{ config, pkgs, modulesPath, lib, ... }: { ######################################################################## # IMPORTS & PROFILE # # We rely on the QEMU Guest Agent profile so that Proxmox can talk # to the VM’s guest-agent. Both “live” and “template” need this. ######################################################################## imports = [ # Enables QEMU Guest Agent support in the VM (modulesPath + "/profiles/qemu-guest.nix") ]; config = { ######################################################################## # A) COMMON SETTINGS ######################################################################## # Provide a default hostname networking.hostName = lib.mkDefault "base"; # Nixpkgs & Unfree # Allow unfree packages if you ever need them. nixpkgs.config.allowUnfree = true; # QEMU Guest Agent (Proxmox integration) # Ensure the qemu-guest-agent service is enabled so Proxmox can query # the VM for IPs, etc. services.qemuGuest.enable = lib.mkDefault true; # GRUB on the “boot drive” boot.loader.grub.enable = lib.mkDefault true; boot.loader.grub.devices = ["nodev"]; # Grow the root partition on first boot boot.growPartition = lib.mkDefault true; # Sudo: Do not require a password for wheel group security.sudo.wheelNeedsPassword = false; # OpenSSH: disable password‐based auth, only allow key‐based services.openssh = { enable = true; settings.PermitRootLogin = "prohibit-password"; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; programs.ssh.startAgent = true; # Root’s SSH authorized_keys (copy your own keys here) # Both live & template will install these, so you can ssh in. users.users.root.openssh.authorizedKeys.keys = [ # ← Replace these with your actual public keys "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCeg/n/vst9KME8byhxX2FhA+FZNQ60W38kkNt45eNzK5zFqBYuwo1nDXVanJSh9unRvB13b+ygpZhrb4sHvkETGWiEioc49MiWr8czEhu6Wpo0vv5MAJkiYvGZUYPdUW52jUzWcYdw8PukG2rowrxL5G0CmsqLwHMPU2FyeCe5aByFI/JZb8R80LoEacgjUiipJcoLWUVgG2koMomHClqGu+16kB8nL5Ja3Kc9lgLfDK7L0A5R8JXhCjrlEsmXbxZmwDKuxvjDAZdE9Sl1VZmMDfWkyrRlenrt01eR3t3Fec6ziRm5ZJk9e2Iu1DPoz+PoHH9aZGVwmlvvnr/gMF3OILxcqb0qx+AYlCCnb6D6pJ9zufhZkKcPRS1Q187F6fz+v2oD1xLZWFHJ92+7ItM0WmbDOHOC29s5EA6wNm3iXZCq86OI3n6T34njDtPqh6Z7Pk2sdK4GBwnFj4KwEWXvdKZKSX1qb2EVlEBE9QI4Gf3eg4SiBu2cAFt3nOSzs8c= asol\\dbs@ALPHA-DBS-P14sG2" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+U3DWOrklcA8n8wdbLBGyli5LsJI3dpL2Zod8mx8eOdC4H127ZT1hzuk2uSmkic4c73BykPyQv8rcqwaRGW94xdMRanKmHYxnbHXo5FBiGrCkNlNNZuahthAGO49c6sUhJMq0eLhYOoFWjtf15sr5Zu7Ug2YTUL3HXB1o9PZ3c9sqYHo2rC/Il1x2j3jNAMKST/qUZYySvdfNJEeQhMbQcdoKJsShcE3oGRL6DFBoV/mjJAJ+wuDhGLDnqi79nQjYfbYja1xKcrKX+D3MfkFxFl6ZIzomR1t75AnZ+09oaWcv1J7ehZ3h9PpDBFNXvzyLwDBMNS+UYcH6SyFjkUbF David@NZXT" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUP7m8jZJiclZGfSje8CeBYFhX10SrdtjYziuChmj1X plasmagoat@macbook-air" ]; # Default filesystem on fileSystems."/" = lib.mkDefault { device = "/dev/disk/by-label/nixos"; autoResize = true; # grow on first boot fsType = "ext4"; }; # Timezone & Keyboard time.timeZone = "Europe/Copenhagen"; console.keyMap = "dk-latin1"; # Default set of packages environment.systemPackages = with pkgs; [ vim # emergencies git # pulling flakes, code curl # downloading things python3 # for Ansible if needed on live VM ]; # Nix settings (cache, experimental, gc) nix.settings.trusted-users = ["root" "@wheel"]; nix.settings.experimental-features = ["nix-command" "flakes"]; nix.extraOptions = '' experimental-features = nix-command flakes keep-outputs = true keep-derivations = true ''; nix.gc.automatic = true; nix.gc.dates = "weekly"; nix.gc.options = "--delete-older-than 7d"; # mDNS with avahi to enable .local dns services.avahi = { enable = true; openFirewall = true; publish = { enable = true; addresses = true; domain = true; }; nssmdns4 = true; nssmdns6 = false; ipv6 = false; }; networking.firewall.allowedUDPPorts = [5353]; # State version (set to match the Nixpkgs you’re using) system.stateVersion = lib.mkDefault "25.05"; }; }