{ modulesPath, lib, pkgs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./fs.nix ]; config = { time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; #Provide a default hostname networking.hostName = lib.mkDefault "base"; # Enable QEMU Guest for Proxmox services.qemuGuest.enable = lib.mkDefault true; boot.loader.systemd-boot.enable = true; boot.growPartition = lib.mkDefault true; # Allow remote updates with flakes and non-root users nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Set up user for remote admin users.users."maintenance" = { isNormalUser = true; group = "maintenance"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ]; }; users.groups."maintenance" = {}; # Enable mDNS for `hostname.local` addresses services.avahi.enable = true; services.avahi.nssmdns4 = true; services.avahi.publish = { enable = true; addresses = true; }; # Some sane packages we need on every system environment.systemPackages = with pkgs; [ vim git ]; # Don't ask for passwords security.sudo.wheelNeedsPassword = false; # Enable ssh services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; programs.ssh.startAgent = true; environment.persistence."/persistent" = { enable = true; hideMounts = true; directories = [ "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/nixos" ]; files = [ "/etc/machine-id" # SSH Server { file = "/etc/ssh/ssh_host_ed25519_key"; mode = "0600"; } { file = "/etc/ssh/ssh_host_ed25519_key.pub"; mode = "0644"; } { file = "/etc/ssh/ssh_host_rsa_key"; mode = "0600"; } { file = "/etc/ssh/ssh_host_rsa_key.pub"; mode = "0644"; } # Ceph Client { file = "/etc/ceph/ceph.conf"; mode = "0644"; } ]; }; services.ceph = { enable = true; global = { fsid = "b9b22d11-3492-49a6-92b7-b36cdf0161fe"; monHost = "v2:192.168.1.239:3300/0,v1:192.168.1.239:6789/0"; }; }; system.stateVersion = lib.mkDefault "24.05"; }; }