fix: reimplement minimal stuff

hosts/testienix/default.nix

@@ -1,25 +1,28 @@
 {
   inputs,
   lib,
+  minimal,
   ...
 }: {
-  imports = [
-    inputs.nixos-hardware.nixosModules.common-pc
-    inputs.nixos-hardware.nixosModules.common-pc-ssd
+  imports =
+    [
+      inputs.nixos-hardware.nixosModules.common-pc
+      inputs.nixos-hardware.nixosModules.common-pc-ssd
 
-    ../../modules/config
-    ../../modules/optional/initrd-ssh.nix
+      ../../modules/config
+      ../../modules/optional/initrd-ssh.nix
 
-    ../../modules/hardware/intel.nix
-    ../../modules/hardware/physical.nix
-    ../../modules/hardware/zfs.nix
+      ../../modules/hardware/intel.nix
+      ../../modules/hardware/physical.nix
+      ../../modules/hardware/zfs.nix
 
-    ../../modules/services/samba.nix
-    ../../modules/services/nextcloud.nix
-
-    ./net.nix
-    ./fs.nix
-  ];
+      ./net.nix
+      ./fs.nix
+    ]
+    ++ lib.lists.optionals (!minimal) [
+      ../../modules/services/samba.nix
+      ../../modules/services/nextcloud.nix
+    ];
   services.xserver = {
     layout = "de";
     xkbVariant = "bone";

hosts/testienix/secrets/host.pub

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9cxElcsww+AMsQ2U2ZbhZSDiqkil5bUvKG0vRSSL/T
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIOTaOyLL8TcuZAdZnPI4M2FTXnMsm/T40fLmfqBTkE

modules/config/impermanence/default.nix

@@ -9,6 +9,12 @@
 in {
   # to allow all users to access hm managed persistent folders
   programs.fuse.userAllowOther = true;
+  services.openssh.hostKeys = lib.mkForce [
+    {
+      path = "/state/etc/ssh/ssh_host_ed25519_key";
+      type = "ed25519";
+    }
+  ];
   environment.persistence."/state" = {
     hideMounts = true;
 

modules/config/ssh.nix

@@ -1,4 +1,4 @@
-{
+{lib, ...}: {
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
@@ -7,6 +7,7 @@
       KbdInteractiveAuthentication = false;
       PermitRootLogin = "yes";
     };
+    startWhenNeeded = lib.mkForce false;
     hostKeys = [
       {
         # never set this to an actual nix type path

modules/services/containers.nix

@@ -104,7 +104,7 @@ in {
               unitConfig.DefaultDependencies = "no";
               serviceConfig.Type = "oneshot";
               script = ''
-                chmod 700 ${escapeShellArg cfg.zfs.mountpoint}
+                chmod 755 ${escapeShellArg cfg.zfs.mountpoint}
               '';
             };
 

users/root/default.nix

@@ -1,6 +1,8 @@
 {
   pkgs,
   config,
+  lib,
+  minimal,
   ...
 }: {
   users.users.root = {
@@ -14,7 +16,7 @@
     ];
     hashedPassword = config.secrets.secrets.global.users.root.passwordHash;
   };
-  home-manager.users.root.imports = [
+  home-manager.users.root.imports = lib.lists.optionals (!minimal) [
     ../common
   ];
 }