dotfiles/vmix.nix
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
vmix.nix/lib/images/windows/templates/registry/default.nix
Git Sagar def21bca57 add enableRDP flag to generalize and fix AutoLogon 
- generalize.nix: add enableRDP option that re-enables RDP in
  post-oobe.cmd after sysprep resets registry (firewall rules,
  TermService auto-start, disable NLA)
- Fix OOBE AutoLogon: create user with blank password (Windows
  ignores unattend passwords), set real password via net user in
  post-oobe.cmd, and explicitly set AutoAdminLogon registry values
- Add LogonCount=999 for persistent AutoLogon across reboots
- Remove unused rdpEntries import from registry/default.nix

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-06-07 15:57:17 +05:30

62 lines
2.5 KiB
Nix
Raw Blame History

# Offline registry customization templates.
# Each file returns raw registry entries (no header).
# Templates are composed into bundles via mkReg which adds the .reg header.
{ ... }:
let
regHeader = "Windows Registry Editor Version 5.00";
mkReg = entries: ''
${regHeader}
${entries}
'';
telemetryEntries = import ./telemetry.nix;
errorReportingEntries = import ./error-reporting.nix;
defenderEntries = import ./defender.nix;
updatesEntries = import ./updates.nix;
smartScreenEntries = import ./smart-screen.nix;
hibernationEntries = import ./hibernation.nix;
systemRestoreEntries = import ./system-restore.nix;
networkEntries = import ./insecure-samba.nix;
privacyEntries = import ./privacy.nix;
aiEntries = import ./ai.nix;
consumerEntries = import ./consumer.nix;
performanceEntries = import ./performance.nix;
disableUcpdEntries = import ./disable-ucpd.nix;
in rec {
# === Individual templates ===
disableTelemetry = { name = "no-telemetry"; windowsRegistry = mkReg telemetryEntries; };
disableErrorReporting = { name = "no-wer"; windowsRegistry = mkReg errorReportingEntries; };
disableDefender = { name = "no-defender"; windowsRegistry = mkReg defenderEntries; };
disableUpdates = { name = "no-updates"; windowsRegistry = mkReg updatesEntries; };
disableSmartScreen = { name = "no-smartscreen"; windowsRegistry = mkReg smartScreenEntries; };
disableHibernation = { name = "no-hibernate"; windowsRegistry = mkReg hibernationEntries; };
disableSystemRestore = { name = "no-restore"; windowsRegistry = mkReg systemRestoreEntries; };
networkTweaks = { name = "network"; windowsRegistry = mkReg networkEntries; };
disablePrivacyTracking = { name = "no-tracking"; windowsRegistry = mkReg privacyEntries; };
disableAI = { name = "no-ai"; windowsRegistry = mkReg aiEntries; };
disableConsumerFeatures = { name = "no-consumer"; windowsRegistry = mkReg consumerEntries; };
performanceTweaks = { name = "performance"; windowsRegistry = mkReg performanceEntries; };
disableUCPD = { name = "no-ucpd"; windowsRegistry = mkReg disableUcpdEntries; };
# === Convenience bundles ==
# Hardened: comprehensive debloat for lab VMs
hardened = {
name = "hardened";
windowsRegistry = mkReg (
telemetryEntries
+ errorReportingEntries
+ defenderEntries
+ updatesEntries
+ smartScreenEntries
+ hibernationEntries
+ systemRestoreEntries
+ networkEntries
+ privacyEntries
+ aiEntries
+ consumerEntries
+ performanceEntries
);
};
}
Reference in a new issue View git blame Copy permalink