Add orbstack config (uses 'nixos' hostname)

2025-12-26 23:14:57 +08:00 · 2025-06-15 07:54:20 +10:00 · 2025-06-15 07:54:20 +10:00 · 13c5525696
commit 13c5525696
parent 638712f997
6 changed files with 195 additions and 0 deletions
--- a/configurations/nixos/orb-nixos/README.md
+++ b/configurations/nixos/orb-nixos/README.md
@ -0,0 +1,3 @@
+NixOS configuration for NixOS machine created by [OrbStaack](https://orbstack.dev/). 
+
+All files but `default.nix` are generated by OrbStack and are copied as-is.
--- a/configurations/nixos/orb-nixos/configuration.nix
+++ b/configurations/nixos/orb-nixos/configuration.nix
@ -0,0 +1,93 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      # Include the default lxd configuration.
+      "${modulesPath}/virtualisation/lxc-container.nix"
+      # Include the container-specific autogenerated configuration.
+      ./incus.nix
+      # Include the OrbStack-specific configuration.
+      ./orbstack.nix
+    ];
+
+  users.users.srid = {
+    uid = 501;
+    extraGroups = [ "wheel" "orbstack" ];
+
+    # simulate isNormalUser, but with an arbitrary UID
+    isSystemUser = true;
+    isNormalUser = false;
+    group = "users";
+    createHome = true;
+    home = "/home/srid";
+    homeMode = "700";
+    useDefaultShell = true;
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  # This being `true` leads to a few nasty bugs, change at your own risk!
+  users.mutableUsers = false;
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+
+  # Extra certificates from OrbStack.
+  security.pki.certificates = [
+    ''
+            -----BEGIN CERTIFICATE-----
+      MIICCzCCAbKgAwIBAgIQTSHpt26sKlwbnaJ2S0gOBTAKBggqhkjOPQQDAjBmMR0w
+      GwYDVQQKExRPcmJTdGFjayBEZXZlbG9wbWVudDEeMBwGA1UECwwVQ29udGFpbmVy
+      cyAmIFNlcnZpY2VzMSUwIwYDVQQDExxPcmJTdGFjayBEZXZlbG9wbWVudCBSb290
+      IENBMB4XDTI1MDYxNDA0NDcwM1oXDTM1MDYxNDA0NDcwM1owZjEdMBsGA1UEChMU
+      T3JiU3RhY2sgRGV2ZWxvcG1lbnQxHjAcBgNVBAsMFUNvbnRhaW5lcnMgJiBTZXJ2
+      aWNlczElMCMGA1UEAxMcT3JiU3RhY2sgRGV2ZWxvcG1lbnQgUm9vdCBDQTBZMBMG
+      ByqGSM49AgEGCCqGSM49AwEHA0IABASuAVDdRFXRE+kaNXMtVFbHSIfS7zMzVfYV
+      fx878wYNBCktns2WnW5gsune6PTjUjeGjY5GMu4sFdBjAmB5i42jQjBAMA4GA1Ud
+      DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRH62RxJrF7H38m
+      veqHH1QmrR9uRTAKBggqhkjOPQQDAgNHADBEAiB9xVonZHHpkK6WR1dGPdPyzTwV
+      3xkjkU72LzBzjfnyIgIgcHIni0xEXPcPbGMiXMjMxbCJTcXPyPFJyvkOT/uNNlg=
+      -----END CERTIFICATE-----
+
+    ''
+  ];
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.05"; # Did you read the comment?
+}
--- a/configurations/nixos/orb-nixos/default.nix
+++ b/configurations/nixos/orb-nixos/default.nix
@ -0,0 +1,16 @@
+{ flake, ... }:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  nixos-unified.sshTarget = "srid@orb";
+
+  nixpkgs.hostPlatform = "aarch64-linux";
+
+  imports = [
+    self.nixosModules.default
+    ./configuration.nix
+  ];
+}
--- a/configurations/nixos/orb-nixos/incus.nix
+++ b/configurations/nixos/orb-nixos/incus.nix
@ -0,0 +1,11 @@
+{ lib
+, config
+, pkgs
+, ...
+}:
+
+# WARNING: THIS CONFIGURATION IS AUTOGENERATED AND WILL BE OVERWRITTEN AUTOMATICALLY
+
+{
+  networking.hostName = "orb-nixos";
+}
--- a/configurations/nixos/orb-nixos/orbstack.nix
+++ b/configurations/nixos/orb-nixos/orbstack.nix
@ -0,0 +1,67 @@
+# Generated by OrbStack.
+# This WILL be overwritten in the future. Make a copy and update the include
+# in configuration.nix if you want to keep your changes.
+
+{ lib, config, ... }:
+
+{
+  # Add OrbStack CLI tools to PATH
+  environment.shellInit = ''
+    . /opt/orbstack-guest/etc/profile-early
+
+    # add your customizations here
+
+    . /opt/orbstack-guest/etc/profile-late
+  '';
+
+  # Enable documentation
+  documentation.man.enable = true;
+  documentation.doc.enable = true;
+  documentation.info.enable = true;
+
+  # Disable systemd-resolved
+  services.resolved.enable = false;
+  environment.etc."resolv.conf".source = "/opt/orbstack-guest/etc/resolv.conf";
+
+  # Faster DHCP - OrbStack uses SLAAC exclusively
+  networking.dhcpcd.extraConfig = ''
+    noarp
+    noipv6
+  '';
+
+  # Disable sshd
+  services.openssh.enable = false;
+
+  # systemd
+  systemd.services."systemd-oomd".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-userdbd".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-udevd".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-timesyncd".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-timedated".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-portabled".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-nspawn@".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-machined".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-localed".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-logind".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-journald@".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-journald".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-journal-remote".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-journal-upload".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-importd".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-hostnamed".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-homed".serviceConfig.WatchdogSec = 0;
+  systemd.services."systemd-networkd".serviceConfig.WatchdogSec = lib.mkIf config.systemd.network.enable 0;
+
+  # ssh config
+  programs.ssh.extraConfig = ''
+    Include /opt/orbstack-guest/etc/ssh_config
+  '';
+
+  # indicate builder support for emulated architectures
+  nix.settings.extra-platforms = [
+    "x86_64-linux"
+    "i686-linux"
+  ];
+
+  users.groups.orbstack.gid = 67278;
+}
--- a/5
+++ b/5
@ -19,6 +19,11 @@ pureintent:
 infinitude:
    nix run . infinitude

+# Deploy to orb nixos machine
+[group('deploy')]
+orb:
+    nix run . orb-nixos
+
 # Run all pre-commit hooks on all files
 pca:
    pre-commit run --all-files