2023-07-01 18:46:19 +02:00
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
2023-11-19 18:06:53 +01:00
|
|
|
|
imports =
|
|
|
|
|
[ # Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
boot.loader.grub.enable = true;
|
2023-07-01 18:46:19 +02:00
|
|
|
|
boot.kernelModules = [ "kvm-intel" ];
|
|
|
|
|
system.stateVersion = "22.11";
|
|
|
|
|
|
2023-11-19 18:06:53 +01:00
|
|
|
|
# Options above are generate by running nixos-generate-config on the VM.
|
|
|
|
|
|
|
|
|
|
# Needed otherwise deploy will say system won't be able to boot.
|
|
|
|
|
boot.loader.grub.device = "/dev/vdb";
|
|
|
|
|
# The NixOS /nix/.rw-store mountpoint is backed by tmpfs which uses memory. We need to increase
|
|
|
|
|
# the available disk space to install home-assistant.
|
|
|
|
|
virtualisation.vmVariantWithBootLoader.virtualisation.memorySize = 8192;
|
|
|
|
|
|
|
|
|
|
# Options above are needed to deploy in a VM.
|
|
|
|
|
|
2023-11-20 08:11:03 +01:00
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
|
|
|
|
|
# Used by colmena to know which target host to deploy to.
|
|
|
|
|
deployment = {
|
|
|
|
|
targetHost = "example";
|
|
|
|
|
targetPort = 2222;
|
|
|
|
|
targetUser = "nixos";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# We need to create the user we will deploy with.
|
|
|
|
|
users.users.${config.deployment.targetUser} = {
|
2023-07-01 18:46:19 +02:00
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
|
|
|
|
initialPassword = "nixos";
|
2023-11-20 08:11:03 +01:00
|
|
|
|
# With this option, you don't need to use ssh-copy-id to copy the public ssh key to the VM.
|
2023-11-19 18:06:53 +01:00
|
|
|
|
openssh.authorizedKeys.keyFiles = [
|
|
|
|
|
./sshkey.pub
|
|
|
|
|
];
|
2023-07-01 18:46:19 +02:00
|
|
|
|
};
|
|
|
|
|
|
2023-11-20 08:11:03 +01:00
|
|
|
|
# The user we're deploying with must be able to run sudo without password.
|
2023-07-01 18:46:19 +02:00
|
|
|
|
security.sudo.extraRules = [
|
2023-11-20 08:11:03 +01:00
|
|
|
|
{ users = [ config.deployment.targetUser ];
|
2023-07-01 18:46:19 +02:00
|
|
|
|
commands = [
|
|
|
|
|
{ command = "ALL";
|
|
|
|
|
options = [ "NOPASSWD" ];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2023-11-20 08:11:03 +01:00
|
|
|
|
# Needed to allow the user we're deploying with to write to the nix store.
|
2023-11-19 18:06:53 +01:00
|
|
|
|
nix.settings.trusted-users = [
|
2023-11-20 08:11:03 +01:00
|
|
|
|
config.deployment.targetUser
|
2023-11-19 18:06:53 +01:00
|
|
|
|
];
|
|
|
|
|
|
2023-11-20 08:11:03 +01:00
|
|
|
|
# We need to enable the ssh daemon to be able to deploy.
|
2023-07-01 18:46:19 +02:00
|
|
|
|
services.openssh = {
|
2023-11-19 18:06:53 +01:00
|
|
|
|
enable = true;
|
2023-11-20 08:11:03 +01:00
|
|
|
|
ports = [ config.deployment.targetPort ];
|
2023-07-01 18:46:19 +02:00
|
|
|
|
permitRootLogin = "no";
|
2023-11-20 08:11:03 +01:00
|
|
|
|
passwordAuthentication = false;
|
2023-07-01 18:46:19 +02:00
|
|
|
|
};
|
|
|
|
|
}
|