qbit/configuration.nix

## configuration.nix
{ config, lib, options, pkgs, fetchFromGitHub, kernel, kmod, ... }:

let
  pubKeys = [
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo= qbit@litr.bold.daemon"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZExBj4QByLZSyKJ5+fPQnqDNrbsFz1IQWbFqCDcq9g qbit@ren.bold.daemon"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITjFpmWZVWixv2i9902R+g5B8umVhaqmjYEKs2nF3Lu qbit@tal.tapenet.org"
  ];
  vmmClock = config.boot.kernelPackages.callPackage ./vmm_clock.nix { };
  virtioVmmci = config.boot.kernelPackages.callPackage ./virtio_vmmci.nix { };

  userBase = {
    shell = "${pkgs.oksh}/bin/oksh";
    openssh.authorizedKeys.keys = pubKeys;
  };

  home-manager = builtins.fetchGit {
    url = "https://github.com/nix-community/home-manager.git";
    ref = "release-20.09";
  };

in {
  imports =
    [
      ./hardware-configuration.nix
      (import "${home-manager}/nixos")
    ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vda";

  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelModules = [ "virtio_vmmci" "vmm_clock" ];

  boot.kernelParams = [
    "console=ttyS0,115200n8"
  ];
  boot.extraModulePackages = [ virtioVmmci vmmClock ];

  nix.autoOptimiseStore = true;
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 10d";
  };

  security.doas.enable = true;
  security.sudo.enable = false;

  networking.hostName = "nerm";

  # No IPv6
  networking.enableIPv6 = false;

  networking.useDHCP = false;
  networking.interfaces.enp0s2.useDHCP = true;
  networking.interfaces.enp0s3.ipv4.addresses = [{
    address = "10.10.10.21";
    prefixLength = 24;
  }];
  networking.timeServers = options.networking.timeServers.default;

  time.timeZone = "US/Mountain";

  environment.systemPackages = with pkgs; [
    ssb-patchwork
    signal-desktop
    vim
    git
    oksh
    go
  ];

  services.openntpd.enable = true;
  services.openssh = {
    enable = true;
    forwardX11 = true;
    permitRootLogin = "prohibit-password";
    passwordAuthentication = false;
  };

  networking.firewall.allowedTCPPorts = [ 22 ];

  users.users.root = userBase;
  users.users.qbit = userBase // {
    isNormalUser = true;
    home = "/home/qbit";
    description = "Aaron Bieber";
    extraGroups = [ "wheel" ];
  };

  home-manager.users.qbit = import "/home/qbit/home.nix";

  system.stateVersion = "20.03";
}

## rtc_systohc.diff
This diff can be removed on the next release of virtio_vmmci:
https://github.com/voutilad/virtio_vmmci/commit/74cbbc46ade0db5a0433ff342d28b9fdee7da0e3

diff --git a/virtio_vmmci.c b/virtio_vmmci.c
index 2c97585..15db734 100644
--- a/virtio_vmmci.c
+++ b/virtio_vmmci.c
@@ -142,7 +142,7 @@ static int sync_system_time(void)

        // Try to open the hardware clock...which should be the emulated
        // mc146818 clock device.
-       struct rtc_device *rtc = rtc_class_open(CONFIG_RTC_HCTOSYS_DEVICE);
+       struct rtc_device *rtc = rtc_class_open(CONFIG_RTC_SYSTOHC_DEVICE);
        if (rtc == NULL) {
                printk(KERN_ERR "vmmci unable to open rtc device\n");
                rc = -ENODEV;

## virtio_vmmci.nix
{ stdenv, lib, fetchFromGitHub, kernel, kmod }:

stdenv.mkDerivation rec {
  name = "virtio_vmmci";
  version = "0.3.0";

  src = fetchFromGitHub {
    owner = "voutilad";
    repo = "virtio_vmmci";
    rev = "${version}";
    sha256 = "1pc5nl6wl6li0m5xxn7c0kw3l80c242jgnagfv3pzg4hm5mdwrgf";
  };

