From 26e43a6da82ba3b80bf84cb6ac2cefb5a6dca423 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 1 May 2023 12:30:21 +0200
Subject: [PATCH] add basic vm configuration

---
 README.md                           |  3 ++
 flake.lock                          | 28 +++++++++++++----
 flake.nix                           | 15 +++++++++
 hosts/vm/default.nix                | 48 +++++++++++++++++++++++++++++
 hosts/vm/hardware-configuration.nix | 23 ++++++++++++++
 5 files changed, 111 insertions(+), 6 deletions(-)
 create mode 100644 hosts/vm/default.nix
 create mode 100644 hosts/vm/hardware-configuration.nix

diff --git a/README.md b/README.md
index dcd773f..b05b79c 100644
--- a/README.md
+++ b/README.md
@@ -62,3 +62,6 @@ sda
 ├─sda14               # BIOS boot
 └─sda15   /boot/efi   # EFI stuff
 ```
+
+### vm
+Barebones configuration that can be easily deployed to virtual machines.
diff --git a/flake.lock b/flake.lock
index 6751f92..7f18c42 100644
--- a/flake.lock
+++ b/flake.lock
@@ -46,11 +46,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682813751,
-        "narHash": "sha256-gwR5vd1rVD6W/3BXbVohrfZKKOhPtp66vthGIG9758Y=",
+        "lastModified": 1682906023,
+        "narHash": "sha256-u0ngImxdfv2oSxFsjcfoQx6G2haZociXB5jHovEO1w8=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "02312cac59e8b22a823043ef64a34bc9cf0eef02",
+        "rev": "11b7ce14f87448417ce39cb667df6c6b9a591804",
         "type": "github"
       },
       "original": {
@@ -121,6 +121,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1682268411,
+        "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "nix-colors": {
       "inputs": {
         "base16-schemes": "base16-schemes",
@@ -224,11 +239,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1682786779,
-        "narHash": "sha256-m7QFzPS/CE8hbkbIVK4UStihAQMtczr0vSpOgETOM1g=",
+        "lastModified": 1682879489,
+        "narHash": "sha256-sASwo8gBt7JDnOOstnps90K1wxmVfyhsTPPNTGBPjjg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "08e4dc3a907a6dfec8bb3bbf1540d8abbffea22b",
+        "rev": "da45bf6ec7bbcc5d1e14d3795c025199f28e0de0",
         "type": "github"
       },
       "original": {
@@ -263,6 +278,7 @@
         "home-manager": "home-manager",
         "hyprland": "hyprland",
         "hyprpaper": "hyprpaper",
+        "impermanence": "impermanence",
         "nix-colors": "nix-colors",
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
diff --git a/flake.nix b/flake.nix
index 32327c6..35d438c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -15,6 +15,10 @@
       };
     };
 
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
+
     nix-index-database = {
       url = "github:Mic92/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -63,6 +67,7 @@
     { nixpkgs
     , home-manager
     , nix-index-database
+    , impermanence
     , hyprland
     , sops-nix
     , nix-colors
@@ -120,6 +125,16 @@
             trucksimulatorbot-images.nixosModules.default
           ];
         };
+        vm = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs.inputs = attrs;
+          modules = [
+            ./hosts/vm
+            ./shared
+            impermanence.nixosModules.impermanence
+            sops-nix.nixosModules.sops
+          ];
+        };
       };
     };
 }
diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix
new file mode 100644
index 0000000..8b21608
--- /dev/null
+++ b/hosts/vm/default.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, ... }:
+{
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    kernelPackages = pkgs.linuxPackages_latest;
+    tmp.useTmpfs = true;
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "dvorak";
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    htop-vim
+  ];
+  programs.git = {
+    enable = true;
+    config = {
+      user.name = "Rouven Seifert";
+      user.email = "rouven@rfive.de";
+    };
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # firmware updates
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../keys/ssh/rouven-thinkpad
+  ];
+
+  system.stateVersion = "22.11";
+
+}
diff --git a/hosts/vm/hardware-configuration.nix b/hosts/vm/hardware-configuration.nix
new file mode 100644
index 0000000..3378cce
--- /dev/null
+++ b/hosts/vm/hardware-configuration.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+    
+      # Replace with actual config
+      device = "/dev/sda";
+      fsType = "ext4";
+    };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}