40 lines
1.0 KiB
Nix
40 lines
1.0 KiB
Nix
{lib, ...}: {
|
|
users.users.tlater.password = "insecure";
|
|
|
|
# Disable graphical tty so -curses works
|
|
boot.kernelParams = ["nomodeset"];
|
|
|
|
networking.hostName = "testvm";
|
|
# Sets the base domain for nginx to a local domain so that we can
|
|
# easily test locally with the VM.
|
|
services.nginx.domain = "dev.local";
|
|
|
|
# Use the staging secrets
|
|
sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
|
|
|
|
systemd.network.networks."10-eth0" = {
|
|
matchConfig.Name = "eth0";
|
|
networkConfig.DHCP = "yes";
|
|
};
|
|
|
|
# Both so we have a predictable key for the staging env, as well as
|
|
# to have a static key for decrypting the sops secrets for the
|
|
# staging env.
|
|
environment.etc."staging.key" = {
|
|
mode = "0400";
|
|
source = ../../keys/hosts/staging.key;
|
|
};
|
|
|
|
services.openssh.hostKeys = lib.mkForce [
|
|
{
|
|
type = "rsa";
|
|
bits = 4096;
|
|
path = "/etc/staging.key";
|
|
}
|
|
];
|
|
|
|
# # Set up VM settings to match real VPS
|
|
# virtualisation.memorySize = 3941;
|
|
# virtualisation.cores = 2;
|
|
}
|