v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

add lxc template generator

Browse source
This commit is contained in:
Vivian 2022-10-15 13:44:27 +02:00
parent 78370fb23b
commit 919ab390de
5 changed files with 68 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
.github/workflows/nixos.yml vendored
View file

@ -51,11 +51,23 @@ jobs:
- name: "Build NixOS ISO ❄️" - name: "Build NixOS ISO ❄️"
run: | run: |
nix build '.#iso' nix build '.#iso'
- uses: actions/upload-artifact@v3 build-lxc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.2
- name: "Install Nix ❄️"
uses: cachix/install-nix-action@v15
- name: "Install Cachix ❄️"
uses: cachix/cachix-action@v10
with: with:
name: nixos-iso name: 0x76-infra
retention-days: 3 authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
path: result/iso/*.iso
- name: "Build NixOS Proxmox LXC ❄️"
run: |
nix build '.#proxmox-lxc'
build-olympus: build-olympus:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

67
flake.nix
View file

@ -44,19 +44,9 @@
}; };
}; };
outputs = outputs = { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers
{ self , colmena, home-manager, hyprpaper, hyprland, nixos-generators, ...
, nixpkgs }@inputs:
, vault-secrets
, serokell-nix
, minecraft-servers
, colmena
, home-manager
, hyprpaper
, hyprland
, nixos-generators
, ...
} @ inputs:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit (builtins) mapAttrs; inherit (builtins) mapAttrs;
@ -84,37 +74,46 @@
# Script to apply local colmena deployments # Script to apply local colmena deployments
apply-local = pkgs.writeScriptBin "apply-local" '' apply-local = pkgs.writeScriptBin "apply-local" ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
"${colmena.packages.${system}.colmena}"/bin/colmena apply-local --sudo $@ "${
colmena.packages.${system}.colmena
}"/bin/colmena apply-local --sudo $@
''; '';
in in {
{
# Make the nixosConfigurations for compat reasons # Make the nixosConfigurations for compat reasons
nixosConfigurations = (import (inputs.colmena + "/src/nix/hive/eval.nix") { nixosConfigurations =
rawFlake = self; (import (inputs.colmena + "/src/nix/hive/eval.nix") {
colmenaOptions = import (inputs.colmena + "/src/nix/hive/options.nix"); rawFlake = self;
colmenaModules = import (inputs.colmena + "/src/nix/hive/modules.nix"); colmenaOptions =
}).nodes; import (inputs.colmena + "/src/nix/hive/options.nix");
colmenaModules =
import (inputs.colmena + "/src/nix/hive/modules.nix");
}).nodes;
# Make the colmena configuration # Make the colmena configuration
colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) {
{ meta = {
meta = { inherit specialArgs;
inherit specialArgs; nixpkgs = pkgs;
nixpkgs = pkgs; };
}; } nixHosts;
}
nixHosts;
packages.${system} = { packages.${system} = {
inherit apply-local;
default = colmena.packages.${system}.colmena; default = colmena.packages.${system}.colmena;
apply-local = apply-local;
iso = nixos-generators.nixosGenerate { iso = nixos-generators.nixosGenerate {
inherit system pkgs; inherit system pkgs;
format = "iso"; format = "iso";
modules = [ (import ./nixos/iso.nix) ];
};
proxmox-lxc = nixos-generators.nixosGenerate {
inherit system pkgs;
format = "proxmox-lxc";
modules = [ modules = [
(import ./nixos/iso.nix) "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
(import ./nixos/lxc-template.nix)
]; ];
}; };
}; };
@ -134,8 +133,8 @@
nixfmt nixfmt
nixUnstable nixUnstable
vault vault
(vault-push-approle-envs self {}) (vault-push-approle-envs self { })
(vault-push-approles self {}) (vault-push-approles self { })
]; ];
}; };
}; };

1
nixos/common/generic-vm.nix
View file

@ -1,4 +1,5 @@
{ lib, ... }: { { lib, ... }: {
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config # Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour. # replicates the default behaviour.

17
nixos/lxc-template.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }: {
# Can't import common completely due to infinite recursion
imports = [ ./common/users ./common/generic-lxc.nix ];
# Enable SSH
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "yes";
};
time.timeZone = lib.mkDefault "Europe/Amsterdam";
networking.interfaces.eth0.useDHCP = true;
system.stateVersion = "22.11";
}

3
nixos/util.nix
View file

@ -1,7 +1,6 @@
{ nixpkgs, home-manager, hyprland, mailserver, ... }: { nixpkgs, home-manager, hyprland, mailserver, ... }:
let let
inherit (nixpkgs) lib; inherit (builtins) filter attrValues concatLists;
inherit (builtins) filter mapAttrs attrValues concatLists;
# Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal) # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
resolve_imports = resolve_imports =