nixtt/flake.nix

{
  description = "Derivation lit";

  nixConfig = {
    extra-substituters = [
      "https://cache.elnafo.ru"
      "https://bonfire.cachix.org"
    ];
    extra-trusted-public-keys = [
      "cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
      "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
    ];
  };

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
  };

  outputs = {
    self,
    nixpkgs,
    ...
  } @ inputs: let
    lib = inputs.nixpkgs.lib;
    forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
    nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
    pkgs = nixpkgs.legacyPackages.x86_64-linux;

    systemConfig = {
      modules = with inputs; [
        ({
          modulesPath,
          config,
          ...
        }: {
          imports = [
            (modulesPath + "/profiles/qemu-guest.nix")
            (modulesPath + "/virtualisation/qemu-vm.nix")
          ];

          system.stateVersion = "25.05";

          services.openssh = {
            enable = true;
            openFirewall = true;
            startWhenNeeded = true;
            settings.PasswordAuthentication = false;
            settings.KbdInteractiveAuthentication = false;
            settings.X11Forwarding = true;
          };

          environment.systemPackages = [pkgs.networkmanagerapplet];

          boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
          boot.initrd.kernelModules = [];
          boot.kernelModules = ["kvm-amd"];
          boot.extraModulePackages = [];

          boot.kernelParams = [
            "console=tty1"
            "console=ttyS0,115200"
          ];
          boot.loader.grub.enable = lib.mkForce true;
          boot.loader.grub.device = "/dev/vda";

          fileSystems."/" = {
            device = "/dev/vda1";
            fsType = "ext4";
          };

          networking = {
            networkmanager = {
              enable = true;
              enableStrongSwan = true;
              packages = with pkgs; [
                networkmanager-l2tp
              ];
            };
            hostName = "nixos";
            extraHosts = ''192.168.130.211 gitlab'';
          };
          networking.firewall.enable = false;

          boot.tmp.cleanOnBoot = true;
          nix.settings.auto-optimise-store = true;

          services.journald.extraConfig = ''
            SystemMaxUse=100M
            MaxFileSec=7day
          '';

          services.resolved = {
            enable = true;
            dnssec = "false";
          };

          users.users.l-nafaryus = {
            isNormalUser = true;
            shell = pkgs.fish;
            openssh.authorizedKeys.keys = [
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
            ];
            initialPassword = "test";
          };
          programs.fish.enable = true;

          users.users.root.openssh.authorizedKeys.keys =
            config.users.users.l-nafaryus.openssh.authorizedKeys.keys;

          virtualisation.qemu.options = [
            "-net user,hostfwd=tcp::10022-:22"
            "-nographic"
          ];
        })
      ];
    };

    systemConfig2 = {
      modules = with inputs; [
        ({
          modulesPath,
          config,
          ...
        }: {
          imports = [
            (modulesPath + "/profiles/qemu-guest.nix")
            # (modulesPath + "/virtualisation/qemu-vm.nix")
          ];

          system.stateVersion = "25.05";

          system.build.qcow2 = import "${modulesPath}/../lib/make-disk-image.nix" {
            inherit lib config pkgs;
            diskSize = 10240;
            format = "qcow2";
            partitionTableType = "hybrid";
          };

          fileSystems."/" = {
            device = "/dev/disk/by-label/nixos";
            autoResize = true;
            fsType = "ext4";
          };

          boot = {
            loader.grub.enable = lib.mkForce true;
            loader.grub.device = lib.mkDefault "/dev/vda";
            loader.timeout = lib.mkForce 0;
            kernelParams = ["console=tty1" "console=ttyS0,115200"];
          };

          # boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];

          networking = {
            useDHCP = true;
            firewall.enable = true;
          };

          services = {
            qemuGuest = {
              enable = true;
            };

            openssh = {
              enable = true;
              openFirewall = true;
              # openFirewall = true;
              # startWhenNeeded = true;
              # settings.PasswordAuthentication = true;
              # settings.KbdInteractiveAuthentication = true;
              # settings.X11Forwarding = true;
            };

            journald.extraConfig = ''
              SystemMaxUse=100M
              MaxFileSec=7day
            '';

            resolved = {
              enable = true;
              dnssec = "false";
            };
          };

          users.users.l-nafaryus = {
            isNormalUser = true;
            extraGroups = ["wheel"];
            shell = pkgs.nushell;
            openssh.authorizedKeys.keys = [
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
            ];
            initialPassword = "nixos";
          };

          users.users.root.openssh.authorizedKeys.keys =
            config.users.users.l-nafaryus.openssh.authorizedKeys.keys;

          # virtualisation.qemu.options = [
          #   "-net user,hostfwd=tcp::10022-:22"
          #   "-net nic"
          #   "-nographic"
          # ];
        })
      ];
    };
  in {
    nixosConfigurations = {
      nixtt = lib.nixosSystem (systemConfig2 // {system = "x86_64-linux";});
    };

    devShells = {
      x86_64-linux.default = pkgs.mkShellNoCC {
        buildInputs = [
          pkgs.qemu
          pkgs.nixos-generators
        ];
      };
    };

    packages.x86_64-linux.nixtt = pkgs.writeScriptBin "run-nixtt" ''
      #!${pkgs.runtimeShell}

      ${self.nixosConfigurations.nixtt.config.system.build.vm}/bin/run-nixos-vm

    '';
  };
}
initial commit 2024-12-01 23:09:19 +05:00			`{`
			`description = "Derivation lit";`

			`nixConfig = {`
			`extra-substituters = [`
			`"https://cache.elnafo.ru"`
			`"https://bonfire.cachix.org"`
			`];`
			`extra-trusted-public-keys = [`
			`"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="`
			`"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="`
			`];`
			`};`

			`inputs = {`
			`nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";`
			`};`

			`outputs = {`
			`self,`
			`nixpkgs,`
			`...`
			`} @ inputs: let`
			`lib = inputs.nixpkgs.lib;`
			`forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];`
			`nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});`
			`pkgs = nixpkgs.legacyPackages.x86_64-linux;`

			`systemConfig = {`
			`modules = with inputs; [`
			`({`
			`modulesPath,`
			`config,`
			`...`
			`}: {`
			`imports = [`
			`(modulesPath + "/profiles/qemu-guest.nix")`
			`(modulesPath + "/virtualisation/qemu-vm.nix")`
			`];`

			`system.stateVersion = "25.05";`

			`services.openssh = {`
			`enable = true;`
working image 2025-03-10 00:13:47 +05:00			`openFirewall = true;`
initial commit 2024-12-01 23:09:19 +05:00			`startWhenNeeded = true;`
			`settings.PasswordAuthentication = false;`
			`settings.KbdInteractiveAuthentication = false;`
			`settings.X11Forwarding = true;`
			`};`

			`environment.systemPackages = [pkgs.networkmanagerapplet];`

			`boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];`
			`boot.initrd.kernelModules = [];`
			`boot.kernelModules = ["kvm-amd"];`
			`boot.extraModulePackages = [];`

			`boot.kernelParams = [`
			`"console=tty1"`
			`"console=ttyS0,115200"`
			`];`
			`boot.loader.grub.enable = lib.mkForce true;`
			`boot.loader.grub.device = "/dev/vda";`

			`fileSystems."/" = {`
			`device = "/dev/vda1";`
			`fsType = "ext4";`
			`};`

			`networking = {`
			`networkmanager = {`
			`enable = true;`
			`enableStrongSwan = true;`
			`packages = with pkgs; [`
			`networkmanager-l2tp`
			`];`
			`};`
			`hostName = "nixos";`
			`extraHosts = ''192.168.130.211 gitlab'';`
			`};`
			`networking.firewall.enable = false;`

			`boot.tmp.cleanOnBoot = true;`
			`nix.settings.auto-optimise-store = true;`

			`services.journald.extraConfig = ''`
			`SystemMaxUse=100M`
			`MaxFileSec=7day`
			`'';`

