nixos-servers/nixos/vm.nix

{ pkgs, lib, config, agenix, disko, machine, hypervisorConfig, ... }: {
  imports = [
    ./modules
    ./lab.nix
    machine.nixosModule
    disko.nixosModules.disko
    agenix.nixosModules.default
  ];

  options.lab.vmMacAddress = lib.mkOption {
    type = lib.types.str;
    description = ''
      The MAC address of the VM's main NIC.
    '';
  };

  # TODO: remove overlap with physical nixos module
  # Perhaps a sane defaults module?
  config = {
    system.stateVersion = hypervisorConfig.system.stateVersion;
    time.timeZone = "Europe/Amsterdam";

    i18n = {
      defaultLocale = "en_US.UTF-8";

      extraLocaleSettings = {
        LC_ADDRESS = "nl_NL.UTF-8";
        LC_IDENTIFICATION = "nl_NL.UTF-8";
        LC_MEASUREMENT = "nl_NL.UTF-8";
        LC_MONETARY = "nl_NL.UTF-8";
        LC_NAME = "nl_NL.UTF-8";
        LC_NUMERIC = "nl_NL.UTF-8";
        LC_PAPER = "nl_NL.UTF-8";
        LC_TELEPHONE = "nl_NL.UTF-8";
        LC_TIME = "nl_NL.UTF-8";
      };
    };

    services = {
      openssh = {
        enable = true;
        openFirewall = true;

        settings = {
          PasswordAuthentication = false;
          KbdInteractiveAuthentication = false;
        };
      };

      xserver = {
        layout = "us";
        xkbVariant = "";
      };
    };

    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
    ];

    programs = {
      ssh = {
        knownHosts = {
          dmz = {
            hostNames = [ "*.dmz" ];
            publicKey =
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
            certAuthority = true;
          };

          hypervisors = {
            hostNames = [ "*.hyp" ];
            publicKey =
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
            certAuthority = true;
          };
        };

      };

      neovim = {
        enable = true;
        vimAlias = true;
        viAlias = true;
      };
    };

    environment.systemPackages = with pkgs; [
      neofetch
      wget
      git
      btop
      htop
      ripgrep
      dig
      tree
      file
      tcpdump
      lsof
      parted
      radvd
    ];

    microvm = {
      shares = [{
        source = "/nix/store";
        mountPoint = "/nix/.ro-store";
        tag = "ro-store";
        proto = "virtiofs";
      }];

      interfaces = [{
        type = "tap";
        id = "vm-${machine.hostName}";
        mac = config.lab.vmMacAddress;
      }];
    };
  };
}