plasmagoat/homelab
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
homelab/nixos/configuration.nix
plasmagoat dd7b32ac51
All checks were successful
Hello World / test (push) Successful in 3s
Details
new base image
2025-06-07 04:33:52 +02:00

112 lines
4.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, modulesPath, lib, ... }:
{
########################################################################
# IMPORTS & PROFILE
#
# We rely on the QEMU Guest Agent profile so that Proxmox can talk
# to the VMs guest-agent. Both “live” and “template” need this.
########################################################################
imports = [
# Enables QEMU Guest Agent support in the VM
(modulesPath + "/profiles/qemu-guest.nix")
];
config = {
########################################################################
# A) COMMON SETTINGS
########################################################################
# Provide a default hostname
networking.hostName = lib.mkDefault "base";
# Nixpkgs & Unfree
# Allow unfree packages if you ever need them.
nixpkgs.config.allowUnfree = true;
# QEMU Guest Agent (Proxmox integration)
# Ensure the qemu-guest-agent service is enabled so Proxmox can query
# the VM for IPs, etc.
services.qemuGuest.enable = lib.mkDefault true;
# GRUB on the “boot drive”
# Both live and template should install a bootloader on /dev/disk/by-label/nixos.
boot.loader.grub.enable = lib.mkDefault true;
boot.loader.grub.devices = [ "nodev" ];
# Grow the root partition on first boot
boot.growPartition = lib.mkDefault true;
# Sudo: Do not require a password for wheel group
security.sudo.wheelNeedsPassword = false;
# OpenSSH: disable passwordbased auth, only allow keybased
services.openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.startAgent = true;
# Roots SSH authorized_keys (copy your own keys here)
# Both live & template will install these, so you can ssh in.
users.users.root.openssh.authorizedKeys.keys = [
# ← Replace these with your actual public keys
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCeg/n/vst9KME8byhxX2FhA+FZNQ60W38kkNt45eNzK5zFqBYuwo1nDXVanJSh9unRvB13b+ygpZhrb4sHvkETGWiEioc49MiWr8czEhu6Wpo0vv5MAJkiYvGZUYPdUW52jUzWcYdw8PukG2rowrxL5G0CmsqLwHMPU2FyeCe5aByFI/JZb8R80LoEacgjUiipJcoLWUVgG2koMomHClqGu+16kB8nL5Ja3Kc9lgLfDK7L0A5R8JXhCjrlEsmXbxZmwDKuxvjDAZdE9Sl1VZmMDfWkyrRlenrt01eR3t3Fec6ziRm5ZJk9e2Iu1DPoz+PoHH9aZGVwmlvvnr/gMF3OILxcqb0qx+AYlCCnb6D6pJ9zufhZkKcPRS1Q187F6fz+v2oD1xLZWFHJ92+7ItM0WmbDOHOC29s5EA6wNm3iXZCq86OI3n6T34njDtPqh6Z7Pk2sdK4GBwnFj4KwEWXvdKZKSX1qb2EVlEBE9QI4Gf3eg4SiBu2cAFt3nOSzs8c= asol\\dbs@ALPHA-DBS-P14sG2"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+U3DWOrklcA8n8wdbLBGyli5LsJI3dpL2Zod8mx8eOdC4H127ZT1hzuk2uSmkic4c73BykPyQv8rcqwaRGW94xdMRanKmHYxnbHXo5FBiGrCkNlNNZuahthAGO49c6sUhJMq0eLhYOoFWjtf15sr5Zu7Ug2YTUL3HXB1o9PZ3c9sqYHo2rC/Il1x2j3jNAMKST/qUZYySvdfNJEeQhMbQcdoKJsShcE3oGRL6DFBoV/mjJAJ+wuDhGLDnqi79nQjYfbYja1xKcrKX+D3MfkFxFl6ZIzomR1t75AnZ+09oaWcv1J7ehZ3h9PpDBFNXvzyLwDBMNS+UYcH6SyFjkUbF David@NZXT"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUP7m8jZJiclZGfSje8CeBYFhX10SrdtjYziuChmj1X plasmagoat@macbook-air"
];
# Default filesystem on
fileSystems."/" = lib.mkDefault {
device = "/dev/disk/by-label/nixos";
autoResize = true; # grow on first boot
fsType = "ext4";
};
# Timezone & Keyboard
time.timeZone = "Europe/Copenhagen";
console.keyMap = "dk-latin1";
# Default set of packages
environment.systemPackages = with pkgs; [
vim # emergencies
git # pulling flakes, code
curl # downloading things
python3 # for Ansible if needed on live VM
];
# Nix settings (cache, experimental, gc)
nix.settings.trusted-users = [ "root" "@wheel" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.extraOptions = ''
experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
'';
nix.gc.automatic = true;
nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 7d";
# mDNS with avahi to enable .local dns
services.avahi = {
enable = true;
openFirewall = true;
publish = {
enable = true;
addresses = true;
domain = true;
};
nssmdns4 = true;
nssmdns6 = false;
ipv6 = false;
};
networking.firewall.allowedUDPPorts = [ 5353 ];
# State version (set to match the Nixpkgs youre using)
system.stateVersion = lib.mkDefault "25.05";
};
}
Reference in a new issue View git blame Copy permalink