add lxc template generator

2022-10-15 13:44:27 +02:00 · 2022-10-15 13:44:27 +02:00 · 919ab390de
parent 78370fb23b
commit 919ab390de
5 changed files with 68 additions and 40 deletions
--- a/.github/workflows/nixos.yml
+++ b/.github/workflows/nixos.yml
@ -51,11 +51,23 @@ jobs:
      - name: "Build NixOS ISO ❄️"
        run: |
          nix build '.#iso'
-      - uses: actions/upload-artifact@v3
+  build-lxc:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.2
+
+      - name: "Install Nix ❄️"
+        uses: cachix/install-nix-action@v15
+
+      - name: "Install Cachix ❄️"
+        uses: cachix/cachix-action@v10
        with:
-          name: nixos-iso
-          retention-days: 3
-          path: result/iso/*.iso
+          name: 0x76-infra
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+
+      - name: "Build NixOS Proxmox LXC ❄️"
+        run: |
+          nix build '.#proxmox-lxc'
  build-olympus:
    runs-on: ubuntu-latest
    steps:
--- a/flake.nix
+++ b/flake.nix
@ -44,19 +44,9 @@
    };
  };

-  outputs =
-    { self
-    , nixpkgs
-    , vault-secrets
-    , serokell-nix
-    , minecraft-servers
-    , colmena
-    , home-manager
-    , hyprpaper
-    , hyprland
-    , nixos-generators
-    , ...
-    } @ inputs:
+  outputs = { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers
+    , colmena, home-manager, hyprpaper, hyprland, nixos-generators, ...
+    }@inputs:
    let
      inherit (nixpkgs) lib;
      inherit (builtins) mapAttrs;
@ -84,37 +74,46 @@
      # Script to apply local colmena deployments
      apply-local = pkgs.writeScriptBin "apply-local" ''
        #!${pkgs.stdenv.shell}
-        "${colmena.packages.${system}.colmena}"/bin/colmena apply-local --sudo $@
+        "${
+          colmena.packages.${system}.colmena
+        }"/bin/colmena apply-local --sudo $@
      '';
-    in
-    {
+    in {
      # Make the nixosConfigurations for compat reasons
-      nixosConfigurations = (import (inputs.colmena + "/src/nix/hive/eval.nix") {
-        rawFlake = self;
-        colmenaOptions = import (inputs.colmena + "/src/nix/hive/options.nix");
-        colmenaModules = import (inputs.colmena + "/src/nix/hive/modules.nix");
-      }).nodes;
-
+      nixosConfigurations =
+        (import (inputs.colmena + "/src/nix/hive/eval.nix") {
+          rawFlake = self;
+          colmenaOptions =
+            import (inputs.colmena + "/src/nix/hive/options.nix");
+          colmenaModules =
+            import (inputs.colmena + "/src/nix/hive/modules.nix");
+        }).nodes;

      # Make the colmena configuration
-      colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el)
-        {
-          meta = {
-            inherit specialArgs;
-            nixpkgs = pkgs;
-          };
-        }
-        nixHosts;
+      colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) {
+        meta = {
+          inherit specialArgs;
+          nixpkgs = pkgs;
+        };
+      } nixHosts;

      packages.${system} = {
+        inherit apply-local;
+  
        default = colmena.packages.${system}.colmena;
-        apply-local = apply-local;

        iso = nixos-generators.nixosGenerate {
          inherit system pkgs;
          format = "iso";
+          modules = [ (import ./nixos/iso.nix) ];
+        };
+
+        proxmox-lxc = nixos-generators.nixosGenerate {
+          inherit system pkgs;
+          format = "proxmox-lxc";
          modules = [
-            (import ./nixos/iso.nix)
+            "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+            (import ./nixos/lxc-template.nix)
          ];
        };
      };
@ -134,8 +133,8 @@
          nixfmt
          nixUnstable
          vault
-          (vault-push-approle-envs self {})
-          (vault-push-approles self {})
+          (vault-push-approle-envs self { })
+          (vault-push-approles self { })
        ];
      };
    };
--- a/nixos/common/generic-vm.nix
+++ b/nixos/common/generic-vm.nix
@ -1,4 +1,5 @@
 { lib, ... }: {
+
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
--- a/nixos/lxc-template.nix
+++ b/nixos/lxc-template.nix
@ -0,0 +1,17 @@
+{ config, pkgs, lib, ... }: {
+  # Can't import common completely due to infinite recursion
+  imports = [ ./common/users ./common/generic-lxc.nix ];
+
+  # Enable SSH
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    permitRootLogin = "yes";
+  };
+
+  time.timeZone = lib.mkDefault "Europe/Amsterdam";
+
+  networking.interfaces.eth0.useDHCP = true;
+
+  system.stateVersion = "22.11";
+}
--- a/nixos/util.nix
+++ b/nixos/util.nix
@ -1,7 +1,6 @@
 { nixpkgs, home-manager, hyprland, mailserver, ... }:
 let
-  inherit (nixpkgs) lib;
-  inherit (builtins) filter mapAttrs attrValues concatLists;
+  inherit (builtins) filter attrValues concatLists;

  # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
  resolve_imports =