aboutsummaryrefslogtreecommitdiff
path: root/tardis-new/modules/common.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tardis-new/modules/common.nix')
-rw-r--r--tardis-new/modules/common.nix56
1 files changed, 56 insertions, 0 deletions
diff --git a/tardis-new/modules/common.nix b/tardis-new/modules/common.nix
new file mode 100644
index 0000000..0d6a1ba
--- /dev/null
+++ b/tardis-new/modules/common.nix
@@ -0,0 +1,56 @@
+{
+ lib,
+ config,
+ ...
+}: {
+ networking.domain = lib.consts.mainDomain;
+
+ system.stateVersion = "23.05";
+
+ # Share NixOS store for efficiency
+ microvm = {
+ storeOnDisk = false;
+ shares = [
+ {
+ tag = "ro-store";
+ source = "/nix/store";
+ mountPoint = "/nix/.ro-store";
+ }
+ ];
+ };
+
+ microvm = {
+ # Hypervisor setup
+ hypervisor = "qemu";
+ socket = "control.socket";
+
+ # Trusted bridge setup
+ interfaces = [
+ {
+ type = "tap";
+ id = "vm-${config.networking.hostName}";
+ mac = "02:00:00:00:00:01";
+ }
+ ];
+ };
+
+ # If this isn't set, then every system changes whenever a commit is made
+ # Which is super annoying
+ nix.registry = lib.mkForce {};
+
+ # SSH Access
+ services.openssh = {
+ enable = true;
+ openFirewall = true;
+ settings.PermitRootLogin = "prohibit-password";
+ };
+ users.users.root.openssh.authorizedKeys.keys = [lib.consts.rootPubKey];
+
+ # Swap file
+ # swapDevices = [
+ # {
+ # device = "/swapfile";
+ # size = builtins.floor (config.microvm.mem * 0.5);
+ # }
+ # ];
+}