From 40d88c2169ca423ead079ab87a87e1a66e48477f Mon Sep 17 00:00:00 2001
From: Vivian <vivian@0x76.dev>
Date: Sat, 30 Dec 2023 14:47:12 +0100
Subject: [PATCH] demo nixos-containers

---
 flake.lock                                    | 30 +++++++++----------
 nixos/hosts/olympus/bastion/configuration.nix |  3 +-
 .../olympus/bastion/containers/default.nix    | 30 +++++++++++++++++++
 .../bastion/containers/monitoring/default.nix |  5 ++++
 .../bastion/containers/monitoring/grafana.nix | 10 +++++++
 5 files changed, 62 insertions(+), 16 deletions(-)
 create mode 100644 nixos/hosts/olympus/bastion/containers/default.nix
 create mode 100644 nixos/hosts/olympus/bastion/containers/monitoring/default.nix
 create mode 100644 nixos/hosts/olympus/bastion/containers/monitoring/grafana.nix

diff --git a/flake.lock b/flake.lock
index 6633b90f..67853f33 100644
--- a/flake.lock
+++ b/flake.lock
@@ -254,11 +254,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1703847800,
-        "narHash": "sha256-nkLW3mxcduvWmEa4uudhEixZmNhc5pyvoOXRki4mfck=",
+        "lastModified": 1703864604,
+        "narHash": "sha256-XAqPLb7H5rcQMC9OeKlnUNVr8hte+1L1GeZC0ZR7akc=",
         "owner": "jdonszelmann",
         "repo": "essentials",
-        "rev": "9193eba36a0f495d721662e4f1d054c6a94be19f",
+        "rev": "2da99cdc27364844a887ea1c6ed3146c84c15041",
         "type": "github"
       },
       "original": {
@@ -1014,11 +1014,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1703545041,
-        "narHash": "sha256-nvQA+k1rSszrf4kA4eK2i/SGbzoXyoKHzzyzq/Jca1w=",
+        "lastModified": 1703879120,
+        "narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "a15b6e525f5737a47b4ce28445c836996fb2ea8c",
+        "rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3",
         "type": "github"
       },
       "original": {
@@ -1332,11 +1332,11 @@
     },
     "nixpkgs_8": {
       "locked": {
-        "lastModified": 1703438236,
-        "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
+        "lastModified": 1703637592,
+        "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
+        "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
         "type": "github"
       },
       "original": {
@@ -1383,11 +1383,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1703847125,
-        "narHash": "sha256-MlCwrPr1U/DCIzTqYZ7mwsPVjdJ8vshSNH0wKBVPdJc=",
+        "lastModified": 1703859882,
+        "narHash": "sha256-wRXgap0eEuswF9xXUKDiWBh0tKuJ9vtmlJZ4iAX3K/E=",
         "owner": "pta2002",
         "repo": "nixvim",
-        "rev": "5d49b9b66d0eed89603221201490d27e8aea6b24",
+        "rev": "1d8e7906c9606c956c6b40d8d088c8d2110dc0c0",
         "type": "github"
       },
       "original": {
@@ -1398,11 +1398,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1703839127,
-        "narHash": "sha256-Wf6swVm0Do2l2DQlZzg2cxvWID4Se2XJ/yFj8qoCHpI=",
+        "lastModified": 1703938048,
+        "narHash": "sha256-df8Lwe4k6QiyucOyZV0s6eoy6y7m2g4+/dOpEyYrZGU=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "b96cc681612efb6d3792e1a27624b8797dab066d",
+        "rev": "ae6fb319f88d5a995cb8dc4502c2d81c5fc1e578",
         "type": "github"
       },
       "original": {
diff --git a/nixos/hosts/olympus/bastion/configuration.nix b/nixos/hosts/olympus/bastion/configuration.nix
index c93fc198..3cb429d7 100644
--- a/nixos/hosts/olympus/bastion/configuration.nix
+++ b/nixos/hosts/olympus/bastion/configuration.nix
@@ -6,7 +6,8 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    ./vms.nix
+    ./containers
+    # ./vms.nix
   ];
 
   programs.nix-ld.enable = true;
diff --git a/nixos/hosts/olympus/bastion/containers/default.nix b/nixos/hosts/olympus/bastion/containers/default.nix
new file mode 100644
index 00000000..5195deb7
--- /dev/null
+++ b/nixos/hosts/olympus/bastion/containers/default.nix
@@ -0,0 +1,30 @@
+{ lib, ... }: {
+  # TODO: Loop over subdirs, create nixos container for each
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "ens18";
+    # Lazy IPv6 connectivity for the container
+    enableIPv6 = true;
+  };
+
+  # Containers network is
+  # * 10.42.99.0/24
+  # * fc00:x
+
+  containers.monitoring = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "10.42.99.1";
+    localAddress = "10.42.99.2";
+    hostAddress6 = "fc00::1";
+    localAddress6 = "fc00::2";
+
+    config = {
+      imports = [ ./monitoring ];
+      # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+      networking.useHostResolvConf = lib.mkForce false;
+      services.resolved.enable = true;
+    };
+  };
+}
diff --git a/nixos/hosts/olympus/bastion/containers/monitoring/default.nix b/nixos/hosts/olympus/bastion/containers/monitoring/default.nix
new file mode 100644
index 00000000..e4e6a762
--- /dev/null
+++ b/nixos/hosts/olympus/bastion/containers/monitoring/default.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  imports = [
+    ./grafana.nix
+  ];
+}
diff --git a/nixos/hosts/olympus/bastion/containers/monitoring/grafana.nix b/nixos/hosts/olympus/bastion/containers/monitoring/grafana.nix
new file mode 100644
index 00000000..81a6c982
--- /dev/null
+++ b/nixos/hosts/olympus/bastion/containers/monitoring/grafana.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }: {
+  services.grafana = {
+    enable = true;
+    domain = "grafana.olympus";
+    port = 80;
+    addr = "0.0.0.0";
+  };
+
+  networking.firewall.allowedTCPPorts = [ config.services.grafana.port ];
+}