summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-05-15 15:47:54 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-05-15 15:47:54 +0200
commit99ee3e18f337218fff3bb2970df60e78978ef523 (patch)
treea2fd3414df8a5c0013da8efd185226b1ab5b497e
parent1514c30e46768eb978996660ad46ca8e48cef5b7 (diff)
downloadnixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar
nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar.gz
nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar.bz2
nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar.xz
nixos-99ee3e18f337218fff3bb2970df60e78978ef523.zip
surtr
-rw-r--r--accounts/gkleen@surtr.nix1
-rw-r--r--hosts/surtr/default.nix105
-rw-r--r--system-profiles/openssh/host-keys/surtr.yaml37
-rw-r--r--system-profiles/openssh/known-hosts/surtr.nix28
-rw-r--r--system-profiles/qemu-guest.nix19
5 files changed, 190 insertions, 0 deletions
diff --git a/accounts/gkleen@surtr.nix b/accounts/gkleen@surtr.nix
new file mode 100644
index 00000000..64629674
--- /dev/null
+++ b/accounts/gkleen@surtr.nix
@@ -0,0 +1 @@
{...}: {}
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
new file mode 100644
index 00000000..b3a55dac
--- /dev/null
+++ b/hosts/surtr/default.nix
@@ -0,0 +1,105 @@
1{ flake, pkgs, ... }:
2{
3 imports = with flake.nixosModules.systemProfiles; [
4 qemu-guest openssh
5 ];
6
7 config = {
8 nixpkgs = {
9 system = "x86_64-linux";
10 };
11
12 networking.hostId = "a64cf4d7";
13 environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
14
15 boot = {
16 loader = {
17 systemd-boot.enable = true;
18 efi.canTouchEfiVariables = true;
19 timeout = null;
20 };
21
22 kernelPackages = pkgs.linuxPackages_latest;
23
24 tmpOnTmpfs = true;
25
26 supportedFilesystems = [ "zfs" ];
27 };
28
29 fileSystems = {
30 "/" = {
31 fsType = "tmpfs";
32 options = [ "mode=0755" ];
33 };
34
35 "/boot" =
36 { device = "/dev/disk/by-label/boot";
37 fsType = "vfat";
38 };
39
40 "/nix" =
41 { device = "surtr/local/nix";
42 fsType = "zfs";
43 };
44
45 "/root" =
46 { device = "surtr/safe/home-root";
47 fsType = "zfs";
48 neededForBoot = true;
49 };
50
51 "/var/log" =
52 { device = "surtr/local/var-log";
53 fsType = "zfs";
54 };
55
56 "/home" =
57 { device = "surtr/safe/home";
58 fsType = "zfs";
59 };
60 };
61
62 networking = {
63 hostName = "surtr";
