Modularize NixOS 'vm' configuration

2025-10-04 21:20:58 +02:00
parent 57d724cf36
commit 3fde62547d
5 changed files with 14 additions and 64 deletions
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@@ -0,0 +1,52 @@
+{ pkgs, ... }:
+
+{
+  system.stateVersion = "25.05";
+
+  imports =
+    [
+      ./hard.nix
+      ../../modules/bootloader.nix
+      ../../modules/networking.nix
+      ../../modules/users.nix
+      ../../modules/audio.nix
+      ../../modules/printing.nix
+      ../../modules/localization.nix
+      ../../modules/x.nix
+    ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  programs.git.enable = true;
+  programs.firefox.enable = true;
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [ neovim ];
+
+  services.spice-vdagentd.enable = true;
+  services.openssh = {
+    enable = true;
+    startWhenNeeded = true;
+    settings = {
+      ## hardening
+      PermitRootLogin = "no";
+      MaxAuthTries = 3;
+      LoginGraceTime = "1m";
+      PasswordAuthentication = false;
+      PermitEmptyPasswords = false;
+      ChallengeResponseAuthentication = false;
+      KerberosAuthentication = false;
+      GSSAPIAuthentication = false;
+      X11Forwarding = false;
+      PermitUserEnvironment = false;
+      AllowAgentForwarding = false;
+      AllowTcpForwarding = false;
+      PermitTunnel = false;
+      ## sshd_config defaults on Arch Linux
+      KbdInteractiveAuthentication = false;
+      UsePAM = true;
+      PrintMotd = false;
+    };
+  };
+}