nixos-config/profiles/nixos/vm.nix

{
  pkgs,
  lib,
  config,
  ...
}:

with lib;
let
  cfg = config.modules.profiles.vm;
in
{
  options.modules.profiles.vm = {
    enable = mkEnableOption "Base VM profile";
  };

  config = mkIf cfg.enable {
    # Enabled modules
    modules = {
      profiles.base.enable = true;
      disko = {
        enable = true;
        profile = "vm";
      };
      impermanence = {
        enable = true;
        resetScript = ''
          # Revert to the blank state for the root directory
          zfs rollback -r tank/root@blank
        '';
      };
      ssh.enable = true;
    };

    # Local user
    sops.secrets."ssh-keys/admin-pub" = { };
    services.getty.autologinUser = "local";
    security.sudo.extraRules = [
      {
        users = [ "local" ];
        options = [ "NOPASSWD" ];
      }
    ];
    users.mutableUsers = false;
    users.users.local = {
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keyFiles = [
        config.sops.secrets."ssh-keys/admin-pub".path
      ];
    };

    # System packages
    environment.systemPackages = with pkgs; [
      # TODO: Make module for utilities/scripts
      (writeShellScriptBin "system-update" "nixos-rebuild switch --flake git+https://git.bulthuis.dev/Jan/nixos-config")
    ];

    # Enable qemu guest agent
    services.qemuGuest.enable = true;

    # Machine platform
    nixpkgs.hostPlatform = "x86_64-linux";

    # Set hostid for ZFS
    networking.hostId = "deadbeef";

    # Hardware configuration
    hardware.enableRedistributableFirmware = true;
    boot.initrd.availableKernelModules = [
      "ata_piix"
      "uhci_hcd"
      "virtio_pci"
      "virtio_scsi"
      "sd_mod"
      "sr_mod"
    ];
    boot.initrd.kernelModules = [ ];
    boot.kernelModules = [ "kvm-intel" ];
    boot.extraModulePackages = [ ];
    hardware.cpu.intel.updateMicrocode = true;

    # Swapfile
    swapDevices = [
      {
        device = "/var/lib/swapfile";
        size = 6 * 1024;
      }
    ];
  };
}
Refactor home manager profile 2025-05-25 11:55:51 +02:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`...`
			`}:`

			`with lib;`
			`let`
			`cfg = config.modules.profiles.vm;`
			`in`
			`{`
			`options.modules.profiles.vm = {`
			`enable = mkEnableOption "Base VM profile";`
			`};`

			`config = mkIf cfg.enable {`
			`# Enabled modules`
			`modules = {`
			`profiles.base.enable = true;`
Better disko setup 2025-05-29 14:19:19 +02:00			`disko = {`
			`enable = true;`
			`profile = "vm";`
			`};`
Set up impermanence 2025-05-29 16:34:24 +02:00			`impermanence = {`
			`enable = true;`
			`resetScript = ''`
			`# Revert to the blank state for the root directory`
			`zfs rollback -r tank/root@blank`
			`'';`
			`};`
Refactor home manager profile 2025-05-25 11:55:51 +02:00			`ssh.enable = true;`
			`};`

Updated local user configuration 2025-05-29 20:20:18 +02:00			`# Local user`
Added admin-pub secret 2025-05-30 16:08:39 +02:00			`sops.secrets."ssh-keys/admin-pub" = { };`
Automatically login to user 2025-05-29 20:32:19 +02:00			`services.getty.autologinUser = "local";`
Gave local passwordless sudo, rerolled and encrypted the authorized key. 2025-05-30 16:05:00 +02:00			`security.sudo.extraRules = [`
			`{`
			`users = [ "local" ];`
			`options = [ "NOPASSWD" ];`
			`}`
			`];`
Updated local user configuration 2025-05-29 20:20:18 +02:00			`users.mutableUsers = false;`
Set up admin user 2025-05-28 13:59:30 +02:00			`users.users.local = {`
			`extraGroups = [ "wheel" ];`
Gave local passwordless sudo, rerolled and encrypted the authorized key. 2025-05-30 16:05:00 +02:00			`openssh.authorizedKeys.keyFiles = [`
			`config.sops.secrets."ssh-keys/admin-pub".path`
Set up admin user 2025-05-28 13:59:30 +02:00			`];`
			`};`

Added update script 2025-05-29 20:37:12 +02:00			`# System packages`
			`environment.systemPackages = with pkgs; [`
			`# TODO: Make module for utilities/scripts`
Updated update script 2025-05-30 14:03:05 +02:00			`(writeShellScriptBin "system-update" "nixos-rebuild switch --flake git+https://git.bulthuis.dev/Jan/nixos-config")`
Added update script 2025-05-29 20:37:12 +02:00			`];`

Refactor home manager profile 2025-05-25 11:55:51 +02:00			`# Enable qemu guest agent`
			`services.qemuGuest.enable = true;`

Added vpn vm with wstunnel server 2025-05-28 12:23:31 +02:00			`# Machine platform`
			`nixpkgs.hostPlatform = "x86_64-linux";`

Updated base vm config 2025-05-29 15:10:10 +02:00			`# Set hostid for ZFS`
Better disko setup 2025-05-29 14:19:19 +02:00			`networking.hostId = "deadbeef";`

Refactor home manager profile 2025-05-25 11:55:51 +02:00			`# Hardware configuration`
			`hardware.enableRedistributableFirmware = true;`
			`boot.initrd.availableKernelModules = [`
			`"ata_piix"`
			`"uhci_hcd"`
			`"virtio_pci"`
			`"virtio_scsi"`
			`"sd_mod"`
			`"sr_mod"`
			`];`
			`boot.initrd.kernelModules = [ ];`
			`boot.kernelModules = [ "kvm-intel" ];`
			`boot.extraModulePackages = [ ];`
			`hardware.cpu.intel.updateMicrocode = true;`

			`# Swapfile`
			`swapDevices = [`
			`{`
			`device = "/var/lib/swapfile";`
			`size = 6 * 1024;`
			`}`
			`];`
			`};`
			`}`