feat(grfn/system): Resuscitate roswell

Resuscitate the configuration for roswell, the semi-portable
configuration I use for ec2 development boxes. Lots of the changes here
are trying to get Tramp working.

Change-Id: I2dc2fd1d9aa76e145fa3f3f847af761cb652ab47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5798
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI

users/grfn/system/system/machines/roswell.nix

@@ -3,10 +3,13 @@
 {
   imports = [
     ../modules/common.nix
+    ../modules/development.nix
     "${modulesPath}/installer/scan/not-detected.nix"
     "${modulesPath}/virtualisation/amazon-image.nix"
   ];
 
+  system.stateVersion = "22.05";
+
   ec2.hvm = true;
 
   networking.hostName = "roswell";
@@ -14,4 +17,13 @@
   users.users.grfn.openssh.authorizedKeys.keys = [
     depot.users.grfn.keys.main
   ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
+
+  services.openssh.passwordAuthentication = false;
+
+  services.tailscale.enable = true;
+
+  security.sudo.wheelNeedsPassword = false;
 }

users/grfn/system/system/machines/yeren.nix

@@ -105,15 +105,6 @@
   systemd.services.fprintd.environment.FP_TOD_DRIVERS_DIR =
     "${pkgs.libfprint-2-tod1-goodix}/usr/lib/libfprint-2/tod-1";
 
-  security.pam.loginLimits = [
-    {
-      domain = "grfn";
-      type = "soft";
-      item = "nofile";
-      value = "65535";
-    }
-  ];
-
   security.pam.services = {
     login.fprintAuth = true;
     sudo.fprintAuth = true;

users/grfn/system/system/modules/common.nix

@@ -55,7 +55,6 @@ with lib;
       "wheel"
       "networkmanager"
       "audio"
-      "docker"
     ];
     shell = pkgs.zsh;
   };

users/grfn/system/system/modules/development.nix

@@ -3,4 +3,13 @@
 {
   virtualisation.docker.enable = true;
   users.users.grfn.extraGroups = [ "docker" ];
+
+  security.pam.loginLimits = [
+    {
+      domain = "grfn";
+      type = "soft";
+      item = "nofile";
+      value = "65535";
+    }
+  ];
 }