{ modulesPath, lib, pkgs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./fs.nix ]; config = { time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; #Provide a default hostname networking.hostName = lib.mkDefault "base"; # Enable QEMU Guest for Proxmox services.qemuGuest.enable = lib.mkDefault true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Allow remote updates with flakes and non-root users nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Set up user for remote admin users.users."maintenance" = { isNormalUser = true; group = "maintenance"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ]; }; users.groups."maintenance" = { }; # Enable mDNS for `hostname.local` addresses services.avahi.enable = true; services.avahi.nssmdns4 = true; services.avahi.publish = { enable = true; addresses = true; }; # Some sane packages we need on every system environment.systemPackages = with pkgs; [ vim git ceph-client ]; # Don't ask for passwords security.sudo.wheelNeedsPassword = false; # Enable ssh services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; programs.ssh.startAgent = true; environment.persistence."/persistent" = { enable = true; hideMounts = true; directories = [ "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/nixos" ]; files = [ "/etc/machine-id" # SSH Server "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" # Ceph Client "/etc/ceph/ceph.client.vm.keyring" ]; }; services.ceph = { enable = true; global = { fsid = "b9b22d11-3492-49a6-92b7-b36cdf0161fe"; monHost = "v2:192.168.10.3:3300/0,v1:192.168.10.3:6789/0"; }; }; # Resize partition on boot systemd.repart.partitions = { "00-esp" = { Type = "esp"; SizeMinBytes = "550M"; SizeMaxBytes = "550M"; Format = "vfat"; }; "10-root" = { Type = "linux-generic"; Format = "btrfs"; }; }; boot.initrd = { # Custom systemd units in the initrd systemd = { enable = true; services = { resize-gpt = { description = "Resize GPT to use full disk size"; path = [ pkgs.gptfdisk ]; wants = [ "systemd-repart.service" ]; before = [ "systemd-repart.service" ]; serviceConfig = { Type = "oneshot"; ExecStart = "/run/current-system/sw/bin/sgdisk --move-second-header /dev/sdX"; }; }; }; repart = { enable = true; device = "/dev/sda"; }; }; }; system.stateVersion = lib.mkDefault "24.05"; }; }