hosts/mermet/sourcehut/builds/nixos-unstable.nix

   1 system:
   2 { pkgs, lib, config, ... }:
   3 let
   4   systemConfig = { pkgs, ... }: {
   5     # passwordless ssh server
   6     services.openssh = {
   7       enable = true;
   8       permitRootLogin = "yes";
   9       extraConfig = "PermitEmptyPasswords yes";
  10     };
  11
  12     users = {
  13       mutableUsers = false;
  14       # build user
  15       extraUsers."build" = {
  16         isNormalUser = true;
  17         uid = 1000;
  18         extraGroups = [ "wheel" ];
  19         password = "";
  20       };
  21       users.root.password = "";
  22     };
  23
  24     security.sudo.wheelNeedsPassword = false;
  25     nix.trustedUsers = [ "root" "build" ];
  26     documentation.nixos.enable = false;
  27
  28     # builds.sr.ht-image-specific network settings
  29     networking = {
  30       hostName = "build";
  31       dhcpcd.enable = false;
  32       defaultGateway.address = "10.0.2.2";
  33       usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
  34       interfaces."eth0".ipv4.addresses = [{
  35         address = "10.0.2.15";
  36         prefixLength = 25;
  37       }];
  38       enableIPv6 = false;
  39       nameservers = [
  40         # OpenNIC anycast
  41         "185.121.177.177"
  42         "169.239.202.202"
  43         # Google as a fallback :(
  44         "8.8.8.8"
  45       ];
  46       firewall.allowedTCPPorts = [ 22 ]; # allow ssh
  47     };
  48
  49     environment.systemPackages = [
  50       pkgs.gitMinimal
  51       #pkgs.mercurial
  52       pkgs.curl
  53       pkgs.gnupg
  54     ];
  55   };
  56   qemuConfig = { pkgs, ... }: {
  57     imports = [ systemConfig ];
  58     fileSystems."/".device = "/dev/disk/by-label/nixos";
  59     boot.initrd.availableKernelModules = [
  60       "ahci"
  61       "ehci_pci"
  62       "sd_mod"
  63       "usb_storage"
  64       "usbhid"
  65       "virtio_balloon"
  66       "virtio_blk"
  67       "virtio_pci"
  68       "virtio_ring"
  69       "xhci_pci"
  70     ];
  71     boot.loader = {
  72       grub = {
  73         version = 2;
  74         device = "/dev/vda";
  75       };
  76       timeout = 0;
  77     };
  78   };
  79   config = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
  80     inherit pkgs system; modules = [ qemuConfig ];
  81   }).config;
  82 in
  83 import (pkgs.path + "/nixos/lib/make-disk-image.nix") {
  84   inherit pkgs lib config;
  85   diskSize = 16000;
  86   format = "qcow2-compressed";
  87   contents = [
  88     { source = pkgs.writeText "gitconfig" ''
  89         [user]
  90           name = builds.sr.ht
  91           email = build@sr.ht
  92       '';
  93       target = "/home/build/.gitconfig";
  94       user = "build";
  95       group = "users";
  96       mode = "644";
  97     }
  98   ];
  99 }