From e95897a160f4cc152a774fc8af1ea0941378e2d1 Mon Sep 17 00:00:00 2001
From: Michael Thomas <michaelhthomas@outlook.com>
Date: Mon, 17 Jan 2022 03:28:40 +0000
Subject: [PATCH] Init work machine

---
 flake.nix                       | 12 +++++++
 machines/work/configuration.nix | 59 +++++++++++++++++++++++++++++++++
 machines/work/syschdemd.nix     | 15 +++++++++
 machines/work/syschdemd.sh      | 26 +++++++++++++++
 modules/common.nix              |  1 +
 5 files changed, 113 insertions(+)
 create mode 100644 machines/work/configuration.nix
 create mode 100644 machines/work/syschdemd.nix
 create mode 100644 machines/work/syschdemd.sh

diff --git a/flake.nix b/flake.nix
index cf71d54..edb8b17 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,6 +38,18 @@
 				];
 				specialArgs = { inherit inputs; };
 			};
+
+			work = inputs.nixpkgs.lib.nixosSystem {
+				system = "x86_64-linux";
+				modules = [
+					./modules/nix.nix
+					./modules/containers.nix
+
+					./machines/work/configuration.nix
+				];
+				specialArgs = { inherit inputs; };
+			};
+
 		};
 
 		homeConfigurations = {
diff --git a/machines/work/configuration.nix b/machines/work/configuration.nix
new file mode 100644
index 0000000..f005e01
--- /dev/null
+++ b/machines/work/configuration.nix
@@ -0,0 +1,59 @@
+{ lib, pkgs, config, modulesPath, ... }:
+
+with lib;
+let
+  defaultUser = "michael";
+  syschdemd = import ./syschdemd.nix { inherit lib pkgs config defaultUser; };
+in
+{
+  imports = [
+    "${modulesPath}/profiles/minimal.nix"
+  ];
+
+  # WSL is closer to a container than anything else
+  boot.isContainer = true;
+
+  environment.etc.hosts.enable = false;
+  environment.etc."resolv.conf".enable = false;
+
+  programs.adb.enable = true;
+  networking.dhcpcd.enable = false;
+
+  # Proxychains
+  programs.proxychains = {
+  	enable = true;
+  	proxies.main = {
+  		enable = true;
+  		type = "http";
+  		host = "172.21.32.1";
+  		port = 1080;
+  	};
+  };
+
+  users.users.${defaultUser} = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "docker" ];
+    shell = pkgs.zsh;
+  };
+
+  users.users.root = {
+    shell = "${syschdemd}/bin/syschdemd";
+    # Otherwise WSL fails to login as root with "initgroups failed 5"
+    extraGroups = [ "root" ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  # Disable systemd units that don't make sense on WSL
+  systemd.services."serial-getty@ttyS0".enable = false;
+  systemd.services."serial-getty@hvc0".enable = false;
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@".enable = false;
+
+  systemd.services.firewall.enable = false;
+  systemd.services.systemd-resolved.enable = false;
+  systemd.services.systemd-udevd.enable = false;
+
+  # Don't allow emergency mode, because we don't have a console.
+  systemd.enableEmergencyMode = false;
+}
diff --git a/machines/work/syschdemd.nix b/machines/work/syschdemd.nix
new file mode 100644
index 0000000..29b7817
--- /dev/null
+++ b/machines/work/syschdemd.nix
@@ -0,0 +1,15 @@
+{ lib, pkgs, config, defaultUser, ... }:
+
+pkgs.substituteAll {
+  name = "syschdemd";
+  src = ./syschdemd.sh;
+  dir = "bin";
+  isExecutable = true;
+
+  buildInputs = with pkgs; [ daemonize ];
+
+  inherit (pkgs) daemonize;
+  inherit defaultUser;
+  inherit (config.security) wrapperDir;
+  fsPackagesPath = lib.makeBinPath config.system.fsPackages;
+}
diff --git a/machines/work/syschdemd.sh b/machines/work/syschdemd.sh
new file mode 100644
index 0000000..bf94dda
--- /dev/null
+++ b/machines/work/syschdemd.sh
@@ -0,0 +1,26 @@
+#! @shell@
+
+set -e
+
+sw="/nix/var/nix/profiles/system/sw/bin"
+systemPath=`${sw}/readlink -f /nix/var/nix/profiles/system`
+
+# Needs root to work
+if [[ $EUID -ne 0 ]]; then
+    echo "[ERROR] Requires root! :( Make sure the WSL default user is set to root"
+    exit 1
+fi
+
+if [ ! -e "/run/current-system" ]; then
+    /nix/var/nix/profiles/system/activate
+fi
+
+if [ ! -e "/run/systemd.pid" ]; then
+    PATH=/run/current-system/systemd/lib/systemd:@fsPackagesPath@ \
+        LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \
+        @daemonize@/bin/daemonize /run/current-system/sw/bin/unshare -fp --mount-proc systemd
+    /run/current-system/sw/bin/pgrep -xf systemd > /run/systemd.pid
+fi
+
+userShell=$($sw/getent passwd @defaultUser@ | $sw/cut -d: -f7)
+exec $sw/nsenter -t $(< /run/systemd.pid) -p -m --wd="$PWD" -- @wrapperDir@/su -s $userShell @defaultUser@ "$@"
diff --git a/modules/common.nix b/modules/common.nix
index 0a86359..c4b83ae 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -7,6 +7,7 @@
 		./flatpak.nix
 		./fonts.nix
 		./gnome.nix
+		./nix.nix
 		./sound.nix
 	];
 }
\ No newline at end of file