{ config, pkgs, ... }: let targetUser = "nixos"; targetPort = 2222; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; boot.loader.grub.enable = true; boot.kernelModules = [ "kvm-intel" ]; system.stateVersion = "22.11"; # Options above are generate by running nixos-generate-config on the VM. # Needed otherwise deploy will say system won't be able to boot. boot.loader.grub.device = "/dev/vdb"; # Needed to avoid getting into not available disk space in /boot. boot.loader.grub.configurationLimit = 1; # The NixOS /nix/.rw-store mountpoint is backed by tmpfs which uses memory. We need to increase # the available disk space to install home-assistant. virtualisation.vmVariant.virtualisation.memorySize = 8192; virtualisation.vmVariantWithBootLoader.virtualisation.memorySize = 8192; # Options above are needed to deploy in a VM. nix.settings.experimental-features = [ "nix-command" "flakes" ]; # We need to create the user we will deploy with. users.users.${targetUser} = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. initialPassword = "nixos"; # With this option, you don't need to use ssh-copy-id to copy the public ssh key to the VM. openssh.authorizedKeys.keyFiles = [ ./sshkey.pub ]; }; # The user we're deploying with must be able to run sudo without password. security.sudo.extraRules = [ { users = [ targetUser ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; # Needed to allow the user we're deploying with to write to the nix store. nix.settings.trusted-users = [ targetUser ]; # We need to enable the ssh daemon to be able to deploy. services.openssh = { enable = true; ports = [ targetPort ]; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; }