{ lib, ... }: { users.users.tlater.password = "insecure"; # Disable graphical tty so -curses works boot.kernelParams = [ "nomodeset" ]; networking.hostName = "testvm"; # Sets the base domain for nginx to a local domain so that we can # easily test locally with the VM. services.nginx.domain = "dev.local"; # Use the staging secrets sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml; systemd.network.networks."10-eth0" = { matchConfig.Name = "eth0"; networkConfig = { Address = "192.168.9.2/24"; }; }; # Both so we have a predictable key for the staging env, as well as # to have a static key for decrypting the sops secrets for the # staging env. environment.etc."staging.key" = { mode = "0400"; source = ../../keys/hosts/staging.key; }; services.openssh.hostKeys = lib.mkForce [ { type = "rsa"; bits = 4096; path = "/etc/staging.key"; } ]; virtualisation.vmVariant = { virtualisation = { memorySize = 3941; cores = 2; graphics = false; }; virtualisation.qemu = { networkingOptions = lib.mkForce [ "-device virtio-net,netdev=n1" "-netdev bridge,id=n1,br=br0,helper=$(which qemu-bridge-helper)" ]; }; }; }