1 files changed, 138 insertions, 11 deletions
diff --git a/slides.md b/slides.md
index cb61c9c..f190e85 100644
--- a/slides.md
+++ b/slides.md
@@ -216,7 +216,7 @@ a function that returns a function ("currying"), or use named parameters.
 :::::: {.columns}
-::: {.column witdh="60%"}
+::: {.column width="60%"}
 ```nix
 let
@@ -231,7 +231,7 @@ in
 ```
 :::
-::: {.column witdh="40%"}
+::: {.column width="40%"}
 Gives:
@@ -630,13 +630,13 @@ Type=simple
 ## Adding yourself to the environment---Environment variables
 ```
-$ echo $XDG_DATA_DIRS
+$ echo $PATH
-/run/opengl-driver/share:
+/home/minijackson/bin:
-/run/opengl-driver-32/share:
+/run/wrappers/bin:
-/home/minijackson/.nix-profile/share:
+/home/minijackson/.nix-profile/bin:
-/etc/profiles/per-user/minijackson/share:
+/etc/profiles/per-user/minijackson/bin:
-/nix/var/nix/profiles/default/share:
+/nix/var/nix/profiles/default/bin:
-/run/current-system/sw/share
+/run/current-system/sw/bin
 ```
 ::: notes
@@ -651,15 +651,122 @@ $ echo $XDG_DATA_DIRS
 ## Adding yourself to the environment---Tool specific
-TODO: find a tool
+Fontconfig
+:  - Adds individual font paths into an XML file
+ - Links the XML file into `/etc/fonts/fonts.conf`
+Networking
+:  - UDev rules
+ - Systemd oneshot services
+ - In the end are all linked in the environment (`/etc/{systemd,udev}`)
+::: notes
+- It's pretty hard to find something that can't be inserted into the user
+  environment via symbolic links or env variables.
+- Usually very specific cases, or badly programmed tools
+:::
 ## How we do it
+Introducing: the module system!
+. . .
+```nix
+{ ... }:
+{
+  services.openssh.enable = true;
+}
+```
 ::: notes
 - We talked about how it is possible for NixOS to do it, now we talk about how
  us devs write the code
+- We want a machine with an SSH server
+- *describe what we would do in a conventional distribution, or embedded build
+  system*
+---
+- Will add the `sshd` user
+- Will create a systemd service file, linked into `/etc`, which has the
+  "openssh" package in its closure.
+- Will add a default `sshd_config`
+- Will add a PreStart script that generates the host key if non-existent
+- Allow the 22 tcp port in the firewall (special ssh case)
+- sshd PAM module
+- Note: this configuration alone is two lines away from compiling:
+:::
+## Being pedantic
+```nix
+{ ... }:
+{
+  fileSystems."/".fsType = "tmpfs";
+  boot.loader.grub.enable = false;
+  services.openssh.enable = true;
+}
+```
+## Customizing the SSH server config
+```nix
+{ ... }:
+{
+  services.openssh = {
+    enable = true;
+    allowSFTP = false;
+    # Violates the privacy of users
+    logLevel = "DEBUG";
+    extraConfig = ''
+      # Extra verbatim contents of sshd_config
+    '';
+  }
+}
+```
+::: notes
+- Compared to the previous example, this on only changes the final
+  `sshd_config` file
+:::
+## Customizing the SSH server config
+```nix
+{ ... }:
+{
+  services.openssh = {
+    enable = true;
+    openFirewall = false;
+    startWhenNeeded = true;
+    listenAddresses = [
+      { addr = "192.168.3.1"; port = 22; }
+      { addr = "0.0.0.0"; port = 64022; }
+    ];
+  }
+}
+```
+::: notes
+- Start when needed will add a systemd socket that will only listen to the
+  content of `listenAddresses` (if defined).
+- But the content of `listenAddresses` is also added to the `sshd_config`.
+- This gives us a higher level description of what we want in our system.
+- They also give us the means to describe our higher level components, should
+  nixpkgs not have the appropriate module.
 :::
@@ -678,6 +785,7 @@ Failed assertions:
 - [x] Use good Markdown / Beamer template
 - [ ] Pinning repo version
 - [x] How to use different versions
+- [ ] Modules can call other modules (and that's what they do **all** the time)
 - [ ] How to build an image
 - [ ] Add some images to temporise the talk
 - [ ] Talk about service tests!!!
@@ -712,6 +820,25 @@ Failed assertions:
 That's all folks!
-. . .
+---
 Questions?
+Slide sources
+ ~ <https://github.com/minijackson/nixos-embedded-slides/>
+:::::: {.columns}
+::: {.column width="40%"}
+- <https://nixos.org/>
+- <https://nixos.wiki/>
+:::
+::: {.column width="60%"}
+- <https://nixos.org/nix/manual/>
+- <https://nixos.org/nixpkgs/manual/>
+- <https://nixos.org/nixos/manual/>
+:::
+::::::

diff --git a/slides.md b/slides.md index cb61c9c..f190e85 100644 --- a/slides.md +++ b/slides.md
@@ -216,7 +216,7 @@ a function that returns a function ("currying"), or use named parameters.
