fix: BIOS/MBR boot, crablo SSH key

2026-05-08 05:04:57 +00:00
parent c228a37fd8
commit 0de970e349
1 changed files with 46 additions and 45 deletions
@@ -1,99 +1,100 @@
 { config, lib, pkgs, ... }:
 {
-  # VM Hardware Configuration
+  # ─── Boot ──────────────────────────────────────────────────────────────────
  boot.loader.grub = {
    enable = true;
-    device = "/dev/sda";
+    device = "/dev/sda";   # BIOS/MBR install on scsi0
    useOSProber = false;
  };
-  # Filesystem — will be generated by nixos-generate-config, but override
+  boot.kernelPackages = pkgs.linuxPackages_latest;
-  fileSystems."/" = lib.mkDefault {
+
  # ─── Filesystems ───────────────────────────────────────────────────────────
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  fileSystems."/boot" = lib.mkDefault {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
-  # Network
+  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
  # ─── Hardware ──────────────────────────────────────────────────────────────
  services.qemuGuest.enable = true;
  # ─── Network ───────────────────────────────────────────────────────────────
  networking = {
    hostName = "nixos-dev";
    networkmanager.enable = true;
-    useDHCP = true;
+    useDHCP = lib.mkDefault true;
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 22 8000 8080 3000 ];
+      allowedTCPPorts = [ 22 3000 8000 8080 ];
    };
  };
-  # QEMU Guest Agent (for Proxmox integration)
+  # ─── SSH ───────────────────────────────────────────────────────────────────
  services.qemuGuest.enable = true;
  # SSH
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
-      PasswordAuthentication = true;  # change to no after keys deployed
+      PasswordAuthentication = false;
    };
  };
-  # User configuration
+  # ─── Users ─────────────────────────────────────────────────────────────────
  users.users.konrad = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" "networkmanager" ];
    shell = pkgs.zsh;
-    # Temporary password — change after first login
+    openssh.authorizedKeys.keys = [
-    initialPassword = "changeme";
+      # crablo (OpenClaw agent)
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLK3oQWZNq7vanyv6E6DM4QTN03sKhp149Ob44YTiS4 crablo@proxmox"
    ];
  };
-  # System-wide programs
+  security.sudo.wheelNeedsPassword = false;
  # ─── Programs ──────────────────────────────────────────────────────────────
  programs = {
    zsh.enable = true;
    git.enable = true;
  };
  # System packages (minimal core)
  environment.systemPackages = with pkgs; [
    curl
    wget
    git
    vim
    neovim
    htop
    btop
    ripgrep
    fd
    jq
    tree
    unzip
    tmux
  ];
-  # Docker
+  # ─── Docker ────────────────────────────────────────────────────────────────
  virtualisation.docker = {
    enable = true;
    enableOnBoot = true;
  };
-  # Nix configuration
+  # ─── Nix ───────────────────────────────────────────────────────────────────
-  nix = {
+  nix.settings = {
-    settings = {
+    experimental-features = [ "nix-command" "flakes" ];
-      experimental-features = [ "nix-command" "flakes" ];
+    auto-optimise-store = true;
-      auto-optimise-store = true;
+    trusted-users = [ "root" "konrad" ];
-    };
+  };
-    gc = {
+
-      automatic = true;
+  nix.gc = {
-      dates = "weekly";
+    automatic = true;
-      options = "--delete-older-than 7d";
+    dates = "weekly";
-    };
+    options = "--delete-older-than 7d";
  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
-  # Auto-upgrades
+  system.stateVersion = "24.11";
  system = {
    stateVersion = "24.11";
    autoUpgrade = {
      enable = true;
      allowReboot = false;
    };
  };
  # Enable flakes in this boot configuration
  boot.kernelPackages = pkgs.linuxPackages_latest;
 }