64 domain = "muspelheim.yggdrasil";
65 search = [ "muspelheim.yggdrasil" "yggdrasil" ];
66
67 enableIPv6 = true;
68 dhcpcd.enable = false;
69 useDHCP = false;
70 useNetworkd = true;
71 defaultGateway = { address = "202.61.240.1"; };
72 defaultGateway6 = { address = "fe80::1"; };
73 interfaces."ens3" = {
74 ipv4.addresses = [
75 { address = "202.61.241.61"; prefixLength = 22; }
76 ];
77 ipv6.addresses = [
78 { address = "2a03:4000:52:ada::"; prefixLength = 64; }
79 ];
80 };
81
82 firewall = {
83 enable = true;
84 allowPing = true;
85 allowedTCPPorts = [
86 22 # ssh
87 ];
88 allowedUDPPortRanges = [
89 { from = 60000; to = 61000; } # mosh
90 ];
91 };
92 };
93
94 services.openssh = {
95 passwordAuthentication = false;
96 challengeResponseAuthentication = false;
97 extraConfig = ''
98 AllowGroups ssh
99 '';
100 };
101 users.groups."ssh" = {
102 members = ["root"];
103 };
104 };
105}
diff --git a/system-profiles/openssh/host-keys/surtr.yaml b/system-profiles/openssh/host-keys/surtr.yaml
new file mode 100644
index 00000000..d31fda3c
--- /dev/null
+++ b/system-profiles/openssh/host-keys/surtr.yaml
@@ -0,0 +1,37 @@
1dsa: ENC[AES256_GCM,data:+2nv7zqZ47EhQnZ5x8no5J/0r1iWgmSxBMkiYig18JgdZa77lj9y05EubUlELJlGcqcQMD97xFKQdU9BRMGn2Bq0IeK3nBoENkDEp7ksmn6c+hh2GVCDDk5sQnNl1yQB0bo7TEHRddJe+xbAWZ2LGFRyc+ApBWCtqBnQ12+58dY2VarcogT0tNPaga76Mz6K31V6g9PAhiEL9hFl8F3p/ptgsdIArX6xI6+g/tRkE056EuPsqiAXbMagm2dBQOEUiicUEqpgMvnLhlre3FkRWWotrGtGsB0Sum4BY1mrTxaXJf/J5kt4DrPconjooSkzQPImTPtO1cXIHmmAWiQIOJ6xon3dXB2pq4KpWs4wVZ1a2OMXrgAkUCDsYwNQiyv85YREaMvo7J1nfbrP2VRRdPcP3XgbwXkcqzt0r9LYq17bYHxJmhrP9Si7wCwBkCkGxgyLhMTmXQjKairqRqM+5lnHa44bQ2AhMmq4iKCkSJo7fUXOdDNX0n61PFJSOT/UVsHiVDlqcpcSm/GcARcObdVWmXvjw81pmMTjMlAmLupU5yPiWTZr5lMTG42hDO1Yjq9fuA6tN+Op9duVaWc6YiA7qDSTEpGtGmb4wObAgelCfuUTTo+Wp77lqTAeL2eGfuSAKDMb6z3NfCpSpgvJMWhGJtqJfKd2Cu87P06UUgmnyyjVazVTUWmT/ALX6rosUmGChbx5SSQ8tin/jQdIoq4Qs3hR+7AtBil7DF9fpUfHy8OmP/BKbgihuZa1+n9fyiLnw4QfKGFWmmoh06upSrAu3fYofVe1iYuZUUTP/NNUxn/JxbYn2OrQ9PY7GVcFdRBtyU+R8aQ/bawlcwnaIIQOA04iip1P5tgQ8CWCzuHFyP+d9Eun9oD6wPvSoNWXAftochNU6Ol8MQ8ESe22hrO19TrirgxEGwOTVFVLIV1kLlRZ+eCcY3HI/Mq9hnu9KndrMcLsPnjPyzsPo/CmeIOxryT1lY+LKU2mJT0pLq4j1Mt3QrjOuruM4fSYrS5DdDWTXP1Gk5GiULyd12RQFQVznRlYMy6BcSUmRgTWezX+o0dt18aJGNsm0UpS3yjL8BQpatpxq8LxCp9pNhuIyfF3HyjyNeTX1be60XmblYPr+w6OK8sV83p7TTGYVe9xzp0