~liljamo/nix-arta: feat(lxc): lxc template package

4 files changed, 73 insertions(+), 4 deletions(-)

M docs/lxc.md
A lxc/profiles/template/default.nix
A lxc/profiles/template/template.nix
M lxc/systems.nix

M docs/lxc.md => docs/lxc.md +2 -1

@@ 4,7 4,8 @@ Docs for LXC things.
 ## Creating a new NixOS LXC container
 ### Build the base image
 ```
-nix build ".#lxcbase"
+cd lxc/
+nix build ".#template"
 ```
 Take the output of that, and import it into Proxmox.

A lxc/profiles/template/default.nix => lxc/profiles/template/default.nix +14 -0

@@ 0,0 1,14 @@
+lib: inputs: {
+  modules = [
+    "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
+    {
+      proxmoxLXC.manageNetwork = true;
+      proxmoxLXC.manageHostName = true;
+    }
+
+    ./template.nix
+  ];
+  specialArgs = {
+    inherit inputs;
+  };
+}

A lxc/profiles/template/template.nix => lxc/profiles/template/template.nix +48 -0

@@ 0,0 1,48 @@
+{lib, ...}: {
+  time.timeZone = "Europe/Helsinki";
+
+  networking.defaultGateway = {
+    address = "10.1.2.1";
+    interface = "eth0";
+  };
+  networking.nameservers = ["10.1.2.3"];
+  networking.interfaces."eth0".ipv4.addresses = [
+    {
+      address = "10.1.2.2";
+      prefixLength = 24;
+    }
+  ];
+
+  nix.settings.trusted-users = ["root"];
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
+    ];
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = lib.mkForce false;
+      KbdInteractiveAuthentication = lib.mkForce false;
+      PermitRootLogin = lib.mkForce "prohibit-password";
+    };
+  };
+
+  systemd.suppressedSystemUnits = [
+    "systemd-udev-trigger.service"
+    "systemd-udevd.service"
+    "sys-fs-fuse-connections.mount"
+    "sys-kernel-debug.mount"
+    "dev-mqueue.mount"
+  ];
+  services = {
+    journald.extraConfig = "SystemMaxUse=4G";
+    cron.systemCronJobs = [
+      "0 22 * * * root journalctl --vacuum-time=7d"
+    ];
+  };
+
+  system.stateVersion = "24.05";
+}

M lxc/systems.nix => lxc/systems.nix +9 -3

@@ 19,7 19,6 @@
           ];
       };
 
-    /*
     mkLXCTemplatePackage = name: cfg:
       inputs.nixos-generators.nixosGenerate {
         system = cfg.system;


@@ 34,12 33,19 @@
           ];
         format = "proxmox-lxc";
       };
-    */
 
     profiles = import ./profiles lib inputs;
     hosts = import ./hosts profiles;
+
+    templatePackages = {
+      template = {
+        system = "x86_64-linux";
+        profile = profiles.template;
+        modules = [];
+      };
+    };
   in {
     nixosConfigurations = lib.mapAttrs mkHost hosts;
-    #packages.x86_64-linux = inputs.nixpkgs.lib.mapAttrs mkLXCTemplatePackage templatePackages;
+    packages.x86_64-linux = inputs.nixpkgs.lib.mapAttrs mkLXCTemplatePackage templatePackages;
   };
 }