94 lines
2.8 KiB
Nix
94 lines
2.8 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
boot.kernelParams = [
|
|
"audit=0"
|
|
"cgroup_enable=memory"
|
|
"net.ifnames=0"
|
|
"swapaccount=1"
|
|
"syscall.x32=y"
|
|
"module_blacklist=pcspkr,snd_pcsp"
|
|
];
|
|
|
|
boot.initrd = {
|
|
compressor = "zstd";
|
|
compressorArgs = [
|
|
"-19"
|
|
"-T0"
|
|
];
|
|
systemd.enable = true;
|
|
# Fix Raspberry Pi build
|
|
systemd.enableTpm2 = false;
|
|
};
|
|
|
|
boot.loader.grub = {
|
|
enable = pkgs.stdenv.isx86_64;
|
|
default = "saved";
|
|
};
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "America/Los_Angeles";
|
|
|
|
users.mutableUsers = false;
|
|
|
|
users.users.root = {
|
|
hashedPassword = "$6$9iybgF./X/RNsRrQ$h7Zlk//loJDPg7yCCPT/9jVU0Tvep6vEA1FvPBT.kqJUA5qlzhDJEYnBFlpBZmTXuUXjF0qgmDWmGkXIMC9JD/";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMcWoEQ4Mh27AV3ixcn9CMaUK/R+y4y5TqHmn2wJoN6i lantian@lantian-lenovo-archlinux"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCulLscvKjEeroKdPE207W10MbZ3+ZYzWn34EnVeIG0GzfZ3zkjQJVfXFahu97P68Tw++N6zIk7htGic9SouQuAH8+8kzTB8/55Yjwp7W3bmqL7heTmznRmKehtKg6RVgcpvFfciyxQXV/bzOkyO+xKdmEw+fs92JLUFjd/rbUfVnhJKmrfnohdvKBfgA27szHOzLlESeOJf3PuXV7BLge1B+cO8TJMJXv8iG8P5Uu8UCr857HnfDyrJS82K541Scph3j+NXFBcELb2JSZcWeNJRVacIH3RzgLvp5NuWPBCt6KET1CCJZLsrcajyonkA5TqNhzumIYtUimEnAPoH51hoUD1BaL4wh2DRxqCWOoXn0HMrRmwx65nvWae6+C/7l1rFkWLBir4ABQiKoUb/MrNvoXb+Qw/ZRo6hVCL5rvlvFd35UF0/9wNu1nzZRSs9os2WLBMt00A4qgaU2/ux7G6KApb7shz1TXxkN1k+/EKkxPj/sQuXNvO6Bfxww1xEWFywMNZ8nswpSq/4Ml6nniS2OpkZVM2SQV1q/VdLEKYPrObtp2NgneQ4lzHmAa5MGnUCckES+qOrXFZAcpI126nv1uDXqA2aytN6WHGfN50K05MZ+jA8OM9CWFWIcglnT+rr3l+TI/FLAjE13t6fMTYlBH0C8q+RnQDiIncNwyidQ== lantian@LandeMacBook-Pro.local"
|
|
];
|
|
};
|
|
|
|
systemd.network.enable = true;
|
|
environment.etc."systemd/networkd.conf".text = ''
|
|
[Network]
|
|
ManageForeignRoutes=false
|
|
'';
|
|
systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [
|
|
"" # clear old command
|
|
"${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any"
|
|
];
|
|
services.resolved.enable = false;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 2222 ];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = lib.mkForce "prohibit-password";
|
|
};
|
|
};
|
|
|
|
networking.firewall.enable = false;
|
|
|
|
networking.useDHCP = false;
|
|
networking.hostName = "bootstrap";
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
# QEMU
|
|
boot.initrd.postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
|
|
# Set the system time from the hardware clock to work around a
|
|
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
|
|
# to the *boot time* of the host).
|
|
hwclock -s
|
|
'';
|
|
|
|
boot.initrd.availableKernelModules = [
|
|
"virtio_net"
|
|
"virtio_pci"
|
|
"virtio_mmio"
|
|
"virtio_blk"
|
|
"virtio_scsi"
|
|
];
|
|
boot.initrd.kernelModules = [
|
|
"virtio_balloon"
|
|
"virtio_console"
|
|
"virtio_rng"
|
|
];
|
|
}
|