3 files changed, 66 insertions(+), 0 deletions(-)

M systems/profiles/default.nix
A systems/profiles/vm/default.nix
A systems/profiles/vm/vm.nix

@@ 2,4 2,5 @@ inputs: {
   desktop = import ./desktop inputs;
   laptop = import ./laptop inputs;
   lxc = import ./lxc inputs;
+  vm = import ./vm inputs;
 }

@@ 0,0 1,19 @@
+inputs @ {
+  home-manager,
+  sops-nix,
+  ...
+}: {
+  modules = [
+    sops-nix.nixosModules.sops
+    home-manager.nixosModules.home-manager
+
+    ../../../modules
+    ../../../roles
+
+    ./vm.nix
+  ];
+  specialArgs = {
+    inherit inputs;
+    artautil = import ../../../lib/util.nix {};
+  };
+}

@@ 0,0 1,46 @@
+{
+  artautil,
+  config,
+  lib,
+  ...
+}: {
+  sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;
+
+  time.timeZone = "Europe/Helsinki";
+
+  networking.defaultGateway = {
+    address = "10.1.2.1";
+    interface = "eth0";
+  };
+  networking.nameservers = ["10.1.2.3"];
+  networking.interfaces."eth0".ipv4.addresses = [
+    {
+      address = artautil.getIPv4 config.networking.hostName;
+      prefixLength = 24;
+    }
+  ];
+
+  nix.settings.trusted-users = ["root"];
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
+    ];
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = lib.mkForce false;
+      KbdInteractiveAuthentication = lib.mkForce false;
+      PermitRootLogin = lib.mkForce "prohibit-password";
+    };
+  };
+
+  services = {
+    journald.extraConfig = "SystemMaxUse=4G";
+    cron.systemCronJobs = [
+      "0 22 * * * root journalctl --vacuum-time=7d"
+    ];
+  };
+}