From 0de970e34925e6cdab5888a16ab68d96b196b83b Mon Sep 17 00:00:00 2001 From: konrad Date: Fri, 8 May 2026 05:04:57 +0000 Subject: [PATCH] fix: BIOS/MBR boot, crablo SSH key --- configuration.nix | 91 ++++++++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 45 deletions(-) diff --git a/configuration.nix b/configuration.nix index 1366205..928e415 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,99 +1,100 @@ { config, lib, pkgs, ... }: { - # VM Hardware Configuration + # ─── Boot ────────────────────────────────────────────────────────────────── boot.loader.grub = { enable = true; - device = "/dev/sda"; + device = "/dev/sda"; # BIOS/MBR install on scsi0 useOSProber = false; }; - # Filesystem — will be generated by nixos-generate-config, but override - fileSystems."/" = lib.mkDefault { + boot.kernelPackages = pkgs.linuxPackages_latest; + + # ─── Filesystems ─────────────────────────────────────────────────────────── + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - fileSystems."/boot" = lib.mkDefault { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; - # Network + swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; + + # ─── Hardware ────────────────────────────────────────────────────────────── + services.qemuGuest.enable = true; + + # ─── Network ─────────────────────────────────────────────────────────────── networking = { hostName = "nixos-dev"; networkmanager.enable = true; - useDHCP = true; + useDHCP = lib.mkDefault true; firewall = { enable = true; - allowedTCPPorts = [ 22 8000 8080 3000 ]; + allowedTCPPorts = [ 22 3000 8000 8080 ]; }; }; - # QEMU Guest Agent (for Proxmox integration) - services.qemuGuest.enable = true; - - # SSH + # ─── SSH ─────────────────────────────────────────────────────────────────── services.openssh = { enable = true; settings = { PermitRootLogin = "no"; - PasswordAuthentication = true; # change to no after keys deployed + PasswordAuthentication = false; }; }; - # User configuration + # ─── Users ───────────────────────────────────────────────────────────────── users.users.konrad = { isNormalUser = true; extraGroups = [ "wheel" "docker" "networkmanager" ]; shell = pkgs.zsh; - # Temporary password — change after first login - initialPassword = "changeme"; + openssh.authorizedKeys.keys = [ + # crablo (OpenClaw agent) + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLK3oQWZNq7vanyv6E6DM4QTN03sKhp149Ob44YTiS4 crablo@proxmox" + ]; }; - # System-wide programs + security.sudo.wheelNeedsPassword = false; + + # ─── Programs ────────────────────────────────────────────────────────────── programs = { zsh.enable = true; git.enable = true; }; - # System packages (minimal core) environment.systemPackages = with pkgs; [ curl + wget git vim + neovim htop + btop + ripgrep + fd + jq + tree + unzip + tmux ]; - # Docker + # ─── Docker ──────────────────────────────────────────────────────────────── virtualisation.docker = { enable = true; enableOnBoot = true; }; - # Nix configuration - nix = { - settings = { - experimental-features = [ "nix-command" "flakes" ]; - auto-optimise-store = true; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; + # ─── Nix ─────────────────────────────────────────────────────────────────── + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + trusted-users = [ "root" "konrad" ]; + }; + + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Auto-upgrades - system = { - stateVersion = "24.11"; - autoUpgrade = { - enable = true; - allowReboot = false; - }; - }; - - # Enable flakes in this boot configuration - boot.kernelPackages = pkgs.linuxPackages_latest; + system.stateVersion = "24.11"; }