From 919ab390deb2d60b0ff2e242ccdc48f9f1a291d5 Mon Sep 17 00:00:00 2001
From: victor <victor@xirion.net>
Date: Sat, 15 Oct 2022 13:44:27 +0200
Subject: [PATCH] add lxc template generator

---
 .github/workflows/nixos.yml | 20 ++++++++---
 flake.nix                   | 67 ++++++++++++++++++-------------------
 nixos/common/generic-vm.nix |  1 +
 nixos/lxc-template.nix      | 17 ++++++++++
 nixos/util.nix              |  3 +-
 5 files changed, 68 insertions(+), 40 deletions(-)
 create mode 100644 nixos/lxc-template.nix

diff --git a/.github/workflows/nixos.yml b/.github/workflows/nixos.yml
index 672d3b7..43f0d1f 100644
--- a/.github/workflows/nixos.yml
+++ b/.github/workflows/nixos.yml
@@ -51,11 +51,23 @@ jobs:
       - name: "Build NixOS ISO ❄️"
         run: |
           nix build '.#iso'
-      - uses: actions/upload-artifact@v3
+  build-lxc:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.2
+
+      - name: "Install Nix ❄️"
+        uses: cachix/install-nix-action@v15
+
+      - name: "Install Cachix ❄️"
+        uses: cachix/cachix-action@v10
         with:
-          name: nixos-iso
-          retention-days: 3
-          path: result/iso/*.iso
+          name: 0x76-infra
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+
+      - name: "Build NixOS Proxmox LXC ❄️"
+        run: |
+          nix build '.#proxmox-lxc'
   build-olympus:
     runs-on: ubuntu-latest
     steps:
diff --git a/flake.nix b/flake.nix
index f422d27..8dbbbdc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,19 +44,9 @@
     };
   };
 
-  outputs =
-    { self
-    , nixpkgs
-    , vault-secrets
-    , serokell-nix
-    , minecraft-servers
-    , colmena
-    , home-manager
-    , hyprpaper
-    , hyprland
-    , nixos-generators
-    , ...
-    } @ inputs:
+  outputs = { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers
+    , colmena, home-manager, hyprpaper, hyprland, nixos-generators, ...
+    }@inputs:
     let
       inherit (nixpkgs) lib;
       inherit (builtins) mapAttrs;
@@ -84,37 +74,46 @@
       # Script to apply local colmena deployments
       apply-local = pkgs.writeScriptBin "apply-local" ''
         #!${pkgs.stdenv.shell}
-        "${colmena.packages.${system}.colmena}"/bin/colmena apply-local --sudo $@
+        "${
+          colmena.packages.${system}.colmena
+        }"/bin/colmena apply-local --sudo $@
       '';
-    in
-    {
+    in {
       # Make the nixosConfigurations for compat reasons
-      nixosConfigurations = (import (inputs.colmena + "/src/nix/hive/eval.nix") {
-        rawFlake = self;
-        colmenaOptions = import (inputs.colmena + "/src/nix/hive/options.nix");
-        colmenaModules = import (inputs.colmena + "/src/nix/hive/modules.nix");
-      }).nodes;
-
+      nixosConfigurations =
+        (import (inputs.colmena + "/src/nix/hive/eval.nix") {
+          rawFlake = self;
+          colmenaOptions =
+            import (inputs.colmena + "/src/nix/hive/options.nix");
+          colmenaModules =
+            import (inputs.colmena + "/src/nix/hive/modules.nix");
+        }).nodes;
 
       # Make the colmena configuration
-      colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el)
-        {
-          meta = {
-            inherit specialArgs;
-            nixpkgs = pkgs;
-          };
-        }
-        nixHosts;
+      colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) {
+        meta = {
+          inherit specialArgs;
+          nixpkgs = pkgs;
+        };
+      } nixHosts;
 
       packages.${system} = {
+        inherit apply-local;
+  
         default = colmena.packages.${system}.colmena;
-        apply-local = apply-local;
 
         iso = nixos-generators.nixosGenerate {
           inherit system pkgs;
           format = "iso";
+          modules = [ (import ./nixos/iso.nix) ];
+        };
+
+        proxmox-lxc = nixos-generators.nixosGenerate {
+          inherit system pkgs;
+          format = "proxmox-lxc";
           modules = [
-            (import ./nixos/iso.nix)
+            "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+            (import ./nixos/lxc-template.nix)
           ];
         };
       };
@@ -134,8 +133,8 @@
           nixfmt
           nixUnstable
           vault
-          (vault-push-approle-envs self {})
-          (vault-push-approles self {})
+          (vault-push-approle-envs self { })
+          (vault-push-approles self { })
         ];
       };
     };
diff --git a/nixos/common/generic-vm.nix b/nixos/common/generic-vm.nix
index 66aba48..dc8aeb8 100644
--- a/nixos/common/generic-vm.nix
+++ b/nixos/common/generic-vm.nix
@@ -1,4 +1,5 @@
 { lib, ... }: {
+
   # The global useDHCP flag is deprecated, therefore explicitly set to false here.
   # Per-interface useDHCP will be mandatory in the future, so this generated config
   # replicates the default behaviour.
diff --git a/nixos/lxc-template.nix b/nixos/lxc-template.nix
new file mode 100644
index 0000000..d4337bd
--- /dev/null
+++ b/nixos/lxc-template.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, lib, ... }: {
+  # Can't import common completely due to infinite recursion
+  imports = [ ./common/users ./common/generic-lxc.nix ];
+
+  # Enable SSH
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    permitRootLogin = "yes";
+  };
+
+  time.timeZone = lib.mkDefault "Europe/Amsterdam";
+
+  networking.interfaces.eth0.useDHCP = true;
+
+  system.stateVersion = "22.11";
+}
diff --git a/nixos/util.nix b/nixos/util.nix
index ce8649b..665a927 100644
--- a/nixos/util.nix
+++ b/nixos/util.nix
@@ -1,7 +1,6 @@
 { nixpkgs, home-manager, hyprland, mailserver, ... }:
 let
-  inherit (nixpkgs) lib;
-  inherit (builtins) filter mapAttrs attrValues concatLists;
+  inherit (builtins) filter attrValues concatLists;
 
   # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
   resolve_imports =