From 318522a2613ec7242b2559be66b5edf466a2e5ef Mon Sep 17 00:00:00 2001 From: Aria Date: Fri, 3 Nov 2023 14:03:47 +0000 Subject: mess around with tardis stuff --- tardis-new/modules/common.nix | 56 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 tardis-new/modules/common.nix (limited to 'tardis-new/modules') diff --git a/tardis-new/modules/common.nix b/tardis-new/modules/common.nix new file mode 100644 index 0000000..0d6a1ba --- /dev/null +++ b/tardis-new/modules/common.nix @@ -0,0 +1,56 @@ +{ + lib, + config, + ... +}: { + networking.domain = lib.consts.mainDomain; + + system.stateVersion = "23.05"; + + # Share NixOS store for efficiency + microvm = { + storeOnDisk = false; + shares = [ + { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + }; + + microvm = { + # Hypervisor setup + hypervisor = "qemu"; + socket = "control.socket"; + + # Trusted bridge setup + interfaces = [ + { + type = "tap"; + id = "vm-${config.networking.hostName}"; + mac = "02:00:00:00:00:01"; + } + ]; + }; + + # If this isn't set, then every system changes whenever a commit is made + # Which is super annoying + nix.registry = lib.mkForce {}; + + # SSH Access + services.openssh = { + enable = true; + openFirewall = true; + settings.PermitRootLogin = "prohibit-password"; + }; + users.users.root.openssh.authorizedKeys.keys = [lib.consts.rootPubKey]; + + # Swap file + # swapDevices = [ + # { + # device = "/swapfile"; + # size = builtins.floor (config.microvm.mem * 0.5); + # } + # ]; +} -- cgit v1.2.3