kittykat deployment test

flake.nix

@@ -127,15 +127,15 @@
           };
         }
       ];
-      nixosConfigurations.kittykat = nixpkgs.lib.nixosSystem {
-        inherit system;
-        specialArgs = {inherit inputs;};
-        modules = [
-          ./hosts/kittykat/configuration.nix
-          agenix.nixosModules.default
-          inputs.disko.nixosModules.disko
-        ];
-      };
+    };
+    nixosConfigurations.kittykat = nixpkgs.lib.nixosSystem {
+      inherit system;
+      specialArgs = {inherit inputs;};
+      modules = [
+        ./hosts/kittykat/configuration.nix
+        agenix.nixosModules.default
+        inputs.disko.nixosModules.disko
+      ];
     };
   };
 }

hosts/kittykat/configuration.nix

@@ -6,38 +6,18 @@
 }: {
   imports = [
     ./hardware-configuration.nix
-    ./disko-config.nix
+    ./disko.nix
+    ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/users/tulg.nix
   ];
 
-  boot.loader.grub.enable = true;
-
-  services.openssh.enable = {
-    enable = true
-    settings.PermitRootLogin = "no";
-    
-  };
-  
-  users.users.tulg = {
-    isNormalUser = true;
-    description = "Tulga";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "libvirtd"
-      "kvm"
-    ];
-  };
-  users.users."root".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
-  ];
-  users.users."tulg".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  networking.hostName = "kittykat";
+  environment.systemPackages = with pkgs; [
+    nano
+    fastfetch
   ];
 
-  programs.neovim = {
-    enable = true;
-    defaultEditor = true;
-  };
-
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = ["nix-command" "flakes"];
   system.stateVersion = "25.05";
 }

hosts/kittykat/hardware-configuration.nix

@@ -8,7 +8,10 @@
   imports = [
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
-
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+  };
   networking.useDHCP = lib.mkDefault true;
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }

modules/nixos/networking/ssh.nix

@@ -7,9 +7,7 @@
   ];
   services.openssh = {
     enable = true;
-    settings = {
-      PasswordAuthentication = true;
-      PermitRootLogin = "yes";
-    };
+    settings.PermitRootLogin = "prohibit-password";
+    allowSFTP = true;
   };
 }

modules/nixos/users/tulg.nix

@@ -2,6 +2,9 @@
   users.users.tulg = {
     isNormalUser = true;
     description = "Tulga";
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+    ];
     extraGroups = [
       "networkmanager"
       "wheel"
@@ -9,4 +12,7 @@
       "kvm"
     ];
   };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  ];
 }