1
0
Fork 0
selfhostblocks/demo/homeassistant/configuration.nix

68 lines
1.9 KiB
Nix
Raw Normal View History

2023-07-01 18:46:19 +02:00
{ config, pkgs, ... }:
let
targetUser = "nixos";
targetPort = 2222;
in
2023-07-01 18:46:19 +02:00
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
2023-07-01 18:46:19 +02:00
boot.kernelModules = [ "kvm-intel" ];
system.stateVersion = "22.11";
# Options above are generate by running nixos-generate-config on the VM.
# Needed otherwise deploy will say system won't be able to boot.
boot.loader.grub.device = "/dev/vdb";
2023-12-09 19:14:35 +01:00
# Needed to avoid getting into not available disk space in /boot.
boot.loader.grub.configurationLimit = 1;
# The NixOS /nix/.rw-store mountpoint is backed by tmpfs which uses memory. We need to increase
# the available disk space to install home-assistant.
virtualisation.vmVariantWithBootLoader.virtualisation.memorySize = 8192;
# Options above are needed to deploy in a VM.
2023-11-20 08:11:03 +01:00
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# We need to create the user we will deploy with.
users.users.${targetUser} = {
2023-07-01 18:46:19 +02:00
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialPassword = "nixos";
2023-11-20 08:11:03 +01:00
# With this option, you don't need to use ssh-copy-id to copy the public ssh key to the VM.
openssh.authorizedKeys.keyFiles = [
./sshkey.pub
];
2023-07-01 18:46:19 +02:00
};
2023-11-20 08:11:03 +01:00
# The user we're deploying with must be able to run sudo without password.
2023-07-01 18:46:19 +02:00
security.sudo.extraRules = [
{ users = [ targetUser ];
2023-07-01 18:46:19 +02:00
commands = [
{ command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
2023-11-20 08:11:03 +01:00
# Needed to allow the user we're deploying with to write to the nix store.
nix.settings.trusted-users = [
targetUser
];
2023-11-20 08:11:03 +01:00
# We need to enable the ssh daemon to be able to deploy.
2023-07-01 18:46:19 +02:00
services.openssh = {
enable = true;
ports = [ targetPort ];
2024-08-15 06:59:08 +02:00
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
2023-07-01 18:46:19 +02:00
};
}