From 2b9a21c1dd9f7afc56f4002f09f5368b73e9288c Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Mon, 8 Jul 2024 16:43:00 +0200
Subject: [PATCH] add test vm

---
 flake.nix                                 |  5 ++
 modules/services/ssh.nix                  |  2 +-
 systems/proxmox-test-vm/configuration.nix | 27 +++++++++++
 systems/proxmox-test-vm/disk-config.nix   | 56 +++++++++++++++++++++++
 4 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 systems/proxmox-test-vm/configuration.nix
 create mode 100644 systems/proxmox-test-vm/disk-config.nix

diff --git a/flake.nix b/flake.nix
index df54898..5b9e7af 100644
--- a/flake.nix
+++ b/flake.nix
@@ -159,6 +159,11 @@
           modules =
             [ disko.nixosModules.disko ./systems/adam-site/configuration.nix ];
         };
+        "proxmox-test-vm" = mkHost {
+          minimal = true;
+          modules =
+            [ disko.nixosModules.disko ./systems/proxmox-test-vm/configuration.nix ];
+        };
       };
     };
 }
diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index 36eb02e..ee5b344 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -6,7 +6,7 @@
         settings.PasswordAuthentication = false;
         settings.KbdInteractiveAuthentication = false;
         settings.X11Forwarding = false;
-        settings.PermitRootLogin = "no";
+        settings.PermitRootLogin = "prohibit-password";
         extraConfig = ''
             AllowAgentForwarding no
             AllowStreamLocalForwarding no
diff --git a/systems/proxmox-test-vm/configuration.nix b/systems/proxmox-test-vm/configuration.nix
new file mode 100644
index 0000000..a4a10c1
--- /dev/null
+++ b/systems/proxmox-test-vm/configuration.nix
@@ -0,0 +1,27 @@
+{ modulesPath, config, lib, pkgs, ... }: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+    ../../modules/services/ssh.nix
+  ];
+
+  time.timeZone = "Europe/Vienna";
+  custom = {
+    nftables.enable = true;
+    nix = {
+      ld.enable = true;
+      settings.enable = true;
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2"
+  ];
+  environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+  system.stateVersion = "24.05";
+}
diff --git a/systems/proxmox-test-vm/disk-config.nix b/systems/proxmox-test-vm/disk-config.nix
new file mode 100644
index 0000000..0625d3c
--- /dev/null
+++ b/systems/proxmox-test-vm/disk-config.nix
@@ -0,0 +1,56 @@
+# Example to create a bios compatible gpt partition
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+          type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "200M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}