{ config, lib, pkgs, modulesPath, desktop, username, ... }: { imports = [ ]; nixpkgs.config.allowUnfree = false; boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; # For cross-architecture builds boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ]; environment.systemPackages = with pkgs; [ # Currently used for building the Linode image qemu_kvm ]; fileSystems."/" = { device = "/dev/disk/by-label/ROOT"; fsType = "ext4"; }; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; virtualisation.virtualbox.guest.enable = true; time.timeZone = "Asia/Tokyo"; networking.hostName = "nixos-vm-01"; boot.loader.grub = { enable = true; device = "/dev/sda"; useOSProber = true; }; # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: sops.secrets."tailscale_keys/nixos-vm-01" = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; restartUnits = [ "tailscaled.service" "tailscaled-autoconnect.service" ]; }; services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-vm-01"; # networking.firewall.allowedTCPPorts = [ 22 ]; # SSH Keys for root for remote builds users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ]; }