new: nixosConfigurations.priscilla

2025-03-10 23:20:09 +05:00 · 2025-03-10 23:20:09 +05:00 · 34819caf1f
commit 34819caf1f
parent e410a4a18d
3 changed files with 111 additions and 1 deletions
--- a/nixosConfigurations/default.nix
+++ b/nixosConfigurations/default.nix
@ -44,4 +44,11 @@
      bonPkgs = self.packages.x86_64-linux;
    };
  };
+
+  priscilla = lib.nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      ./priscilla
+    ];
+  };
 }
--- a/nixosConfigurations/priscilla/default.nix
+++ b/nixosConfigurations/priscilla/default.nix
@ -0,0 +1,103 @@
+{
+  modulesPath,
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  system.stateVersion = "25.05";
+
+  system.build.qcow2 = import "${modulesPath}/../lib/make-disk-image.nix" {
+    inherit lib config pkgs;
+    diskSize = 10240;
+    format = "qcow2";
+    partitionTableType = "hybrid";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    autoResize = true;
+    fsType = "ext4";
+  };
+
+  boot = {
+    loader.grub.enable = lib.mkForce true;
+    loader.grub.device = lib.mkDefault "/dev/vda";
+    loader.timeout = lib.mkForce 0;
+    kernelParams = ["console=tty1" "console=ttyS0,115200"];
+  };
+
+  networking = {
+    useDHCP = true;
+    firewall.enable = true;
+  };
+
+  services = {
+    qemuGuest = {
+      enable = true;
+    };
+
+    openssh = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    journald.extraConfig = ''
+      SystemMaxUse=100M
+      MaxFileSec=7day
+    '';
+
+    resolved = {
+      enable = true;
+      dnssec = "false";
+    };
+  };
+
+  users.users.l-nafaryus = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    shell = pkgs.nushell;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
+    ];
+    initialPassword = "nixos";
+  };
+
+  users.users.root.openssh.authorizedKeys.keys =
+    config.users.users.l-nafaryus.openssh.authorizedKeys.keys;
+
+  nix = {
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+      trusted-users = ["l-nafaryus"];
+      allowed-users = ["l-nafaryus"];
+      substituters = [
+        "https://cache.elnafo.ru"
+        "https://bonfire.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
+        "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      auto-optimise-store = true;
+      allowed-uris = [
+        "github:"
+        "git+https://github.com/"
+        "git+ssh://github.com/"
+        "git+https://vcs.elnafo.ru/"
+        "git+ssh://vcs.elnafo.ru/"
+      ];
+    };
+    gc = {
+      automatic = lib.mkDefault true;
+      dates = lib.mkDefault "weekly";
+      options = lib.mkDefault "--delete-older-than 7d";
+    };
+  };
+}
--- a/nixosConfigurations/vinheim/users.nix
+++ b/nixosConfigurations/vinheim/users.nix
@ -81,7 +81,7 @@ in {
      podman-compose
      dive

-      ksshaskpass
+      kdePackages.ksshaskpass

      dbeaver-bin