HC87+SBRTWN6SUCkmVrdhzbEBaDZG1a5Ldvar1QbAZF8riUMHnGarh2ZX6Gv2acsnMV5qb8t/HlK3rCKtYk27ok8ENFQqNIpMvVtoxKNPLNBRMNz8KG77fSnYoGmDFVlY82mrDBqvfbHbZgd3wb6WO3xu0KYY8Vc+ymcFromXBxYOhliNAHxYWNRJPfbXEqGRmA2/P5H0yWPdqL29JLX7SeW6+xzWUY5LWDSHBd2qTl8FdWIddAl8jBs2IiNUIGAUayNLNCSjgbVXOsdk8Hx9aQs5RmwFzXX+jBCeYRXdkN5HLFP8o+9hkWbBv4vIRrJxrRvRAVEoP55ZLhFZakrQ52NQwA2Z2SlFnMgSbs9jzDuMRjhX6kkuiE4DdbCkEfkhaqWDY46PGpfhNJ1LTWJZjTLuwvSwb6toyhEzRdpZGHX9ZCGR39h8GtLD/NVvYx4+8rgvWEah8Aizh5PtmjxJD03dQBuFSpnniuxYyEzRiQPK0QcvDerBRzUFC45CCBOdvbf2EcaQygkRCyoAC4hQ5KE/0sWKlotg0zOtwh3Yd+yts4AA4Hmf8Mx3i4hTlG90hVccdPULr9M613V9VmD95+Vz1ugxM5QwTvMvqNh4WI86hX4RfpgulxVYrQOAKZjgTlGnUNu3wZK7X8P9PGOCt/QkfXIXMA==,iv:+x4eD9lw/b2GvLV8Wsp+UZY+lqCN1oknXCbTGwnQNqU=,tag:pU67QbCxEmUc/mT1gzTTsQ==,type:str]
2ecdsa: ENC[AES256_GCM,data:obC22x4LSu8YAbqioGx+6SMggFZyT5SDLN+XyOyoTP9OxP8OV73yWp4G36jJqxri9uRtdZbhy+sMXwNEErvN4p9H3pPv0H9KiqJf3Lbs/7pqGT5xbWD4f5A9BcXVwi7qk9XQIDtLfyL6YsQnyOFRO2/bWKY/CpvZOxhyRCkt3s4PsuTRRNvPfmuGbH4OgKDB8aIzNtracLpYakQtg9hI9izQetE4rf758QR6E76C4h5/J7SBzzPh2TfDYesVjjM8PwR7elN8ee8bfpQLKhyqA+FGSInLWrPho+7vBVLC2IYHOShbCXX19XXp9w/vefFGdBIKE7yEaKpCIavW4g1ZVt3UJJC9th/yVUDMpwp7/L72qgwgH7/tO4X5fT6NhUnhJA7xl+eiqe5/SpVCJwyYduTZHAlLlMAM4moF134vj3clsDb2fkV1AoZYeUtxCmbKVDy9lD12FqJ+mfTJ+bc3SZTCBR1ZeBMu/6u/xNzl3TLTfuJ5bW9VFa7vCy48di9mtcr5BhEU7u4C9T7RzoVNDjstxyoc5grqX4Q7GPOcmghV21QE49nsvdQTUxQejtZ/83lY5h/7nhzfd12mHR99cZhiZdwdJZoK8XKWwgjkXLXQF353+KShgFNmBs/8SyqAjNP66wUPO+YW/S7c7HoDiPIN9n/Za4erCg==,iv:agx+d66Pv5KOqzuzQFLMiywyh3REDzXrGW/F6lAm9tE=,tag:ozfiD2P6knpu+QQpSo+GCg==,type:str]
3ed25519: ENC[AES256_GCM,data:oFbZx5F797BF/lmKgfdX6ByB2/wBe8gfzJ2gc6m56vgBKFVIs1aIaOFHcUkeJ5wGfSVTZ4C6zv8bTPouIEDSEkFXT9rUXXUbnQ4tCw7BtpfJv40uZWEror5L8vLGzDV5kBs3TaD96ceAdzIF4psQpsyLhhJTtM8h6tJOs5JpDIG3BMXzVkaSAUCsYLIK9iqkyhVCDidqUm+A9Tke6NP5Oqq90n5q7hamPPwpzMFAFl6z5rf6jH3KTSOk+X98VT6vuInuoKc4ODLfGx1AQPJou4GGEOuFkbmsyA7CPZgNsgfnn13nR3CBqiioyzUJwBww3HAfyA2+ZvXhT4fQwAyM/o72F1gpL+LyPzHKPw4IR7f5+WGgoJjs/ORCvPbPG9jpkFEXKOUEgNFO881eIFizBYHvGc7zQS0rD5SspzSqETJ7zRqeB5EpANvZ2Fpv4adJKHZ/o0McMjr9meAxtV6Iunp2EG8tT1/QvuZZ+dFB1Uitpwt2fpd5iFX0uTeSB3gMPgWz3fvx207Bp/SprQdO,iv:vNu2tRvwkBUdgVSnkPli8NMlXNKfbrnf+MsPbnrDF58=,tag:oWYTDKymFM8YRSXwKdc5wg==,type:str]
4rsa: ENC[AES256_GCM,data:RBq1mV5XP4J7ETvRI/BLi1+MwqowUflN12h5T8csVejTLVjNDb03TbPMyH0mACPFK5fNDO+9vQ9HC6riIOiSZkXCjwkP//HdF8XqfAg4GrB+Y21fALDF4+Hmux/SrdJfL+JQ4iKWc1zI/bXZOX686/gdDC/dBFLbBD2Tc+n2yqRY6qDAqHZev7epAUtF0w5DTU+Oyt1tcuP73U+oqNs1C8o8zlKAfOgfSAS03sA0WDJJDWCwlnqAnP/Oh4MmUxAobi5afrJLLnmotCsvBCWN8a+zjR5PanGXINv8O1Fhi/ehKauM51zL7IZfKpjZxHS3IzjcTsGKJKP3QE6e8tYojKAPmZac/xcmsDTG/qZC4z7Tp0u6haENbZo+5kK8QyWLZr7b0yUqIYq4s7Y1/dMv3VO+EdmEKfVugg+W2+J9YsZNEkOuAptfKgM3eklry5YrkUVPy8U2nNyahVPzZExfFmjGGmKhdita8SLpD6s+ang0D5GIU8QmfAcrEqIqsCWn202BTdb77NMsfziTmRsJxdTtB5ZmeQL611uL2GI06Th6WqN96I+7eh0hze5TySaDRasKpnqWKnfg0UcoPaw8qW39CXWlZ1sqjlJP82lDs1rKkAeBDcB6YU+mtQnpfSPdGMOHnMNJ97tY4JhdJW4QCqR5Lr/m2aKxOwoc+BQqT4lSymBqPkolDYrBS+pHMHF6MS8TPsdBHt/6bFEiCzXBEmDe/Hx3eNVuT/YQJSBJzF9g98X0/79fkBMi+yI857d/a93cGzddQ1jLjS1yT6Qr+eegozNfeJPzdOSYbIh2xaYZ4MjUiO0LQr44DXOCA+y2viOpi44EvLqqqqDWHf5bcLfljVVF2bgzS54MThC0qlllNDaFpDSUdDQbVYgu8V2D8yCW/WuS+FPtvqIcSL3ZVsE1KgLplIXOdAOlw7YTisjOaXU1uwJNBYfxWlNjiiV/BtJ8rs53i9uPJN5oZ3cRh14mjAoJAhajamN3+xaXo85clthH9B3qSacduzsinsKiy4gL00Fi2WY3MKKbjaWL/JuELqvD37EibQ7HXffWPTBzc7zILRBetW57w44vMCX3kr0ESGzdtfVLsb7/WY937LACkkFIs7puWcgBJVwhAAEvTeOl11ynPKGDEjHah1wTNvWlpe6v4ko3zwNJOVp3lk9M0fwrNbS1jz4HKU+NGPrZS1/nOUd3YjJXCXzJTcq7hhhsBQYOw8+CT3EeWPURj0L0Ddo/a7MZgdTnN325iPqGErDx0F6UkAR8KcyT2M7AWqF0XRYsGDRs99siRF2aQ8UTq2IX5NE8lLG/QtyPrvVTV/tOX285Jt9C5yRufbNcGKUrXPB+SQM2eH0ip6QTvZ+CYfbGO2VIR7RISTUHKKNPMEMGOz5ZQaPc+8qMfFP7+1lz+fkZ7n+ZSVj9GI/GkbDHNERBos7JBSeG3hvVgraGKeanmHerRxlX42GEF8cQvMEjrCGp+PZPMcEmM7c5/5yJ0iYNyk3ES8LP2ax0XoGpWPxA67WNdzNiDd2JSLwHytxaPf3U5FO5rWLj4byrjDRoOZs0maIsVkEkABcCEyN7t20WzhBmnrx8fkrULXgeIcbQjFcL1x6UW2FS1AUWnHu23XoFxFu4HHIPYZdL70DdsoJr5MS0oZ92oBhaQAXE8nP3RLIMm8yZTqnYuTNzXo3ap9iXyFX+Srp4UvVPyHj8hO3LsXeX6TDQL5R93VMtv9EMQVksSLJU+kLeoKqkMivSAEtD9Zt/GYQdXoXjInY7NpDCha9NBSg+5N2vtVeojI7q/g6Oimq+uT2dRB+62lOd635xgnMRTlwwwkdNI9t1vLcuGStnzWMzYAQhf+TS3LPx7+JGeR8/TXMSoegFf+64hXFJRnxLJTjpfHAJkk0pQ02XAWObab6GVLj8uDcra9cDAKKDftVRX7gOC0k+Vt7vWxkfVPYb8F0EMa2MVm/qYUzcxtnCrxYljtzqXU4UDgw7jUb1yxzI1scU04MaQknfQammw0Lk+ICPEdEX2sJGiG9zH4acCdyqW77QL3tJouCaKPdd6cVq20cyfgjNYT6zbkdlmXTz960Nx9zT4mmk6ngoYwvR1g4nub6Fgo6JDA3AIU7e+uxbO83+I+0jmyOePqkbbJs3igIGekm4M5nl5MhnFyEOr0UrcEKqgp/suRZf/As4UqOHf2NAjP2CMtnHwB8Ug40j5blU/s38ILfdD/Vd87gwZFpx5QCsJjVC+ucuINl4V5WbRBkbIID6ZrLGXoVzYYVqY6oNAF93fl2xCSZykdkVdBaJvSbpz8wbzimjV7nUL2Bxu+sJN7809DTpgwyGutQJ4f9CgpAb0+g2TCGdvbvB+Uh5H62iQaZDsaD8guusrIEkxjW83V/38DYaWe/Wh3CTfTqRqgDxql22n6a33qlU+k0F/het07ZhqtQ8bwL8QATDYg9zxCfRgr4YiMFQ1evS1qCOF8KWnRa2ApOO0qPJJ49DxJeFMD29pXhmxtrBPJelSeZqDUYVx8Ns0n72hh6FxBkRItntU6HGAtC+aZCi3h5HnUKyRTb63tJwm7OGkVltP5QaFT0nE1Tv2FdQSKFcLvnMCcx+P9VJ0dPXShbCv6JMdxQuqRIR3RRI5D6cv4O4HZKxtMuiZmsZySRFbSG033TGDEJKShlT5CleowW+21dHZeAWGLR9d/ScRE2i1Z69O4SgoZPyDpwHTb5jB+47oh0HNvUIvskyHfp57HkcUCmszZHf4wPblUjr33hCpk0k48mQfVEjekdRxojE7FTbDIERFZPb6tMDuUnhM7p7CE96A2ka0/renFPA8czLGOTltyxQmaCc0ZOV4nlUJ0m6L5dcXSPjpfm81y23GJJVy0DCY0tZ5YKT2C+5EEhL1gx0pWZ7Tf844FmwCfXaUIkxNkAKV4c/hBlvdAev6unXUj6LdsHEg8GqlV3KCAeG0wG9CnspmUnSrgNDSfa3AkFjTKXzLtLXa+FYTq8GNEyvrMQq/cWrHNU6kDr6Q+CH86U8J7kVepwbSTi49TvTxgkY8DiOlufv7EPa6CmgEYGNybMWhvdZ+rghVyp7botR30Wab/T7eHnUd+0CQHKaQmJ/eHBxIfJToQrchyXTM+VrehI7EQqn2HzeuSt5SneMtgNS71p+jgdrAO7w1LhJy7TDutGGPsW5ln5aT509OhwSUF5ZzJTTVytwb0QsBeGq+2DyrGwxQoaBOgXOFyI4Slryeb1+BC2ednybYRpve75cWUJ1RBxq9TrD8HSesOUE4tTH0DLhe211NLDCSzQ8wk4jVaPr+us4YKEAiBjL6TSWMg3ZdHDIcQVO4o8iXSlM4mDpRU56JODuQLJtBAMVPDkj1Ybj18qIhJ1ZO5YZmUfTQPXtv9heGRQI4MB00RmF8VTXafyqu07DY3bM2RPj9r/1ygEXq2sNXFQ2v2Q0Hai+sl9xU8djdvL8zhTNUWHyewhYnA==,iv:aSdbpsJoDerPqWTSWp0bQIcLChCzeoeGSTKEzvfzafo=,tag:LeOxrwyXdJyj7M0FRn25QQ==,type:str]
5sops:
6 kms: []
7 gcp_kms: []
8 azure_kv: []
9 hc_vault: []
10 age: []
11 lastmodified: "2021-05-15T13:05:09Z"
12 mac: ENC[AES256_GCM,data:ATdT6u3dMOgaBVg7cS5tpaA0fyoQdlW/jSzwPjm1mi7j5rNkilIiqIR+C159MrI5eeApkyOpzQP2lIAlANjbO+TlO2YIYd0Ue8pdoEZGQvDyWv3AARLfdlaPzFAGAnBnjihVmKp2kQjfmcSJkASBQM8e89R1PsAKGhH5xS5b0zM=,iv:UyMsuxYWVs/Q9/HTfPtjDNf+tUOHSAqA3klFt7yewYQ=,tag:Vu8xY4NVdw6MvjDWZwiO4A==,type:str]
13 pgp:
14 - created_at: "2021-05-15T13:03:47Z"
15 enc: |
16 -----BEGIN PGP MESSAGE-----
17
18 hF4DXxoViZlp6dISAQdAr0a9IJdY95UvcmMkCS73pQZVdjqHnVTTcpCXYuqkmiYw
19 rTIqyEsqpoSrkR57LBNX98ix99H/hvj6x8+dsv+K/nJQ9Jjs921UW2HJ8hPMD44Q
20 0l4B2MyG+We3OClbt8BJmDo38/+/k9zSBdW2zbYEr4zhG7SCw0BryrPJwGAW54KT
21 1fdnNwzN5jdFRObhkq8I725IaU4d7GYrpVebw29HP2fd0Uf+62iBToraRJNj3sxL
22 =JRkx
23 -----END PGP MESSAGE-----
24 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
25 - created_at: "2021-05-15T13:03:47Z"
26 enc: |
27 -----BEGIN PGP MESSAGE-----
28
29 hF4DyFKFNkTVG5oSAQdAINIHQVygfLGVo2gdlKCoojmD5layNM6K/QlQR/CsaTsw
30 SY+3psZUwnwwe7QRnt2gHSOUgYrG6/nhiCAfxoZBQZ6zm+v0IUdbRKEJhhGJnHfV
31 0l4BUMxGLYHapIPjzTUwYQv9rF30zO7pJ3vU+4zkReNOcPzENLGX1uZu/1aULOcO
