROPERTIES:
 :ID:       55e5de92-922e-4e91-aa8c-c8121545aac8
+:header-args: :noweb tangle :comments noweb :exports both
+:PRJ-DIR: ../../nixos/nixosProfiles
 :END:
 #+TITLE: nixosProfiles
 #+AUTHOR: GuangTao Zhang
 #+EMAIL: gtrunsec@hardenedlinux.org
 #+DATE: 2023-10-08 Sun 22:00
 
 - tags :: [[id:50ab7f73-4fae-481b-8987-6e206a9d8f95][homeProfiles]]
+
+
+* Suites
+
+** cloud
+
+#+begin_src nix :tangle (concat (org-entry-get nil "PRJ-DIR" t) "/cloud.nix")
+{ root }:
+let
+  presets = root.presets;
+in
+with presets; {
+  default = [ {
+    boot.cleanTmpDir = true;
+    boot.tmp.cleanOnBoot = true;
+    zramSwap.enable = true;
+    documentation.enable = false;
+  } ];
+
+  contabo = [
+    self.default
+    contabo
+  ];
+}
+#+end_src

nixos/nixosProfiles/cloud.nix

@@ -0,0 +1,19 @@
+# [[file:../../docs/org/nixosProfiles.org::*cloud][cloud:1]]
+{ root }:
+let
+  presets = root.presets;
+in
+with presets; {
+  default = [ {
+    boot.cleanTmpDir = true;
+    boot.tmp.cleanOnBoot = true;
+    zramSwap.enable = true;
+    documentation.enable = false;
+  } ];
+
+  contabo = [
+    self.default
+    contabo
+  ];
+}
+# cloud:1 ends here

nixos/nixosProfiles/presets/contabo.nix

@@ -0,0 +1,47 @@
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  config =
+    with lib;
+    mkMerge [ ({
+      boot.initrd = {
+        systemd = {
+          enable = true;
+        };
+      };
+      boot.loader.grub = {
+        device = "/dev/sda";
+        efiSupport = false;
+        enable = true;
+      };
+      boot.initrd = {
+        availableKernelModules = [
+          "virtio_pci" # disk
+          "virtio_scsi" # disk
+          "ata_piix"
+          "uhci_hcd"
+          "xen_blkfront"
+          "vmw_pvscsi"
+        ];
+        kernelModules = [
+          "dm-snapshot"
+          "nvme"
+        ];
+      };
+      networking = {
+        useDHCP = lib.mkDefault true;
+        # IPv6 connectivity
+        # See also: https://contabo.com/blog/adding-ipv6-connectivity-to-your-server/
+        defaultGateway6 = {
+          address = "fe80::1";
+          interface = "ens18";
+        };
+        interfaces.ens18.useDHCP = lib.mkDefault true;
+      };
+    }) ];
+}

nixos/nixosProfiles/presets/openssh.nix

@@ -0,0 +1,7 @@
+{ omnibus }:
+{
+  imports = [ omnibus.srvos.layouts.default.common.openssh ];
+  services.openssh = {
+    enable = true;
+  };
+}

tests/_snapshots/srvos

@@ -0,0 +1,10 @@
+#pretty
+{
+  srvosCommonOpenssh = [
+    "curve25519-sha256"
+    "curve25519-sha256@libssh.org"
+    "diffie-hellman-group16-sha512"
+    "diffie-hellman-group18-sha512"
+    "sntrup761x25519-sha512@openssh.com"
+  ];
+}

tests/nixos/__fixture/layouts.nix

@@ -13,8 +13,6 @@ in
 
     # self.nixosProfiles.default.presets.boot
     exporter.nixosModules.default.programs.git
-
-    # outputs.nixosModules.default.hardware.bluetooth
     # load a suite profile from audio
     # (outputs.nixosProfiles.default.audio {}).default
 

tests/srvos/expr.nix

@@ -0,0 +1,17 @@
+{
+  super,
+  trace,
+  lib,
+  root,
+}:
+let
+  exporter = root.nixos.pops.layouts.default;
+in
+{
+  srvosCommonOpenssh =
+    (exporter.layouts.nixosConfiguration [
+      exporter.layouts.exporter.nixosProfiles.default.presets.boot
+      exporter.layouts.exporter.nixosProfiles.default.presets.openssh
+    ]).config.services.openssh.settings.KexAlgorithms;
+}
+// lib.optionalAttrs trace { }

tests/srvos/format.nix

@@ -0,0 +1 @@
+"pretty"