system/desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
desktop/vms/default.nix
root 73ff9ee8ee
.
2026-03-16 12:19:11 -03:00

571 lines
18 KiB
Nix
Raw Permalink Blame History

{
nixpkgs,
sops-nix,
impermanence,
home-manager,
...
}:
{
systemd.network.netdevs."20-microbr".netdevConfig = {
Kind = "bridge";
Name = "microbr";
};
systemd.network.networks."20-microbr" = {
matchConfig.Name = "microbr";
addresses = [ { Address = "192.168.77.1/24"; } ];
networkConfig = {
ConfigureWithoutCarrier = true;
};
};
systemd.network.networks."21-microvm-tap" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microbr";
};
networking.nat = {
enable = true;
internalInterfaces = [ "microbr" ];
externalInterface = "enp7e0";
};
networking.nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority srcnat;
iifname "microbr" masquerade
}
'';
};
};
microvm.vms = {
"dealwise" = {
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"claude-code"
];
};
config =
let
hostname = "ai-sandbox";
mac = "02:00:00:00:00:06";
in
{
config,
pkgs,
...
}:
{
imports = [
impermanence.nixosModules.impermanence
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
];
sops = {
defaultSopsFile = ./secrets/secrets.yaml;
age.keyFile = "/.persist/root/.config/sops/age/keys.txt";
secrets = {
"wg0/private_key" = { };
};
};
boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1;
systemd.network = {
enable = true;
networks = {
"10-net" = {
matchConfig.MACAddress = mac;
linkConfig.RequiredForOnline = "routable";
addresses = [ { Address = "192.168.77.2/24"; } ];
routes = [
{
Gateway = "192.168.77.1";
Metric = 100;
}
{
Destination = "103.69.224.4/32";
Gateway = "192.168.77.1";
}
];
};
};
};
services.resolved.enable = false;
environment.etc."resolv.conf".text = ''
nameserver 10.2.0.1
'';
networking = {
hostName = hostname;
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
wireguard.interfaces.wg0 = {
ips = [ "10.2.0.2/32" ];
listenPort = 45974;
privateKeyFile = config.sops.secrets."wg0/private_key".path;
metric = 10;
peers = [
{
publicKey = "D8Sqlj3TYwwnTkycV08HAlxcXXS3Ura4oamz8rB5ImM=";
endpoint = "103.69.224.4:51820";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
persistentKeepalive = 25;
}
];
};
};
users.mutableUsers = false;
users.users.root = {
password = "";
home = "/root";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"
];
};
users.users.user = {
linger = true;
home = "/home/user";
password = "";
group = "user";
isNormalUser = true;
uid = 1000;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"
];
};
users.groups.user.gid = 1000;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.user = {
home.username = "user";
home.homeDirectory = "/home/user";
home.stateVersion = "25.11";
home.enableNixpkgsReleaseCheck = false;
xdg.configFile."containers/containers.conf".text = ''
[engine]
compose_warning_logs=false
events_logger="file"
[containers]
log_driver="k8s-file"
'';
xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
plugin = [ "opencode-antigravity-auth@latest" ];
provider = {
google = {
models = {
antigravity-gemini-3-pro = {
name = "Gemini 3 Pro (Antigravity)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingLevel = "low";
};
high = {
thinkingLevel = "high";
};
};
};
antigravity-gemini-3-flash = {
name = "Gemini 3 Flash (Antigravity)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
minimal = {
thinkingLevel = "minimal";
};
low = {
thinkingLevel = "low";
};
medium = {
thinkingLevel = "medium";
};
high = {
thinkingLevel = "high";
};
};
};
antigravity-claude-sonnet-4-5 = {
name = "Claude Sonnet 4.5 (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
antigravity-claude-sonnet-4-5-thinking = {
name = "Claude Sonnet 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
antigravity-claude-opus-4-5-thinking = {
name = "Claude Opus 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
antigravity-claude-opus-4-6-thinking = {
name = "Claude Opus 4.6 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
"gemini-2.5-flash" = {
name = "Gemini 2.5 Flash (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
"gemini-2.5-pro" = {
name = "Gemini 2.5 Pro (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
gemini-3-flash-preview = {
name = "Gemini 3 Flash Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
gemini-3-pro-preview = {
name = "Gemini 3 Pro Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
};
};
};
};
};
};
fileSystems = {
"/.persist".neededForBoot = true;
};
environment.systemPackages = with pkgs; [
coreutils
jq
git
fzf
claude-code
neovim
ripgrep
fd
podman-compose
opencode
php
php.packages.composer
pkgs.nodejs_24
pkgs.dotnet-sdk_9
pkgs.go_1_24
];
programs = {
fish.enable = true;
starship.enable = true;
ssh = {
knownHosts = {
"github.com".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
};
};
systemd.tmpfiles.rules = [
"d /var/log/laravel 0755 1000 1000"
];
environment.persistence."/.persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.root = {
files = [
".config/sops/age/keys.txt"
];
};
users.user = {
files = [
".claude.json"
".claude.json.backup"
];
directories = [
".claude"
".local/share/containers"
".local/share/opencode"
];
};
};
services = {
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "yes";
AllowUsers = [
"user"
"root"
];
};
};
getty = {
autologinUser = "root";
autologinOnce = true;
};
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
dockerCompat = true;
};
};
environment.sessionVariables = {
EDITOR = "nvim";
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 8192;
socket = "control.sock";
interfaces = [
{
id = "vm-${hostname}";
type = "tap";
mac = mac;
}
];
volumes = [
{
mountPoint = "/.persist";
image = "persist.img";
size = 1024 * 128;
}
{
mountPoint = "/nix/.rw-store";
image = "nix-store.img";
size = 1024 * 128;
}
];
writableStoreOverlay = "/nix/.rw-store";
shares = [
{
proto = "virtiofs";
tag = "downloads";
source = "/home/user/downloads";
mountPoint = "/home/user/downloads";
}
{
proto = "virtiofs";
tag = "pictures";
source = "/home/user/pictures";
mountPoint = "/home/user/pictures";
}
{
proto = "virtiofs";
tag = "dealwise";
source = "/home/user/work/dealwise";
mountPoint = "/home/user/work/dealwise";
}
{
proto = "virtiofs";
tag = "php-data-transfer-object";
source = "/home/user/dev/icefox/php/data-transfer-object";
mountPoint = "/home/user/dev/icefox/php/data-transfer-object";
}
{
proto = "virtiofs";
tag = "uni";
source = "/home/user/uni";
mountPoint = "/home/user/uni";
}
{
proto = "virtiofs";
tag = "dev";
source = "/home/user/dev";
mountPoint = "/home/user/dev";
}
{
proto = "virtiofs";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
qemu.extraArgs = [
"-cpu"
"host"
];
};
system.stateVersion = "25.11";
};
};
};
}
Reference in a new issue View git blame Copy permalink