ctucx.git: nixfiles

configurations/nixos/default: perlless-activation, minimal profile

diff --git a/configurations/nixos/configure/smarthome/mosquitto.nix b/configurations/nixos/configure/smarthome/mosquitto.nix
@@ -1,7 +1,12 @@
-{ inputs, config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
 
+  systemd.services.mosquitto.requires       = [ "mosquittoFixPerms.service" ];
+  systemd.services.mosquittoFixPerms.script = ''
+    chown -R mosquitto:mosquitto /etc/mosquitto;
+  '';
+
   services.mosquitto = {
     enable      = true;
     persistence = false;

diff --git a/configurations/nixos/default.nix b/configurations/nixos/default.nix
@@ -1,4 +1,4 @@
-{ inputs, secrets, nodeName, node, config, ctucxConfig, lib, pkgs, ... }:
+{ modulesPath, inputs, secrets, nodeName, node, config, ctucxConfig, lib, pkgs, ... }:
 
 let
   katja-pubkey     = builtins.readFile "${pkgs.ctucx-website}/ssh_pubkey.asc";

@@ -7,9 +7,17 @@ let
 in {
 
   imports = [
+    (modulesPath + "/profiles/minimal.nix")
     ctucxConfig.common
   ];
 
+  # Remove perl from activation
+  system.etc.overlay.enable = lib.mkDefault true;
+  services.userborn.enable  = lib.mkDefault true;
+
+  # Remove random perl remnants
+  system.tools.nixos-generate-config.enable = lib.mkDefault false;
+
   age.secrets.katjaPassword.file = secrets.allNodes.passwords.katja;
   age.secrets.acmeTSIGKey.file   = secrets."${config.networking.hostName}".acmeTSigKey;
 

@@ -68,7 +76,7 @@ in {
     users.root.openssh.authorizedKeys.keys = [ katja-pubkey ];
     users.katja = {
       isNormalUser                = true;
-      hashedPasswordFile          = config.age.secrets.katjaPassword.path;
+      hashedPassword              = "$6$bDneoXw/UVcYYJ89$rT5b0k4P/S5FxIldaAwCdIFVOgDJZA7AScGKkxlvg1m0b589mLDV2D6xDbhubxgYW.5jy6H4umQ6l5WYmZvdq0";
       extraGroups                 = [ "wheel" ]; # Enable ‘sudo’ for the user.
       openssh.authorizedKeys.keys = [ katja-pubkey ];
     };