216		216
217		217
218	:::::: {.columns}	218	:::::: {.columns}
219	::: {.column witdh="60%"}	219	::: {.column width="60%"}
220		220
221	```nix	221	```nix
222	let	222	let
@@ -231,7 +231,7 @@ in
231	```	231	```
232		232
233	:::	233	:::
234	::: {.column witdh="40%"}	234	::: {.column width="40%"}
235		235
236	Gives:	236	Gives:
237		237
@@ -630,13 +630,13 @@ Type=simple
630	## Adding yourself to the environment---Environment variables	630	## Adding yourself to the environment---Environment variables
631		631
632	```	632	```
633	$ echo $XDG_DATA_DIRS	633	$ echo $PATH
634	/run/opengl-driver/share:	634	/home/minijackson/bin:
635	/run/opengl-driver-32/share:	635	/run/wrappers/bin:
636	/home/minijackson/.nix-profile/share:	636	/home/minijackson/.nix-profile/bin:
637	/etc/profiles/per-user/minijackson/share:	637	/etc/profiles/per-user/minijackson/bin:
638	/nix/var/nix/profiles/default/share:	638	/nix/var/nix/profiles/default/bin:
639	/run/current-system/sw/share	639	/run/current-system/sw/bin
640	```	640	```
641		641
642	::: notes	642	::: notes
@@ -651,15 +651,122 @@ $ echo $XDG_DATA_DIRS
651		651
652	## Adding yourself to the environment---Tool specific	652	## Adding yourself to the environment---Tool specific
653		653
654	TODO: find a tool	654	Fontconfig
		655	: - Adds individual font paths into an XML file
		656	- Links the XML file into `/etc/fonts/fonts.conf`
		657
		658	Networking
		659	: - UDev rules
		660	- Systemd oneshot services
		661	- In the end are all linked in the environment (`/etc/{systemd,udev}`)
		662
		663	::: notes
		664
		665	- It's pretty hard to find something that can't be inserted into the user
		666	environment via symbolic links or env variables.
		667	- Usually very specific cases, or badly programmed tools
		668
		669
		670	:::
655		671
656	## How we do it	672	## How we do it
657		673
		674	Introducing: the module system!
		675
		676	. . .
		677
		678	```nix
		679	{ ... }:
		680	{
		681	services.openssh.enable = true;
		682	}
		683	```
		684
658	::: notes	685	::: notes
659		686
660	- We talked about how it is possible for NixOS to do it, now we talk about how	687	- We talked about how it is possible for NixOS to do it, now we talk about how
661	us devs write the code	688	us devs write the code
662		689
		690	- We want a machine with an SSH server
		691	- *describe what we would do in a conventional distribution, or embedded build
		692	system*
		693
		694	---
		695
		696	- Will add the `sshd` user
		697	- Will create a systemd service file, linked into `/etc`, which has the
		698	"openssh" package in its closure.
		699	- Will add a default `sshd_config`
		700	- Will add a PreStart script that generates the host key if non-existent
		701	- Allow the 22 tcp port in the firewall (special ssh case)
		702	- sshd PAM module
		703	- Note: this configuration alone is two lines away from compiling:
		704
		705
		706	:::
		707
		708	## Being pedantic
		709
		710	```nix
		711	{ ... }:
		712	{
		713	fileSystems."/".fsType = "tmpfs";
		714	boot.loader.grub.enable = false;
		715	services.openssh.enable = true;
		716	}
		717	```
		718
		719	## Customizing the SSH server config
		720
		721	```nix
		722	{ ... }:
		723	{
		724	services.openssh = {
		725	enable = true;
		726	allowSFTP = false;
		727	# Violates the privacy of users
		728	logLevel = "DEBUG";
		729	extraConfig = ''
		730	# Extra verbatim contents of sshd_config
		731	'';
		732	}
		733	}
		734	```
		735
		736	::: notes
		737
		738	- Compared to the previous example, this on only changes the final
		739	`sshd_config` file
		740
		741
		742	:::
		743
		744	## Customizing the SSH server config
		745
		746	```nix
		747	{ ... }:
		748	{
		749	services.openssh = {
		750	enable = true;
		751	openFirewall = false;
		752	startWhenNeeded = true;
		753	listenAddresses = [
		754	{ addr = "192.168.3.1"; port = 22; }
		755	{ addr = "0.0.0.0"; port = 64022; }
		756	];
		757	}
		758	}
		759	```
		760
		761	::: notes
		762
		763	- Start when needed will add a systemd socket that will only listen to the
		764	content of `listenAddresses` (if defined).
		765	- But the content of `listenAddresses` is also added to the `sshd_config`.
		766	- This gives us a higher level description of what we want in our system.
		767	- They also give us the means to describe our higher level components, should
		768	nixpkgs not have the appropriate module.
		769
663		770
664	:::	771	:::
665		772
@@ -678,6 +785,7 @@ Failed assertions:
678	- [x] Use good Markdown / Beamer template	785	- [x] Use good Markdown / Beamer template
679	- [ ] Pinning repo version	786	- [ ] Pinning repo version
680	- [x] How to use different versions	787	- [x] How to use different versions
		788	- [ ] Modules can call other modules (and that's what they do all the time)
681	- [ ] How to build an image	789	- [ ] How to build an image
682	- [ ] Add some images to temporise the talk	790	- [ ] Add some images to temporise the talk
683	- [ ] Talk about service tests!!!	791	- [ ] Talk about service tests!!!
@@ -712,6 +820,25 @@ Failed assertions:
712		820
713	That's all folks!	821	That's all folks!
714		822
715	. . .	823	---
716		824
717	Questions?	825	Questions?
		826
		827	Slide sources
		828	~ <https://github.com/minijackson/nixos-embedded-slides/>
		829
		830	:::::: {.columns}
		831	::: {.column width="40%"}
		832
		833	- <https://nixos.org/>
		834	- <https://nixos.wiki/>
		835
		836	:::
		837	::: {.column width="60%"}
		838
		839	- <https://nixos.org/nix/manual/>
		840	- <https://nixos.org/nixpkgs/manual/>
		841	- <https://nixos.org/nixos/manual/>
		842
		843	:::
		844	::::::