]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/sourcehut/builds/nixos-unstable.nix
losurdo: drop gnupg at runtime in favor of systemd-creds
[sourcephile-nix.git] / hosts / mermet / sourcehut / builds / nixos-unstable.nix
1 system:
2 { pkgs, lib, config, ... }:
3 let
4 systemConfig = { pkgs, ... }: {
5 # passwordless ssh server
6 services.openssh = {
7 enable = true;
8 permitRootLogin = "yes";
9 extraConfig = "PermitEmptyPasswords yes";
10 };
11
12 users = {
13 mutableUsers = false;
14 # build user
15 extraUsers."build" = {
16 isNormalUser = true;
17 uid = 1000;
18 extraGroups = [ "wheel" ];
19 password = "";
20 };
21 users.root.password = "";
22 };
23
24 security.sudo.wheelNeedsPassword = false;
25 nix.settings.trusted-users = [ "root" "build" ];
26 documentation.nixos.enable = false;
27
28 # builds.sr.ht-image-specific network settings
29 networking = {
30 hostName = "build";
31 dhcpcd.enable = false;
32 defaultGateway.address = "10.0.2.2";
33 usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
34 interfaces."eth0".ipv4.addresses = [{
35 address = "10.0.2.15";
36 prefixLength = 25;
37 }];
38 enableIPv6 = false;
39 nameservers = [
40 # OpenNIC anycast
41 "185.121.177.177"
42 "169.239.202.202"
43 # Google as a fallback :(
44 "8.8.8.8"
45 ];
46 firewall.allowedTCPPorts = [ 22 ]; # allow ssh
47 };
48
49 environment.systemPackages = [
50 pkgs.gitMinimal
51 #pkgs.mercurial
52 pkgs.curl
53 pkgs.gnupg
54 ];
55 };
56 qemuConfig = { pkgs, ... }: {
57 imports = [ systemConfig ];
58 fileSystems."/".device = "/dev/disk/by-label/nixos";
59 boot.initrd.availableKernelModules = [
60 "ahci"
61 "ehci_pci"
62 "sd_mod"
63 "usb_storage"
64 "usbhid"
65 "virtio_balloon"
66 "virtio_blk"
67 "virtio_pci"
68 "virtio_ring"
69 "xhci_pci"
70 ];
71 boot.loader = {
72 grub = {
73 version = 2;
74 device = "/dev/vda";
75 };
76 timeout = 0;
77 };
78 };
79 config = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
80 inherit pkgs system; modules = [ qemuConfig ];
81 }).config;
82 in
83 import (pkgs.path + "/nixos/lib/make-disk-image.nix") {
84 inherit pkgs lib config;
85 diskSize = 16000;
86 format = "qcow2-compressed";
87 contents = [
88 { source = pkgs.writeText "gitconfig" ''
89 [user]
90 name = builds.sr.ht
91 email = build@sr.ht
92 '';
93 target = "/home/build/.gitconfig";
94 user = "build";
95 group = "users";
96 mode = "644";
97 }
98 ];
99 }