From 2bedbcd44cca1bbc424f78b7ecfd7a4abd9528f7 Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Wed, 13 Nov 2024 19:27:14 +0200 Subject: [PATCH] feat(lxc): lxc template package --- docs/lxc.md | 3 +- lxc/profiles/template/default.nix | 14 +++++++++ lxc/profiles/template/template.nix | 48 ++++++++++++++++++++++++++++++ lxc/systems.nix | 12 ++++++-- 4 files changed, 73 insertions(+), 4 deletions(-) create mode 100644 lxc/profiles/template/default.nix create mode 100644 lxc/profiles/template/template.nix diff --git a/docs/lxc.md b/docs/lxc.md index 780520e..4c3c09a 100644 --- a/docs/lxc.md +++ b/docs/lxc.md @@ -4,7 +4,8 @@ Docs for LXC things. ## Creating a new NixOS LXC container ### Build the base image ``` -nix build ".#lxcbase" +cd lxc/ +nix build ".#template" ``` Take the output of that, and import it into Proxmox. diff --git a/lxc/profiles/template/default.nix b/lxc/profiles/template/default.nix new file mode 100644 index 0000000..50d719e --- /dev/null +++ b/lxc/profiles/template/default.nix @@ -0,0 +1,14 @@ +lib: inputs: { + modules = [ + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + { + proxmoxLXC.manageNetwork = true; + proxmoxLXC.manageHostName = true; + } + + ./template.nix + ]; + specialArgs = { + inherit inputs; + }; +} diff --git a/lxc/profiles/template/template.nix b/lxc/profiles/template/template.nix new file mode 100644 index 0000000..dcec52b --- /dev/null +++ b/lxc/profiles/template/template.nix @@ -0,0 +1,48 @@ +{lib, ...}: { + time.timeZone = "Europe/Helsinki"; + + networking.defaultGateway = { + address = "10.1.2.1"; + interface = "eth0"; + }; + networking.nameservers = ["10.1.2.3"]; + networking.interfaces."eth0".ipv4.addresses = [ + { + address = "10.1.2.2"; + prefixLength = 24; + } + ]; + + nix.settings.trusted-users = ["root"]; + + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com" + ]; + }; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = lib.mkForce false; + KbdInteractiveAuthentication = lib.mkForce false; + PermitRootLogin = lib.mkForce "prohibit-password"; + }; + }; + + systemd.suppressedSystemUnits = [ + "systemd-udev-trigger.service" + "systemd-udevd.service" + "sys-fs-fuse-connections.mount" + "sys-kernel-debug.mount" + "dev-mqueue.mount" + ]; + services = { + journald.extraConfig = "SystemMaxUse=4G"; + cron.systemCronJobs = [ + "0 22 * * * root journalctl --vacuum-time=7d" + ]; + }; + + system.stateVersion = "24.05"; +} diff --git a/lxc/systems.nix b/lxc/systems.nix index 9c32a57..2f967b0 100644 --- a/lxc/systems.nix +++ b/lxc/systems.nix @@ -19,7 +19,6 @@ ]; }; - /* mkLXCTemplatePackage = name: cfg: inputs.nixos-generators.nixosGenerate { system = cfg.system; @@ -34,12 +33,19 @@ ]; format = "proxmox-lxc"; }; - */ profiles = import ./profiles lib inputs; hosts = import ./hosts profiles; + + templatePackages = { + template = { + system = "x86_64-linux"; + profile = profiles.template; + modules = []; + }; + }; in { nixosConfigurations = lib.mapAttrs mkHost hosts; - #packages.x86_64-linux = inputs.nixpkgs.lib.mapAttrs mkLXCTemplatePackage templatePackages; + packages.x86_64-linux = inputs.nixpkgs.lib.mapAttrs mkLXCTemplatePackage templatePackages; }; } -- 2.44.1