John Ogle
a46d11a770
All checks were successful
CI / check (push) Successful in 4m26s
NixOS configuration for running LLM agents in isolated Tart VMs on Apple Silicon. Includes: - Headless server setup with SSH access - Agent user with passwordless sudo - Docker support - Dev tools for cloning large repos - Git config optimized for large repositories Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
99 lines
2.0 KiB
Nix
99 lines
2.0 KiB
Nix
# Agent sandbox VM configuration for Tart
|
|
# Designed for LLM agents with full sudo access in an isolated environment
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Bootloader
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "tart-agent-sandbox";
|
|
|
|
# SSH access from host
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "yes";
|
|
PasswordAuthentication = true;
|
|
};
|
|
};
|
|
|
|
# Agent user - full sudo, no password required
|
|
users.users.agent = {
|
|
isNormalUser = true;
|
|
description = "Agent sandbox user";
|
|
extraGroups = [ "wheel" "docker" ];
|
|
initialPassword = "agent";
|
|
openssh.authorizedKeys.keys = [
|
|
# Add your SSH public key here for passwordless access
|
|
# "ssh-ed25519 AAAA... your-key"
|
|
];
|
|
};
|
|
|
|
# Passwordless sudo for wheel group
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
# Dev tools for agents
|
|
environment.systemPackages = with pkgs; [
|
|
# Core
|
|
git
|
|
curl
|
|
wget
|
|
vim
|
|
htop
|
|
tmux
|
|
|
|
# Build tools
|
|
gnumake
|
|
gcc
|
|
binutils
|
|
|
|
# Languages (add what your agents need)
|
|
python3
|
|
nodejs
|
|
|
|
# Utilities
|
|
jq
|
|
ripgrep
|
|
fd
|
|
tree
|
|
unzip
|
|
zip
|
|
|
|
# Networking
|
|
openssh
|
|
rsync
|
|
];
|
|
|
|
# Docker for containerized workloads
|
|
virtualisation.docker.enable = true;
|
|
|
|
# Increase file descriptor limits for large operations
|
|
security.pam.loginLimits = [
|
|
{ domain = "*"; type = "soft"; item = "nofile"; value = "65536"; }
|
|
{ domain = "*"; type = "hard"; item = "nofile"; value = "65536"; }
|
|
];
|
|
|
|
# Git config for large repos
|
|
programs.git = {
|
|
enable = true;
|
|
config = {
|
|
core.compression = 0;
|
|
http.postBuffer = 524288000; # 500MB
|
|
pack.windowMemory = "100m";
|
|
};
|
|
};
|
|
|
|
# Nix settings
|
|
nix.settings = {
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
auto-optimise-store = true;
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|