			`services.resolved = {`
			`enable = true;`
			`dnssec = "false";`
			`};`

			`users.users.l-nafaryus = {`
			`isNormalUser = true;`
			`shell = pkgs.fish;`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"`
			`];`
working image 2025-03-10 00:13:47 +05:00			`initialPassword = "test";`
initial commit 2024-12-01 23:09:19 +05:00			`};`
			`programs.fish.enable = true;`

			`users.users.root.openssh.authorizedKeys.keys =`
			`config.users.users.l-nafaryus.openssh.authorizedKeys.keys;`

			`virtualisation.qemu.options = [`
			`"-net user,hostfwd=tcp::10022-:22"`
			`"-nographic"`
			`];`
			`})`
			`];`
			`};`
working image 2025-03-10 00:13:47 +05:00
			`systemConfig2 = {`
			`modules = with inputs; [`
			`({`
			`modulesPath,`
			`config,`
			`...`
			`}: {`
			`imports = [`
			`(modulesPath + "/profiles/qemu-guest.nix")`
			`# (modulesPath + "/virtualisation/qemu-vm.nix")`
			`];`

			`system.stateVersion = "25.05";`

			`system.build.qcow2 = import "${modulesPath}/../lib/make-disk-image.nix" {`
			`inherit lib config pkgs;`
			`diskSize = 10240;`
			`format = "qcow2";`
			`partitionTableType = "hybrid";`
			`};`

			`fileSystems."/" = {`
			`device = "/dev/disk/by-label/nixos";`
			`autoResize = true;`
			`fsType = "ext4";`
			`};`

			`boot = {`
			`loader.grub.enable = lib.mkForce true;`
			`loader.grub.device = lib.mkDefault "/dev/vda";`
			`loader.timeout = lib.mkForce 0;`
			`kernelParams = ["console=tty1" "console=ttyS0,115200"];`
			`};`

			`# boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];`

			`networking = {`
			`useDHCP = true;`
			`firewall.enable = true;`
			`};`

			`services = {`
			`qemuGuest = {`
			`enable = true;`
			`};`

			`openssh = {`
			`enable = true;`
			`openFirewall = true;`
			`# openFirewall = true;`
			`# startWhenNeeded = true;`
			`# settings.PasswordAuthentication = true;`
			`# settings.KbdInteractiveAuthentication = true;`
			`# settings.X11Forwarding = true;`
			`};`

			`journald.extraConfig = ''`
			`SystemMaxUse=100M`
			`MaxFileSec=7day`
			`'';`

			`resolved = {`
			`enable = true;`
			`dnssec = "false";`
			`};`
			`};`

			`users.users.l-nafaryus = {`
			`isNormalUser = true;`
			`extraGroups = ["wheel"];`
			`shell = pkgs.nushell;`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"`
			`];`
			`initialPassword = "nixos";`
			`};`

			`users.users.root.openssh.authorizedKeys.keys =`
			`config.users.users.l-nafaryus.openssh.authorizedKeys.keys;`

			`# virtualisation.qemu.options = [`
			`# "-net user,hostfwd=tcp::10022-:22"`
			`# "-net nic"`
			`# "-nographic"`
			`# ];`
			`})`
			`];`
			`};`
initial commit 2024-12-01 23:09:19 +05:00			`in {`
			`nixosConfigurations = {`
working image 2025-03-10 00:13:47 +05:00			`nixtt = lib.nixosSystem (systemConfig2 // {system = "x86_64-linux";});`
initial commit 2024-12-01 23:09:19 +05:00			`};`

			`devShells = {`
			`x86_64-linux.default = pkgs.mkShellNoCC {`
			`buildInputs = [`
			`pkgs.qemu`
			`pkgs.nixos-generators`
			`];`
			`};`
			`};`

			`packages.x86_64-linux.nixtt = pkgs.writeScriptBin "run-nixtt" ''`
			`#!${pkgs.runtimeShell}`

			`${self.nixosConfigurations.nixtt.config.system.build.vm}/bin/run-nixos-vm`

			`'';`
			`};`
			`}`