{ modulesPath, lib, pkgs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./fs.nix ]; config = { time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; #Provide a default hostname networking.hostName = lib.mkDefault "base"; # Enable QEMU Guest for Proxmox services.qemuGuest.enable = lib.mkDefault true; boot.loader.systemd-boot.enable = true; boot.growPartition = lib.mkDefault true; # Allow remote updates with flakes and non-root users nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Set up user for remote admin users.users."maintenance" = { isNormalUser = true; group = "maintenance"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ]; }; users.groups."maintenance" = {}; # Enable mDNS for `hostname.local` addresses services.avahi.enable = true; services.avahi.nssmdns4 = true; services.avahi.publish = { enable = true; addresses = true; }; # Some sane packages we need on every system environment.systemPackages = with pkgs; [ vim git ]; # Don't ask for passwords security.sudo.wheelNeedsPassword = false; # Enable ssh services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; programs.ssh.startAgent = true; environment.persistence."/persistent" = { enable = true; hideMounts = true; directories = [ "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/nixos" ]; files = [ "/etc/machine-id" ]; }; system.stateVersion = lib.mkDefault "24.05"; }; }