updates and migrations

flake.nix

@@ -123,13 +123,15 @@
         proxmox-lxc = nixos-generators.nixosGenerate {
           inherit pkgs;
           format = "proxmox-lxc";
-          modules = [ (import ./nixos/templates/proxmox-lxc.nix) ];
+          modules = (util.base_imports)
+            ++ [ (import ./nixos/templates/proxmox-lxc.nix) ];
         };
 
         proxmox-vm = nixos-generators.nixosGenerate {
           inherit system pkgs;
           format = "proxmox";
-          modules = [ (import ./nixos/templates/proxmox-vm.nix) ];
+          modules = (util.base_imports)
+            ++ [ (import ./nixos/templates/proxmox-vm.nix) ];
         };
       };
 

nixos/common/desktop/default.nix

@@ -1,7 +1,7 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
   # Bootloader.
   boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
     loader = {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;

nixos/hosts/olympus/dhcp/configuration.nix

@@ -6,6 +6,11 @@ let
     hostName = hostname;
     ipAddress = ip;
   };
+  hostToKea = {hostname, mac, ip, ...}: {
+    inherit hostname;
+    hw-address = mac;
+    ip-address = ip;
+  };
   localDomain = config.networking.domain;
   hosts =
     filter (h: hasAttr "ip" h && hasAttr "mac" h && h.realm == localDomain)
@@ -51,4 +56,73 @@ in {
     '';
     machines = map hostToDhcp hosts;
   };
+
+  services.kea = {
+    dhcp4 = {
+      enable = false;
+      settings = {
+        authoritative = true;
+        valid-lifetime = 4000;
+        rebind-timer = 2000;
+        renew-timer = 1000;
+
+        interfaces-config.interfaces = [ "eth0" ];
+
+        lease-database = {
+          name = "/var/lib/kea/dhcp4.leases";
+          persist = true;
+          type = "memfile";
+        };
+
+        option-data = [
+          {
+            space = "dhcp4";
+            name = "subnet-mask";
+            code = 1;
+            data = "255.255.254.0";
+          }
+          {
+            space = "dhcp4";
+            name = "broadcast-address";
+            code = 28;
+            data = "10.42.43.255";
+          }
+          {
+            space = "dhcp4";
+            name = "routers";
+            code = 3;
+            data = "10.42.42.1";
+          }
+          {
+            space = "dhcp4";
+            name = "domain-name-servers";
+            code = 6;
+            data = "10.42.42.15; 10.42.42.16";
+          }
+          {
+            space = "dhcp4";
+            name = "domain-name";
+            code = 15;
+            data = "${localDomain}";
+          }
+          {
+            space = "dhcp4";
+            name = "domain-search";
+            code = 119;
+            data = "${localDomain}";
+          }
+        ];
+
+        subnet4 = [{
+          id = 1;
+          pools = [{ pool = "10.42.43.1 - 10.42.43.254"; }];
+          subnet = "10.42.42.0/23";
+        }];
+
+        host-reservation-identifiers = [ "hw-address" ];
+        reservation-mode = "global";
+        reservations = map hostToKea hosts;
+      };
+    };
+  };
 }

nixos/hosts/olympus/gitea/configuration.nix

@@ -22,7 +22,7 @@ in
 
   environment.noXlibs = lib.mkForce false;
 
-  networking.firewall.allowedTCPPorts = [ config.services.gitea.httpPort ];
+  networking.firewall.allowedTCPPorts = [ config.services.gitea.settings.server.HTTP_PORT ];
 
   services.openssh.startWhenNeeded = false;
 
@@ -47,9 +47,7 @@ in
 
   services.gitea = {
     enable = true;
-    domain = "git.0x76.dev";
     package = pkgs.forgejo;
-    rootUrl = "https://git.0x76.dev";
     lfs.enable = true;
     dump.type = "tar.gz";
     database.type = "postgres";
@@ -80,8 +78,10 @@ in
         "USE_SERVICE_WORKER" = true;
       };
       server = {
-        "LANDING_PAGE" = "explore";
+        LANDING_PAGE = "explore";
-        "SSH_PORT" = 42;
+        SSH_PORT = 42;
+        DOMAIN = "git.0x76.dev";
+        ROOT_URL = "https://git.0x76.dev";
       };
       session = {
         "PROVIDER" = "db";

nixos/hosts/thalassa/eevee/configuration.nix

@@ -12,16 +12,8 @@
   # Bootloader.
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-      efi.efiSysMountPoint = "/boot/efi";
-    };
-    kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; };
     initrd = {
       kernelModules =  [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
-      systemd.enable = true;
-      verbose = false;
     };
   };
 

nixos/util.nix

@@ -2,9 +2,11 @@
 let
   inherit (builtins) filter attrValues concatMap mapAttrs;
   inherit (nixpkgs.lib.attrsets) mapAttrsToList;
-  # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
+  base_imports = [
-  resolve_imports = let
+    home-manager.nixosModules.home-manager
-    # lookup table
+    mailserver.nixosModules.mailserver
+  ];
+  type_import = let
     import_cases = {
       "lxc" = [
         "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
@@ -13,14 +15,14 @@ let
       "vm" = [ ./common/generic-vm.nix ];
       "local" = [ ];
     };
-  in { hostname, realm, profile ? hostname, type ? "lxc", ... }:
+  in type: import_cases.${type} ++ base_imports;
-  [
+  # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
-    home-manager.nixosModules.home-manager
+  resolve_imports = { hostname, realm, profile ? hostname, type ? "lxc", ... }:
-    mailserver.nixosModules.mailserver
+    type_import type
-    ./common
+    ++ [ ./common "${./.}/hosts/${realm}/${profile}/configuration.nix" ];
-    "${./.}/hosts/${realm}/${profile}/configuration.nix"
+
-  ] ++ import_cases.${type};
 in {
+  inherit base_imports type_import resolve_imports;
   # Add to whatever realm a host belong to its list of tags
   add_realm_to_tags = mapAttrs (realm:
     mapAttrs (hostname: