2024-08-18 19:41:20 +01:00
|
|
|
{ lib, ... }:
|
|
|
|
|
{
|
2022-10-13 00:03:32 +01:00
|
|
|
users.users.tlater.password = "insecure";
|
|
|
|
|
|
|
|
|
|
# Disable graphical tty so -curses works
|
|
|
|
|
boot.kernelParams = [ "nomodeset" ];
|
|
|
|
|
|
2024-03-02 01:27:24 +00:00
|
|
|
networking.hostName = "testvm";
|
2024-03-11 03:50:59 +00:00
|
|
|
# Sets the base domain for nginx to a local domain so that we can
|
|
|
|
|
# easily test locally with the VM.
|
|
|
|
|
services.nginx.domain = "dev.local";
|
2022-10-13 00:03:32 +01:00
|
|
|
|
|
|
|
|
# Use the staging secrets
|
|
|
|
|
sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
|
|
|
|
|
|
2023-04-23 15:46:38 +01:00
|
|
|
systemd.network.networks."10-eth0" = {
|
|
|
|
|
matchConfig.Name = "eth0";
|
2024-03-27 00:17:26 +00:00
|
|
|
networkConfig = {
|
|
|
|
|
Address = "192.168.9.2/24";
|
|
|
|
|
};
|
2023-04-23 15:46:38 +01:00
|
|
|
};
|
|
|
|
|
|
2023-12-29 15:10:00 +00:00
|
|
|
# Both so we have a predictable key for the staging env, as well as
|
|
|
|
|
# to have a static key for decrypting the sops secrets for the
|
|
|
|
|
# staging env.
|
|
|
|
|
environment.etc."staging.key" = {
|
|
|
|
|
mode = "0400";
|
|
|
|
|
source = ../../keys/hosts/staging.key;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.openssh.hostKeys = lib.mkForce [
|
|
|
|
|
{
|
|
|
|
|
type = "rsa";
|
|
|
|
|
bits = 4096;
|
|
|
|
|
path = "/etc/staging.key";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2024-03-27 00:17:26 +00:00
|
|
|
virtualisation.vmVariant = {
|
|
|
|
|
virtualisation = {
|
|
|
|
|
memorySize = 3941;
|
|
|
|
|
cores = 2;
|
|
|
|
|
graphics = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.qemu = {
|
|
|
|
|
networkingOptions = lib.mkForce [
|
|
|
|
|
"-device virtio-net,netdev=n1"
|
|
|
|
|
"-netdev bridge,id=n1,br=br0,helper=$(which qemu-bridge-helper)"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-10-13 00:03:32 +01:00
|
|
|
}
|
