initial plan commit'

vm_base/flake.nix

@@ -0,0 +1,210 @@
+{
+  description = "Qai base NixOS VM image";
+
+  inputs = {
+    home-manager = {
+      url = "github:rycee/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    flake-utils = {
+      url = "github:numtide/flake-utils";
+    };
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
+    opencode.url = "github:anomalyco/opencode?ref=ad4bdd9f0fb7670949b5c47917bb656247ac60ac";
+    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
+  };
+
+  outputs =
+    inputs@{
+      self,
+      nixpkgs,
+      flake-utils,
+      nixos-generators,
+      ...
+    }:
+    let
+      baseModule =
+        {
+          config,
+          pkgs,
+          lib,
+          ...
+        }:
+        let
+          stateVersion = "26.05";
+        in
+        {
+          imports = [
+            inputs."home-manager".nixosModules.default
+
+            inputs.ros_neovim.nixosModules.default
+
+            inputs.common.nixosModules.essentials
+            inputs.common.nixosModules.git
+            inputs.common.nixosModules.zsh
+            inputs.common.nixosModules.tmux
+
+            (
+              {
+                ...
+              }:
+              {
+                home-manager = {
+                  useUserPackages = true;
+                  useGlobalPkgs = true;
+                  backupFileExtension = "bak";
+
+                  users.root = {
+                    home.stateVersion = stateVersion;
+                    programs.home-manager.enable = true;
+                  };
+
+                  sharedModules = [
+                    inputs.common.homeManagerModules.atuin
+                    inputs.common.homeManagerModules.git
+                    inputs.common.homeManagerModules.postgres_cli_options
+                    inputs.common.homeManagerModules.starship
+                    inputs.common.homeManagerModules.zoxide
+                    inputs.common.homeManagerModules.zsh
+                    inputs.common.homeManagerModules.tmux
+                    inputs.common.homeManagerModules.direnv
+                  ];
+                };
+              }
+            )
+          ];
+
+          nixpkgs.config = {
+            allowUnfree = true;
+            allowUnfreePredicate = (_: true);
+          };
+
+          networking.hostName = "qai-base";
+
+          # SSH enabled for terminal access via WebSocket proxy.
+          services.openssh = {
+            enable = true;
+            settings.PasswordAuthentication = true;
+            settings.PermitRootLogin = "yes";
+          };
+
+          users.users.root.password = "root";
+
+          # Avoid slow boots due to wait-online.
+          systemd.network.wait-online.enable = false;
+          systemd.services.NetworkManager-wait-online.enable = false;
+          systemd.services.systemd-networkd-wait-online.enable = false;
+
+          networking.firewall.allowedTCPPorts = [
+            22
+          ];
+
+          # Needed so `nix develop` works inside the VM.
+          nix.settings.experimental-features = [
+            "nix-command"
+            "flakes"
+          ];
+
+          # Host binary cache (QEMU user-net host is reachable at 10.0.2.2).
+          # Only effective at runtime, not during image build.
+          networking.hosts."10.0.2.2" = [ "lio" ];
+
+          # Note: These substituters are for runtime use. The build VM can't reach them.
+          nix.settings.substituters = lib.mkAfter [ "http://lio:5000" ];
+          nix.settings.trusted-public-keys = lib.mkAfter [
+            "lio:9jKQ2xJyZjD0AWFzMcLe5dg3s8vOJ3uffujbUkBg4ms="
+          ];
+          # Fallback timeout so nix doesn't hang if lio is unreachable
+          nix.settings.connect-timeout = 5;
+
+          time.timeZone = "America/Chicago";
+
+          # Git 2.35+ blocks repos owned by different uid; 9p shares can trip this.
+          # Use wildcard to allow all subdirectories under /workspace (task-1, task-2, etc.)
+          environment.etc."gitconfig".text = ''
+            [safe]
+              directory = *
+          '';
+
+          programs.zsh.enable = true;
+          users.users.root.shell = pkgs.zsh;
+
+          environment.systemPackages = with pkgs; [
+            zsh
+            git
+            htop
+            vim
+            inputs.opencode.packages.${pkgs.system}.default
+          ];
+
+          environment.shellAliases = {
+            "oc" = "all_proxy='' http_proxy='' https_proxy='' opencode";
+            "occ" = "oc -c";
+          };
+
+          # Default disk is too small for `nix develop` / direnv.
+          virtualisation.diskSize = 20 * 1024;
+
+          virtualisation.vmVariant = {
+            virtualisation = {
+              memorySize = 4096;
+              cores = 2;
+              graphics = false;
+            };
+
+            virtualisation.forwardPorts = [
+              {
+                from = "host";
+                host.port = 2221;
+                guest.port = 22;
+              }
+            ];
+          };
+
+          system.stateVersion = stateVersion;
+        };
+
+    in
+    {
+      nixosModules.default = baseModule;
+    }
+    // flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+        baseVm = nixpkgs.lib.nixosSystem {
+          inherit system;
+          modules = [ baseModule ];
+        };
+      in
+      {
+        nixosConfigurations.base = baseVm;
+
+        # Runnable VM (./result/bin/run-nixos-vm)
+        packages.vm = baseVm.config.system.build.vm;
+
+        # Bootable qcow2 disk image (./result/nixos.qcow2)
+        packages.qcow2 = nixos-generators.nixosGenerate {
+          inherit system;
+          format = "qcow";
+          modules = [ baseModule ];
+        };
+
+        apps.default = {
+          type = "app";
+          program = "${baseVm.config.system.build.vm}/bin/run-nixos-vm";
+        };
+
+        devShells.default = pkgs.mkShellNoCC {
+          QEMU_NET_OPTS = "hostfwd=tcp::2221-:22";
+        };
+      }
+    );
+}