From abc0bc75e9fa8f4a4e6ca42932ea63851fee84b4 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Sun, 25 Aug 2024 21:41:14 +0300
Subject: [PATCH] feat(systems/profiles/vm): add vm profile

---
 systems/profiles/default.nix    |  1 +
 systems/profiles/vm/default.nix | 19 ++++++++++++++
 systems/profiles/vm/vm.nix      | 46 +++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 systems/profiles/vm/default.nix
 create mode 100644 systems/profiles/vm/vm.nix

diff --git a/systems/profiles/default.nix b/systems/profiles/default.nix
index 84416a3..7a77ba9 100644
--- a/systems/profiles/default.nix
+++ b/systems/profiles/default.nix
@@ -2,4 +2,5 @@ inputs: {
   desktop = import ./desktop inputs;
   laptop = import ./laptop inputs;
   lxc = import ./lxc inputs;
+  vm = import ./vm inputs;
 }
diff --git a/systems/profiles/vm/default.nix b/systems/profiles/vm/default.nix
new file mode 100644
index 0000000..4d939c1
--- /dev/null
+++ b/systems/profiles/vm/default.nix
@@ -0,0 +1,19 @@
+inputs @ {
+  home-manager,
+  sops-nix,
+  ...
+}: {
+  modules = [
+    sops-nix.nixosModules.sops
+    home-manager.nixosModules.home-manager
+
+    ../../../modules
+    ../../../roles
+
+    ./vm.nix
+  ];
+  specialArgs = {
+    inherit inputs;
+    artautil = import ../../../lib/util.nix {};
+  };
+}
diff --git a/systems/profiles/vm/vm.nix b/systems/profiles/vm/vm.nix
new file mode 100644
index 0000000..5d8d702
--- /dev/null
+++ b/systems/profiles/vm/vm.nix
@@ -0,0 +1,46 @@
+{
+  artautil,
+  config,
+  lib,
+  ...
+}: {
+  sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;
+
+  time.timeZone = "Europe/Helsinki";
+
+  networking.defaultGateway = {
+    address = "10.1.2.1";
+    interface = "eth0";
+  };
+  networking.nameservers = ["10.1.2.3"];
+  networking.interfaces."eth0".ipv4.addresses = [
+    {
+      address = artautil.getIPv4 config.networking.hostName;
+      prefixLength = 24;
+    }
+  ];
+
+  nix.settings.trusted-users = ["root"];
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
+    ];
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = lib.mkForce false;
+      KbdInteractiveAuthentication = lib.mkForce false;
+      PermitRootLogin = lib.mkForce "prohibit-password";
+    };
+  };
+
+  services = {
+    journald.extraConfig = "SystemMaxUse=4G";
+    cron.systemCronJobs = [
+      "0 22 * * * root journalctl --vacuum-time=7d"
+    ];
+  };
+}
-- 
2.44.1