fix template + minor refactor

nixos/common/common.nix

@@ -0,0 +1,78 @@
+{ config, lib, pkgs, ... }: {
+  imports = [
+    ./users
+    ./modules
+  ];
+
+  # Clean /tmp on boot.
+  boot.cleanTmpDir = true;
+
+  # Set your time zone.
+  time.timeZone = lib.mkDefault "Europe/Amsterdam";
+
+  # Systemd OOMd
+  # Fedora enables these options by default. See the 10-oomd-* files here:
+  # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
+  systemd.oomd = {
+    enableRootSlice = true;
+    enableUserServices = true;
+  };
+
+  # Nix Settings
+  nix = {
+    package = pkgs.nixUnstable;
+    settings = {
+      auto-optimise-store = true;
+      trusted-users = [ "root" "victor" ];
+      substituters = [
+        "https://cachix.cachix.org"
+        "https://nix-community.cachix.org"
+        "https://nixpkgs-review-bot.cachix.org"
+        "https://colmena.cachix.org"
+        "https://hyprland.cachix.org"
+        "https://cache.garnix.io"
+        "https://0x76-infra.cachix.org"
+        "https://webcord.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
+        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
+        "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
+      ];
+    };
+    optimise = {
+      automatic = true;
+      dates = [ "weekly" ];
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      randomizedDelaySec = "3h";
+      options = "--delete-older-than 7d";
+    };
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  # Limit the systemd journal to 100 MB of disk or the
+  # last 7 days of logs, whichever happens first.
+  services.journald.extraConfig = ''
+    SystemMaxUse=100M
+    MaxFileSec=7day
+  '';
+
+  # Enable SSH
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    permitRootLogin = lib.mkDefault "no";
+  };
+}

nixos/common/default.nix

@@ -1,85 +1,14 @@
-{ config, lib, pkgs, inputs, ... }: {
-  imports = [
+{ inputs, lib, config, ... }: {
+  # This file deals with everything requiring `inputs`, the rest being delagated to `common.nix`
+  # this is because we can't import inputs from all contexts as that can lead to infinite recursion.
+  import = [
+    ./common.nix
     inputs.vault-secrets.nixosModules.vault-secrets
-    ./users
-    ./modules
   ];
 
-  # Clean /tmp on boot.
-  boot.cleanTmpDir = true;
+  nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+  nix.registry.nixpkgs.flake =  inputs.nixpkgs;
 
-  # Set your time zone.
-  time.timeZone = lib.mkDefault "Europe/Amsterdam";
-
-  # Systemd OOMd
-  # Fedora enables these options by default. See the 10-oomd-* files here:
-  # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
-  systemd.oomd = {
-    enableRootSlice = true;
-    enableUserServices = true;
-  };
-
-  # Nix Settings
-  nix = {
-    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-    package = pkgs.nixUnstable;
-    registry.nixpkgs.flake = inputs.nixpkgs;
-    settings = {
-      auto-optimise-store = true;
-      trusted-users = [ "root" "victor" ];
-      substituters = [
-        "https://cachix.cachix.org"
-        "https://nix-community.cachix.org"
-        "https://nixpkgs-review-bot.cachix.org"
-        "https://colmena.cachix.org"
-        "https://hyprland.cachix.org"
-        "https://cache.garnix.io"
-        "https://0x76-infra.cachix.org"
-        "https://webcord.cachix.org"
-      ];
-      trusted-public-keys = [
-        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
-        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
-        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
-        "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
-        "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
-      ];
-    };
-    optimise = {
-      automatic = true;
-      dates = [ "weekly" ];
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      randomizedDelaySec = "3h";
-      options = "--delete-older-than 7d";
-    };
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  # Limit the systemd journal to 100 MB of disk or the
-  # last 7 days of logs, whichever happens first.
-  services.journald.extraConfig = ''
-    SystemMaxUse=100M
-    MaxFileSec=7day
-  '';
-
-  # Enable SSH
-  services.openssh = {
-    enable = true;
-    passwordAuthentication = false;
-    permitRootLogin = "no";
-  };
-
-  # Configure vault-secrets based on domain
   vault-secrets = let
     inherit (config.networking) domain hostName;
     server = if domain == "olympus" then "vault" else "vault-0";
@@ -88,4 +17,4 @@
     vaultAddress = "http://${server}.${domain}:8200/";
     approlePrefix = "${domain}-${hostName}";
   };
-}
+}

nixos/hosts/hades/bazarr/configuration.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 {
-  system.stateVersion = "21.05";
+  system.stateVersion = "22.11";
   networking.interfaces.eth0.useDHCP = true;
 
   fileSystems."/mnt/storage" = {

nixos/hosts/hades/default.nix

@@ -90,6 +90,11 @@
     mac = "00:50:56:91:3b:03";
     nix = false;
   }
+  {
+    hostname = "bazarr";
+    ip = "192.168.0.119";
+    mac = "DE:7C:32:7E:DD:A1";
+  }
   {
     hostname = "radarr2";
     ip = "192.168.0.120";
@@ -101,6 +106,7 @@
     ip = "192.168.0.121";
     mac = "4e:e7:64:b7:88:b8";
     profile = "jackett";
+    nix = false; # superseded by prowlarr 
   }
   {
     hostname = "nginx";

nixos/hosts/thalassa/null/configuration.nix

@@ -30,7 +30,8 @@ let
 
     exec Hyprland
   '';
-in {
+in
+{
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
@@ -93,14 +94,14 @@ in {
   fileSystems."/nix".options = [ "compress=zstd" "noatime" ];
 
   # Filesystem dedup
-  #services.beesd.filesystems = {
+  # services.beesd.filesystems = {
   #  root = {
   #    spec = "LABEL=nixos";
   #    hashTableSizeMB = 256;
   #    verbosity = "crit";
   #    extraOptions = [ "--loadavg-target" "2.0" ];
   #  };
-  #};
+  # };
 
   # Select internationalisation properties.
   i18n.defaultLocale = "en_GB.utf8";

nixos/lxc-template.nix

@@ -1,19 +1,27 @@
 { config, pkgs, lib, ... }: {
-  # Can't import common completely due to infinite recursion
-  imports = [ ./common/users ./common/generic-lxc.nix ];
+  imports = [ ./common/common.nix ./common/generic-lxc.nix ];
 
+  proxmoxLXC = {
+    manageNetwork = true;
+    manageHostName = true;
+    privileged = false;
+  };
+  
   # Enable SSH
   services.openssh = {
     enable = true;
     passwordAuthentication = false;
     permitRootLogin = "yes";
+    openFirewall = true;
   };
 
   networking.hostName = "template";
 
   time.timeZone = lib.mkDefault "Europe/Amsterdam";
 
-  networking.interfaces.eth0.useDHCP = true;
+  networking.useDHCP = true;
 
   system.stateVersion = "22.11";
+
+  users.users.root.initialPassword = "toor";
 }