  #sourceRoot = "";
  hardeningDisable = [ "pic" "format" ];
  nativeBuildInputs = kernel.moduleBuildDependencies;

  extraConfig = ''
    CONFIG_RTC_HCTOSYS yes
  '';

  makeFlags = [
    "INSTALL_MOD_PATH=$(out)"
    "DEPMOD=echo"
    "KERNELRELEASE=${kernel.modDirVersion}"
    "KERNELDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
  ];

  patches = [ ./rtc_systohc.diff ];

  meta = with lib; {
    description = "An OpenBSD VMM Control Interface (vmmci) for Linux";
    homepage = "https://github.com/voutilad/virtio_vmmci";
    license = licenses.gpl2;
    maintainers = [ maintainers.makefu ];
    platforms = platforms.linux;
  };
}

## vmm_clock.nix
{ stdenv, lib, fetchFromGitHub, kernel, kmod }:

stdenv.mkDerivation rec {
  name = "vmm_clock";
  version = "master";

  src = fetchFromGitHub {
    owner = "voutilad";
    repo = "vmm_clock";
    rev = "${version}";
    # nix-prefetch-url --unpack https://github.com/voutilad/vmm_clock/archive/master.zip
    sha256 = "1fjdsjy00zr11yij1saw1y3ssjp0dr01058zs8wp7ll1nizjsf1g";
  };

  #sourceRoot = "";
  hardeningDisable = [ "pic" "format" ];
  nativeBuildInputs = kernel.moduleBuildDependencies;

  extraConfig = ''
    CONFIG_RTC_HCTOSYS yes
  '';

  makeFlags = [
    "DEPMOD=echo"
    "INSTALL_MOD_PATH=$(out)"
    "KERNELRELEASE=${kernel.modDirVersion}"
    "KERNELDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
  ];

  meta = with lib; {
    description = "Experimental implementation of a kvmclock-derived clocksource for Linux guests under OpenBSD's hypervisor";
    homepage = "https://github.com/voutilad/vmm_clock";
    license = licenses.gpl2;
    maintainers = [ maintainers.makefu ];
    platforms = platforms.linux;
  };
}
	{ config, lib, options, pkgs, fetchFromGitHub, kernel, kmod, ... }:

	let
	pubKeys = [
	"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo= qbit@litr.bold.daemon"
	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZExBj4QByLZSyKJ5+fPQnqDNrbsFz1IQWbFqCDcq9g qbit@ren.bold.daemon"
	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITjFpmWZVWixv2i9902R+g5B8umVhaqmjYEKs2nF3Lu qbit@tal.tapenet.org"
	];
	vmmClock = config.boot.kernelPackages.callPackage ./vmm_clock.nix { };
	virtioVmmci = config.boot.kernelPackages.callPackage ./virtio_vmmci.nix { };

	userBase = {
	shell = "${pkgs.oksh}/bin/oksh";
	openssh.authorizedKeys.keys = pubKeys;
	};

	home-manager = builtins.fetchGit {
	url = "https://github.com/nix-community/home-manager.git";
	ref = "release-20.09";
	};

	in {
	imports =
	[
	./hardware-configuration.nix
	(import "${home-manager}/nixos")
	];

	boot.loader.grub.enable = true;
	boot.loader.grub.version = 2;
	boot.loader.grub.device = "/dev/vda";

	boot.kernelPackages = pkgs.linuxPackages_latest;
	boot.kernelModules = [ "virtio_vmmci" "vmm_clock" ];

	boot.kernelParams = [
	"console=ttyS0,115200n8"
	];
	boot.extraModulePackages = [ virtioVmmci vmmClock ];

	nix.autoOptimiseStore = true;
	nix.gc = {
	automatic = true;
	dates = "weekly";
	options = "--delete-older-than 10d";
	};

	security.doas.enable = true;
	security.sudo.enable = false;

	networking.hostName = "nerm";

	# No IPv6
	networking.enableIPv6 = false;

	networking.useDHCP = false;
	networking.interfaces.enp0s2.useDHCP = true;
	networking.interfaces.enp0s3.ipv4.addresses = [{
	address = "10.10.10.21";
	prefixLength = 24;
	}];
	networking.timeServers = options.networking.timeServers.default;

	time.timeZone = "US/Mountain";

	environment.systemPackages = with pkgs; [
	ssb-patchwork
	signal-desktop
	vim
	git
	oksh
	go
	];

	services.openntpd.enable = true;
	services.openssh = {
	enable = true;
	forwardX11 = true;
	permitRootLogin = "prohibit-password";
	passwordAuthentication = false;
	};

	networking.firewall.allowedTCPPorts = [ 22 ];

	users.users.root = userBase;
	users.users.qbit = userBase // {
	isNormalUser = true;
	home = "/home/qbit";
	description = "Aaron Bieber";
	extraGroups = [ "wheel" ];
	};

	home-manager.users.qbit = import "/home/qbit/home.nix";

	system.stateVersion = "20.03";
	}
	This diff can be removed on the next release of virtio_vmmci:
	https://github.com/voutilad/virtio_vmmci/commit/74cbbc46ade0db5a0433ff342d28b9fdee7da0e3

	diff --git a/virtio_vmmci.c b/virtio_vmmci.c
	index 2c97585..15db734 100644
	--- a/virtio_vmmci.c
	+++ b/virtio_vmmci.c
	@@ -142,7 +142,7 @@ static int sync_system_time(void)

	// Try to open the hardware clock...which should be the emulated
	// mc146818 clock device.
	- struct rtc_device *rtc = rtc_class_open(CONFIG_RTC_HCTOSYS_DEVICE);
	+ struct rtc_device *rtc = rtc_class_open(CONFIG_RTC_SYSTOHC_DEVICE);
	if (rtc == NULL) {
	printk(KERN_ERR "vmmci unable to open rtc device\n");
	rc = -ENODEV;
	{ stdenv, lib, fetchFromGitHub, kernel, kmod }:

	stdenv.mkDerivation rec {
	name = "virtio_vmmci";
	version = "0.3.0";

	src = fetchFromGitHub {
	owner = "voutilad";
	repo = "virtio_vmmci";
	rev = "${version}";
	sha256 = "1pc5nl6wl6li0m5xxn7c0kw3l80c242jgnagfv3pzg4hm5mdwrgf";
	};

	#sourceRoot = "";
	hardeningDisable = [ "pic" "format" ];
	nativeBuildInputs = kernel.moduleBuildDependencies;

	extraConfig = ''
	CONFIG_RTC_HCTOSYS yes
	'';

	makeFlags = [
	"INSTALL_MOD_PATH=$(out)"
	"DEPMOD=echo"
	"KERNELRELEASE=${kernel.modDirVersion}"
	"KERNELDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
	];

	patches = [ ./rtc_systohc.diff ];

	meta = with lib; {
	description = "An OpenBSD VMM Control Interface (vmmci) for Linux";
	homepage = "https://github.com/voutilad/virtio_vmmci";
	license = licenses.gpl2;
	maintainers = [ maintainers.makefu ];
	platforms = platforms.linux;
	};
	}
	{ stdenv, lib, fetchFromGitHub, kernel, kmod }:

	stdenv.mkDerivation rec {
	name = "vmm_clock";
	version = "master";

	src = fetchFromGitHub {
	owner = "voutilad";
	repo = "vmm_clock";
	rev = "${version}";
	# nix-prefetch-url --unpack https://github.com/voutilad/vmm_clock/archive/master.zip
	sha256 = "1fjdsjy00zr11yij1saw1y3ssjp0dr01058zs8wp7ll1nizjsf1g";
	};

	#sourceRoot = "";
	hardeningDisable = [ "pic" "format" ];
	nativeBuildInputs = kernel.moduleBuildDependencies;

	extraConfig = ''
	CONFIG_RTC_HCTOSYS yes
	'';

	makeFlags = [
	"DEPMOD=echo"
	"INSTALL_MOD_PATH=$(out)"
	"KERNELRELEASE=${kernel.modDirVersion}"
	"KERNELDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
	];

	meta = with lib; {
	description = "Experimental implementation of a kvmclock-derived clocksource for Linux guests under OpenBSD's hypervisor";
	homepage = "https://github.com/voutilad/vmm_clock";
	license = licenses.gpl2;
	maintainers = [ maintainers.makefu ];
	platforms = platforms.linux;
	};
	}