32 F33lTLP2B9B7pjvPoetJiuds3jO7JZrN3mFhIf7MTZyg5dMBbDSnUMJ6NIW+ug5F
33 =SAFL
34 -----END PGP MESSAGE-----
35 fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8
36 unencrypted_suffix: _unencrypted
37 version: 3.7.1
diff --git a/system-profiles/openssh/known-hosts/surtr.nix b/system-profiles/openssh/known-hosts/surtr.nix
new file mode 100644
index 00000000..8d227b44
--- /dev/null
+++ b/system-profiles/openssh/known-hosts/surtr.nix
@@ -0,0 +1,28 @@
1let
2 hostNames = ["surtr.muspelheim.yggdrasil" "surtr.yggdrasil.li"];
3in {
4 dsa = {
5 inherit hostNames;
6 publicKey = ''
7 ssh-dss AAAAB3NzaC1kc3MAAACBAIgY3WWK/yD1QzQMako4FDkD22YODiCA/d7Ga14xpx7ujSPQJ0PqFd1aTPhrEZdy6pMnL82chGJD/oeurAacBxeuUouKvr10vtpaDJpcvqr/9m4zsx0OSeHl9M5PuSumjEXL/bsF/QSeo9Vp8uznLgHP/oglP8OI4Qsdh/0wisK1AAAAFQD04cH0JaWgJEUePcuYd02KW7t4aQAAAIBkFCGDPkJedRdJRy+l2OW6H7XdCQnA814cWOGaUItw5IVWz6KlVGPlETrBtRJhrgiwApy1Sk2rHxmuHCirAFS6FCZ5ct5wHKV2L/1CDphJzsYql9hUBTgevEpuAg9Kn1WjtcV+t+3LO9URD64BKHzpvtM2I5hAU4Zu6G2OV150MQAAAIB7B3lRZBxkDfb5x4cjitzFXN3FUzBcl0SD6/TJ+TH2lbTONMIXdT9zHw5BfEz3ObcScxCT2g99bvkxDwPNFRAorLAlEhCYB2zUV5QnJd8ZpIB3AFbokUxq+Q8fs5tU16Wv9TQ4oYmY3m9UAEqVz6ph562Ss+axO9qfSlNZX8feGA==
8 '';
9 };
10 ecdsa = {
11 inherit hostNames;
12 publicKey = ''
13 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKLjbW8GWc7dF8HD8QrFZpZJop2xvFgvZnYfIl/slFASvphD6MBOHq3jx0+Tuk51xd4mvByTwoh8eokLZJidkZQ=
14 '';
15 };
16 ed25519 = {
17 inherit hostNames;
18 publicKey = ''
19 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgj
20 '';
21 };
22 rsa = {
23 inherit hostNames;
24 publicKey = ''
25 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCc=
26 '';
27 };
28}
diff --git a/system-profiles/qemu-guest.nix b/system-profiles/qemu-guest.nix
new file mode 100644
index 00000000..a231be74
--- /dev/null
+++ b/system-profiles/qemu-guest.nix
@@ -0,0 +1,19 @@
1{ ... }:
2{
3 config = {
4 boot.initrd = {
5 availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
6 kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
7
8 postDeviceCommands =
9 ''
10 # Set the system time from the hardware clock to work around a
11 # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
12 # to the *boot time* of the host).
13 hwclock -s
14 '';
15 };
16
17 services.qemuGuest.enable = true;
18 };
19}