nixos-config/profiles/nixos/vm.nix

{
  pkgs,
  lib,
  config,
  ...
}:

with lib;
let
  cfg = config.modules.profiles.vm;
in
{
  options.modules.profiles.vm = {
    enable = mkEnableOption "Base VM profile";
  };

  config = mkIf cfg.enable {
    # Enabled modules
    modules = {
      profiles.base.enable = true;
      disko = {
        enable = true;
        profile = "vm";
      };
      impermanence = {
        enable = true;
        resetScript = ''
          # Revert to the blank state for the root directory
          zfs rollback -r tank/root@blank
        '';
      };
      ssh.enable = true;
    };

    # Autologin to root for access from hypervisor
    services.getty.autologinUser = "root";

    # Local user
    modules.secrets.secrets."passwords/local-hashed".neededForUsers = true;
    users.mutableUsers = false;
    users.users.local = {
      hashedPasswordFile = config.sops.secrets."passwords/local-hashed".path;
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKxoQSxfYqf9ITN8Fhckk8WbY4dwtBAXOhC9jxihJvq Admin"
      ];
    };

    # System packages
    environment.systemPackages = with pkgs; [
      # TODO: Make module for utilities/scripts
      (writeShellScriptBin "system-update" "nixos-rebuild switch --flake git+https://git.bulthuis.dev/Jan/nixos-config")
    ];

    # Enable qemu guest agent
    services.qemuGuest.enable = true;

    # Machine platform
    nixpkgs.hostPlatform = "x86_64-linux";

    # Set hostid for ZFS
    networking.hostId = "deadbeef";

    # Hardware configuration
    hardware.enableRedistributableFirmware = true;
    boot.initrd.availableKernelModules = [
      "ata_piix"
      "uhci_hcd"
      "virtio_pci"
      "virtio_scsi"
      "sd_mod"
      "sr_mod"
    ];
    boot.kernelModules = [ "kvm-intel" ];
  };
}
Refactor home manager profile 2025-05-25 11:55:51 +02:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`...`
			`}:`

			`with lib;`
			`let`
			`cfg = config.modules.profiles.vm;`
			`in`
			`{`
			`options.modules.profiles.vm = {`
			`enable = mkEnableOption "Base VM profile";`
			`};`

			`config = mkIf cfg.enable {`
			`# Enabled modules`
			`modules = {`
			`profiles.base.enable = true;`
Better disko setup 2025-05-29 14:19:19 +02:00			`disko = {`
			`enable = true;`
			`profile = "vm";`
			`};`
Set up impermanence 2025-05-29 16:34:24 +02:00			`impermanence = {`
			`enable = true;`
			`resetScript = ''`
			`# Revert to the blank state for the root directory`
			`zfs rollback -r tank/root@blank`
			`'';`
			`};`
Refactor home manager profile 2025-05-25 11:55:51 +02:00			`ssh.enable = true;`
			`};`

Autologin to root for access from hypervisor 2025-05-30 16:44:23 +02:00			`# Autologin to root for access from hypervisor`
			`services.getty.autologinUser = "root";`

Updated local user configuration 2025-05-29 20:20:18 +02:00			`# Local user`
Set local password 2025-05-30 16:15:42 +02:00			`modules.secrets.secrets."passwords/local-hashed".neededForUsers = true;`
Updated local user configuration 2025-05-29 20:20:18 +02:00			`users.mutableUsers = false;`
Set up admin user 2025-05-28 13:59:30 +02:00			`users.users.local = {`
Set local password 2025-05-30 16:15:42 +02:00			`hashedPasswordFile = config.sops.secrets."passwords/local-hashed".path;`
Set up admin user 2025-05-28 13:59:30 +02:00			`extraGroups = [ "wheel" ];`
Replaced key 2025-05-30 16:19:12 +02:00			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKxoQSxfYqf9ITN8Fhckk8WbY4dwtBAXOhC9jxihJvq Admin"`
Set up admin user 2025-05-28 13:59:30 +02:00			`];`
			`};`

Added update script 2025-05-29 20:37:12 +02:00			`# System packages`
			`environment.systemPackages = with pkgs; [`
			`# TODO: Make module for utilities/scripts`
Updated update script 2025-05-30 14:03:05 +02:00			`(writeShellScriptBin "system-update" "nixos-rebuild switch --flake git+https://git.bulthuis.dev/Jan/nixos-config")`
Added update script 2025-05-29 20:37:12 +02:00			`];`

Refactor home manager profile 2025-05-25 11:55:51 +02:00			`# Enable qemu guest agent`
			`services.qemuGuest.enable = true;`

Added vpn vm with wstunnel server 2025-05-28 12:23:31 +02:00			`# Machine platform`
			`nixpkgs.hostPlatform = "x86_64-linux";`

Updated base vm config 2025-05-29 15:10:10 +02:00			`# Set hostid for ZFS`
Better disko setup 2025-05-29 14:19:19 +02:00			`networking.hostId = "deadbeef";`

Refactor home manager profile 2025-05-25 11:55:51 +02:00			`# Hardware configuration`
			`hardware.enableRedistributableFirmware = true;`
			`boot.initrd.availableKernelModules = [`
			`"ata_piix"`
			`"uhci_hcd"`
			`"virtio_pci"`
			`"virtio_scsi"`
			`"sd_mod"`
			`"sr_mod"`
			`];`
			`boot.kernelModules = [ "kvm-intel" ];`
			`};`
			`}`