initial commit

.gitignore

@@ -0,0 +1 @@
+result

common/core.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./networking.nix
+  ];
+  nixpkgs.config.allowUnfree = true;
+  programs.nix-ld.enable = true;
+  security.sudo.wheelNeedsPassword = false;
+  system.stateVersion = "25.11";
+}

common/networking.nix

@@ -0,0 +1,19 @@
+{ config, ... }:
+{
+  networking = {
+    hostName = config.my.hostname;
+    networkmanager = {
+      enable = true;
+    };
+    hosts = {
+      "10.105.6.201" = ["weyma-omni.infra.dubyatp.xyz"];
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+    };
+  };
+}

disko/uefi-nosecure.nix

@@ -0,0 +1,40 @@
+{
+    disko.devices = {
+        disk = {
+            main = {
+                type = "disk";
+                content = {
+                    type = "gpt";
+                    partitions = {
+                        ESP = {
+                            size = "512M";
+                            type = "EF00";
+                            content = {
+                                type = "filesystem";
+                                format = "vfat";
+                                mountpoint = "/boot";
+                                mountOptions = [ "umask=0077" ];
+                            };
+                        };
+                        swap = {
+                            size = "4G";
+                            content = {
+                                type = "swap";
+                                discardPolicy = "both";
+                                resumeDevice = true;
+                            };
+                        };
+                        root = {
+                            size = "100%";
+                            content = {
+                                type = "filesystem";
+                                format = "ext4";
+                                mountpoint = "/";
+                            };
+                        };
+                    };
+                };
+            };
+        };
+    };
+}

flake.lock

@@ -0,0 +1,49 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1768920986,
+        "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "de5708739256238fb912c62f03988815db89ec9a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "v1.13.0",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1771574726,
+        "narHash": "sha256-D1PA3xQv/s4W3lnR9yJFSld8UOLr0a/cBWMQMXS+1Qg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c217913993d6c6f6805c3b1a3bda5e639adfde6d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,70 @@
+{
+  description = "Black Start essential infrastructure for cloud operations";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+
+    disko = {
+      url = "github:nix-community/disko/v1.13.0";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { self, nixpkgs, disko }:
+  {
+    nixosConfigurations = {
+      weyma-bs = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          { disko.devices.disk.main.device = "/dev/vda"; }
+          ./common/core.nix
+          ./disko/uefi-nosecure.nix
+          ./users/users.nix
+          {
+            config.boot = {
+              loader = {
+                systemd-boot = {
+                  enable = true;
+                };
+
+                efi = {
+                  canTouchEfiVariables = false;
+                };
+                timeout = 5;
+              };
+              initrd = {
+                verbose = false;
+                systemd.enable = true;
+              };
+            };
+            config.fileSystems = {
+              "/" = {
+                options = ["noatime" "nodiratime" "discard"];
+              };
+            };
+            options.my.hostname = nixpkgs.lib.mkOption {
+              type = nixpkgs.lib.types.str;
+              default = "weyma-bs";
+              description = "Machine hostname";
+            };
+          }
+          ({config, lib, pkgs, modulesPath, ...}: {
+            imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+            boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk" ];
+            boot.initrd.kernelModules = [ ];
+            boot.kernelModules = [ "kvm-intel" ];
+            boot.extraModulePackages = [ ];
+            swapDevices = [ ];
+            nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+          })
+        ];
+        specialArgs = {
+          inputs = {
+            inherit self nixpkgs disko;
+          };
+        };
+      };
+    };
+  };
+}

users/users.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./williamp.nix
+  ];
+}

users/williamp.nix

@@ -0,0 +1,9 @@
+{
+  users.users.williamp = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID5lZ0/JJyLLwSrFfSs+DF/v0EkV2i/SVDf18+/K5NDV me@williamtpeebles.com"
+    ];
+    extraGroups = ["wheel"];
+  };
+}