add aarch-builder vm

2023-02-11 01:21:12 +03:00 · 2023-02-11 01:21:12 +03:00 · b08c372e25
commit b08c372e25
parent bfb8cf4249
3 changed files with 76 additions and 0 deletions
--- a/machines/Arch-Builder-VM/autoinstall.nix
+++ b/machines/Arch-Builder-VM/autoinstall.nix
@ -0,0 +1,14 @@
+{ lib, ... }: {
+  autoinstall = {
+    hostname = "Arch-Builder-VM";
+    mainuser = "ataraxia";
+    flakesPath = "/home/nixos/nixos-config";
+    partitioning.useEntireDisk = true;
+    partitioning.disk = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM0003";
+    partitioning.nullifyDisk = false;
+    swapPartition.enable = true;
+    swapPartition.size = "8GiB";
+    zfsOpts.ashift = 13;
+    persist.enable = true;
+  };
+}
--- a/machines/Arch-Builder-VM/default.nix
+++ b/machines/Arch-Builder-VM/default.nix
@ -0,0 +1,61 @@
+{ inputs, config, lib, pkgs, ... }: {
+  imports = with inputs.self; [
+    ./hardware-configuration.nix
+    # nixosRoles.base
+
+    nixosProfiles.devices
+  ];
+
+  options = {
+    device = lib.mkOption { type = lib.types.str; };
+    mainuser = lib.mkOption { type = lib.types.str; };
+  };
+
+  config = {
+    networking.hostName = config.device;
+
+    boot = {
+      kernelParams = [ "zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ];
+      kernelPackages = pkgs.linuxPackages_hardened;
+      cleanTmpDir = true;
+      zfs.forceImportAll = false;
+    };
+
+    zramSwap = {
+      enable = true;
+      algorithm = "zstd";
+      memoryPercent = 80;
+      numDevices = 1;
+    };
+
+    environment.systemPackages = [ pkgs.git pkgs.kitty ];
+    nix = {
+      nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
+      registry.self.flake = inputs.self;
+      registry.nixpkgs.flake = inputs.nixpkgs;
+      extraOptions = ''
+        experimental-features = nix-command flakes
+        flake-registry = ${inputs.flake-registry}/flake-registry.json
+      '';
+    };
+    environment.etc.nixpkgs.source = inputs.nixpkgs;
+    environment.etc.self.source = inputs.self;
+
+    services.openssh = {
+      enable = true;
+      settings.PasswordAuthentication = false;
+      settings.PermitRootLogin = lib.mkForce "without-password";
+      forwardX11 = false;
+      extraConfig = "StreamLocalBindUnlink yes";
+      ports = [ 22 ];
+    };
+
+    users.users.nixos.openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
+    ];
+
+    users.users.root.openssh.authorizedKeys.keys =
+      config.users.users.nixos.openssh.authorizedKeys.keys;
+  };
+}
--- a/machines/Arch-Builder-VM/system
+++ b/machines/Arch-Builder-VM/system
@ -0,0 +1 @@
+aarch64-linux