added vm build

.gitignore

@@ -0,0 +1,2 @@
+/result
+*.qcow2

desktop/gnome/default.nix

@@ -6,7 +6,9 @@
 
   # Enable the GNOME Desktop Environment.
   services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
+  services.xserver.desktopManager.gnome = {
+    enable = true;
+  };
 
   # Configure keymap in X11
   services.xserver = {

flake.nix

@@ -35,6 +35,24 @@
         ];
         specialArgs = { inherit nixos-hardware home-manager; };
       };
+      vm = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ 
+          { nixpkgs.overlays = [ nur.overlay ]; }
+          (import ./machines/vm/configuration.nix) 
+          ({
+              # Let 'nixos-version --json' know about the Git revision
+              # of this flake.
+              system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
+          })
+          ({
+              # For compatibility with other things, puts nixpkgs into NIX_PATH
+              environment.etc.nixpkgs.source = nixpkgs;
+              nix.nixPath = ["nixpkgs=/etc/nixpkgs"];
+          })
+        ];
+        specialArgs = { inherit nixos-hardware home-manager; };
+      };
     };
 
   };

machines/vm/configuration.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, nixos-hardware, home-manager, lib, ... }:
+
+{
+  imports =
+    [
+      home-manager.nixosModules.home-manager
+      ../../user
+      ../../modules/gpu/intel
+      ../../modules/basic
+      ../../modules/audio
+      ../../modules/samba
+      ../../modules/laptop
+      ../../modules/docker
+      ../../modules/flatpak
+      ../../desktop/gnome
+    ];
+
+  networking.hostName = "test-vm"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  system.stateVersion = "23.05"; # Did you read the comment?
+  users.users.alice.initialPassword = "test";
+  virtualisation.vmVariant = {
+  # following configuration is added only when building VM with build-vm
+    virtualisation = {
+      memorySize =  2048; # Use 2048MiB memory.
+      cores = 3;         
+    };
+  };
+}

modules/basic/security.nix

@@ -3,6 +3,15 @@
 {
   # enable smart card reader driver
   services.pcscd.enable = true;
+  security.apparmor.enable = true;
+  programs.firejail.enable = true;
+  programs.firejail.wrappedBinaries = {
+    signal-desktop = {
+      executable = "${pkgs.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland";
+      profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
+      extraArgs = [ "--env=LC_ALL=C" "--env=GTK_THEME=Adwaita:dark" ];
+    };
+  };
 
   # yubikey stuff
   services.udev.packages = [ pkgs.yubikey-personalization ];

os.sh

@@ -20,6 +20,11 @@ function apply() {
   fi
 }
 
+function buildvm() {
+  nixos-rebuild build-vm --flake "$LOCATION#vm"
+  "$LOCATION/result/bin/run-test-vm-vm"
+}
+
 function upgrade() {
   if git -C "$LOCATION" diff-index --quiet HEAD --; then
     nix flake update --commit-lock-file "$LOCATION"
@@ -54,6 +59,9 @@ case $ACTION in
   upgrade)
     upgrade $1
     ;;
+  build-vm)
+    buildvm $1
+    ;;
   cleanup)
     cleanup $1
     ;;

user/dconf.nix

@@ -0,0 +1,66 @@
+{ config, pkgs, lib, ... }:
+let
+  mkTuple = lib.hm.gvariant.mkTuple;
+in
+{
+  dconf.settings = {
+    "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
+      binding = "<Super>Return";
+      command = "kitty";
+      name = "Launch console";
+    };
+
+    "org/gnome/settings-daemon/plugins/media-keys" = {
+      custom-keybindings = [
+        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
+      ];
+      www = ["<Shift><Super>Return"];
+    };
+
+    "org/gnome/desktop/wm/keybindings" = {
+      close = ["<Super>q"];
+      minimize = ["<Super>h"];
+      move-to-workspace-1=["<Shift><Super>1"];
+      move-to-workspace-2=["<Shift><Super>2"];
+      move-to-workspace-3=["<Shift><Super>3"];
+      move-to-workspace-4=["<Shift><Super>4"];
+      move-to-workspace-left=["<Shift><Super>h"];
+      move-to-workspace-right=["<Shift><Super>l"];
+      switch-to-workspace-1=["<Super>1"];
+      switch-to-workspace-2=["<Super>2"];
+      switch-to-workspace-3=["<Super>3"];
+      switch-to-workspace-4=["<Super>4"];
+      switch-to-workspace-left=["<Super>h"];
+      switch-to-workspace-right=["<Super>l"];
+      toggle-fullscreen=["<Super>f"];
+      toggle-on-all-workspaces=["<Super>p"];
+    };
+
+    "org/gnome/desktop/wm/preferences" = {
+      workspace-names=["General" "Terminal"];
+    };
+
+    "org/gnome/desktop/interface" = {
+      color-scheme="prefer-dark";
+      scaling-factor=1.5;
+      show-battery-percentage=false;
+    };
+
+    "org/gnome/desktop/background" = {
+      color-shading-type="solid";
+      picture-options="zoom";
+      picture-uri="file:///home/alice/.wallpaper.jpg";
+      picture-uri-dark="file:///home/alice/.wallpaper.jpg";
+      primary-color="#000000000000";
+      secondary-color="#000000000000";
+    };
+
+    "org/gnome/desktop/input-sources" = {
+      sources=[
+        (mkTuple["xkb" "dk"])
+        (mkTuple["xkb" "us"])
+      ];
+      xkb-options=["caps:escape"];
+    };
+  };
+}

user/home.nix

@@ -5,11 +5,16 @@
   home.homeDirectory = "/home/alice";
 
   imports = [
+    ./dconf.nix
     ./programs/terminal
     ./programs/kitty
     ./programs/firefox
   ];
 
+  home.file = {
+    ".wallpaper.jpg".source = ./wallpaper.jpg; 
+  };
+
   home.stateVersion = "23.11";
   home.packages = [
     pkgs.spotify

user/programs/kitty/default.nix

@@ -5,12 +5,14 @@
     enable = true;
     font = {
       name = "FiraCode Nerd Font Mono Reg";
-      size = 12;
+      size = 10;
       package = (pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; });
     };
     settings = {
       # Enable ligatures
       draw_ligatures = true;
+      linux_display_server = "x11";
+      #hide_window_decorations = true;
 
       italic_font = "auto";
       bold_italic_font = "auto";