1
0
Fork 0
selfhostblocks/demo/homeassistant/configuration.nix

67 lines
1.9 KiB
Nix
Raw Normal View History

2023-07-01 18:46:19 +02:00
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
2023-07-01 18:46:19 +02:00
boot.kernelModules = [ "kvm-intel" ];
system.stateVersion = "22.11";
# Options above are generate by running nixos-generate-config on the VM.
# Needed otherwise deploy will say system won't be able to boot.
boot.loader.grub.device = "/dev/vdb";
# The NixOS /nix/.rw-store mountpoint is backed by tmpfs which uses memory. We need to increase
# the available disk space to install home-assistant.
virtualisation.vmVariantWithBootLoader.virtualisation.memorySize = 8192;
# Options above are needed to deploy in a VM.
2023-11-20 08:11:03 +01:00
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Used by colmena to know which target host to deploy to.
deployment = {
targetHost = "example";
targetPort = 2222;
targetUser = "nixos";
};
# We need to create the user we will deploy with.
users.users.${config.deployment.targetUser} = {
2023-07-01 18:46:19 +02:00
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialPassword = "nixos";
2023-11-20 08:11:03 +01:00
# With this option, you don't need to use ssh-copy-id to copy the public ssh key to the VM.
openssh.authorizedKeys.keyFiles = [
./sshkey.pub
];
2023-07-01 18:46:19 +02:00
};
2023-11-20 08:11:03 +01:00
# The user we're deploying with must be able to run sudo without password.
2023-07-01 18:46:19 +02:00
security.sudo.extraRules = [
2023-11-20 08:11:03 +01:00
{ users = [ config.deployment.targetUser ];
2023-07-01 18:46:19 +02:00
commands = [
{ command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
2023-11-20 08:11:03 +01:00
# Needed to allow the user we're deploying with to write to the nix store.
nix.settings.trusted-users = [
2023-11-20 08:11:03 +01:00
config.deployment.targetUser
];
2023-11-20 08:11:03 +01:00
# We need to enable the ssh daemon to be able to deploy.
2023-07-01 18:46:19 +02:00
services.openssh = {
enable = true;
2023-11-20 08:11:03 +01:00
ports = [ config.deployment.targetPort ];
2023-07-01 18:46:19 +02:00
permitRootLogin = "no";
2023-11-20 08:11:03 +01:00
passwordAuthentication = false;
2023-07-01 18:46:19 +02:00
};
}