{ pkgs, lib, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") #(fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master") ]; environment.systemPackages = with pkgs; [ vim gitea-actions-runner podman-compose # start group of containers for dev podman-tui dive neovim ]; nix.settings.experimental-features = "nix-command flakes"; boot.isContainer = true; virtualisation.containers.enable = true; virtualisation = { podman = { enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; # Required for containers under podman-compose to be able to talk to each other. defaultNetwork.settings.dns_enabled = true; }; }; # Set the system version system.stateVersion = "unstable"; # Enable OpenSSH services.sshd.enable = true; services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; # services.vscode-server.enable = true; services.gitea-actions-runner.instances = { runner1 = { token = "Pxh7t6Ip39SFjWQyhCjb7xsRC73k5l3JY3jYYzzD"; url = "http://gitea.lan:3000/"; name = "runner1"; enable = true; labels = [ "ubuntu-latest:docker://ubuntu:latest" ]; }; }; # Don't use the host's nix-daemon environment.variables.NIX_REMOTE = lib.mkForce ""; users.mutableUsers = false; #just activate temporarily to enforce user passwords are original as in this configuration users.users.huntemann = { isNormalUser = true; # password = "hallo"; hashedPassword = "$y$j9T$hW.doX2GXbs.bfEjlD5B0/$pG0DPva0RvbG3V0gfWUVAXWDPlIiHzr8MmhCUJuVzG2"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6LLy8IibZsCar/hC2U86lFTp4Of2YO+SMm69p+jh6k Marcus macbook" ]; extraGroups = [ "wheel" ]; }; security.sudo.extraRules = [ { users = [ "huntemann" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; # Allows running all commands without a password } ]; } ]; }