feat: initial commit w proxmox
6 files changed, 484 insertions(+), 0 deletions(-) A flake.lock A flake.nix A nixos/common.nix A nixos/essos/configuration.nix A nixos/essos/hardware-configuration.nix A nixos/essos/hypervisor.nix
A => flake.lock +163 -0
@@ 1,163 @@ { "nodes": { "crane": { "inputs": { "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1717383740, "narHash": "sha256-559HbY4uhNeoYvK3H6AMZAtVfmR3y8plXZ1x6ON/cWU=", "owner": "ipetkov", "repo": "crane", "rev": "b65673fce97d277934488a451724be94cc62499a", "type": "github" }, "original": { "owner": "ipetkov", "ref": "v0.17.3", "repo": "crane", "type": "github" } }, "flake-compat": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { "owner": "edolstra", "repo": "flake-compat", "type": "github" } }, "nixpkgs": { "locked": { "lastModified": 1731139594, "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { "lastModified": 1723556749, "narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=", "owner": "NixOS", "repo": "nixpkgs", "rev": "4a92571f9207810b559c9eac203d1f4d79830073", "type": "github" }, "original": { "id": "nixpkgs", "ref": "nixos-24.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { "lastModified": 1723637854, "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", "owner": "NixOS", "repo": "nixpkgs", "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", "type": "github" }, "original": { "id": "nixpkgs", "ref": "nixos-unstable", "type": "indirect" } }, "nixpkgs_2": { "locked": { "lastModified": 1714656196, "narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", "owner": "NixOS", "repo": "nixpkgs", "rev": "94035b482d181af0a0f8f77823a790b256b7c3cc", "type": "github" }, "original": { "owner": "NixOS", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "proxmox-nixos": { "inputs": { "crane": "crane", "flake-compat": "flake-compat", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "utils": "utils" }, "locked": { "lastModified": 1730963029, "narHash": "sha256-+jlyA9jROgLjHKHXTLgJWmhQ0xK95LjKXQaRe2gxP7A=", "owner": "5aaee9", "repo": "proxmox-nixos", "rev": "31e7e10c75d43313db000ff9834e7befebe6eb01", "type": "github" }, "original": { "owner": "5aaee9", "repo": "proxmox-nixos", "type": "github" } }, "root": { "inputs": { "nixpkgs": "nixpkgs", "proxmox-nixos": "proxmox-nixos" } }, "systems": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", "repo": "default", "type": "github" } }, "utils": { "inputs": { "systems": "systems" }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { "owner": "numtide", "repo": "flake-utils", "type": "github" } } }, "root": "root", "version": 7 }
A => flake.nix +27 -0
@@ 1,27 @@ { description = "Renesto's Nix configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; #proxmox-nixos.url = "github:SaumonNet/proxmox-nixos"; proxmox-nixos.url = "github:5aaee9/proxmox-nixos"; }; outputs = { nixpkgs, proxmox-nixos, ... }@inputs: let inherit (nixpkgs.lib) nixosSystem; overlays = [ ]; in rec { nixosConfigurations = { essos = nixosSystem { system = "x86_64-linux"; modules = [ proxmox-nixos.nixosModules.proxmox-ve ./nixos/essos/configuration.nix ./nixos/common.nix ]; specialArgs = { inherit inputs; overlays = overlays; }; }; }; }; }
A => nixos/common.nix +11 -0
@@ 1,11 @@ { inputs, lib, config, pkgs, overlays, ...}: { nixpkgs.overlays = overlays; environment.systemPackages = with pkgs; [ neovim wget bottom bat ripgrep ]; }
A => nixos/essos/configuration.nix +72 -0
@@ 1,72 @@ { inputs, lib, config, pkgs, ...}: { imports = [ ./hardware-configuration.nix ./hypervisor.nix ]; nix = { extraOptions = '' experimental-features = nix-command flakes ''; registry = lib.mapAttrs' (n: v: lib.nameValuePair n { flake = v; }) inputs; }; boot.loader = { systemd-boot = { enable = true; }; efi.canTouchEfiVariables = true; timeout = 1; }; networking = { hostName = "essos"; #wireless.enable = true; firewall.enable = true; networkmanager.enable = true; hosts = { "10.1.1.1" = [ "essos" ]; }; }; time.timeZone = "America/Sao_Paulo"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "dvorak"; }; users.users = { elise = { isNormalUser = true; extraGroups = [ "wheel" ]; shell = pkgs.zsh; }; }; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; programs.zsh.enable = true; services = { openssh = { enable = true; passwordAuthentication = true; }; logind.lidSwitch = "ignore"; }; services.proxmox-ve.enable = true; nixpkgs.overlays = [ inputs.proxmox-nixos.overlays.x86_64-linux ]; system.stateVersion = "22.11"; }
A => nixos/essos/hardware-configuration.nix +38 -0
@@ 1,38 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/nvme0n1p2"; fsType = "xfs"; }; fileSystems."/boot" = { device = "/dev/nvme0n1p1"; fsType = "vfat"; }; swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; #powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }
A => nixos/essos/hypervisor.nix +173 -0
@@ 1,173 @@ { lib, pkgs, config, ... }: { systemd.network.wait-online.enable = false; #networking.wlanInterfaces = { # wlan-ap0 = { # device = "wlp0s20f3"; # mac = "d2:61:cf:a2:df:57"; # }; #}; systemd.network.enable = true; systemd.network.netdevs."wlan-ap0" = { enable = true; netdevConfig = { Name = "wlan-ap0"; Kind = "wlan"; }; wlanConfig = { PhysicalDevice = 0; Type = "ap"; }; }; systemd.network.networks."10-ap" = { matchConfig = { #Name = "wlan-ap0"; Name = "vmbr0"; }; networkConfig = { Address = "10.1.1.1/16"; Gateway = "10.1.1.1"; }; }; networking.defaultGateway = { address = "192.168.0.1"; interface = "wlp0s20f3"; }; networking.networkmanager.unmanaged = [ "wlan-ap0" "vmbr0" ]; networking.bridges = { vmbr0 = { interfaces = [ "wlan-ap0" ]; }; }; networking.nftables = { enable = true; ruleset = '' table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } } ''; }; networking.nat = { enable = true; internalInterfaces = [ "vmbr0" ]; externalInterface = "wlp0s20f3"; }; networking.hosts = { "10.1.1.1" = [ "essos.local" ]; "10.1.2.1" = [ "nas.essos.local" ]; }; networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; networking.resolvconf.enable = false; networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; services.hostapd = { enable = true; radios = { wlan-ap0 = { band = "5g"; channel = 153; networks.wlan-ap0 = { ssid = "essos"; authentication.saePasswords = [{ password = "valar morghulis"; }]; }; }; }; }; services.kea.dhcp4 = { enable = true; settings = { interfaces-config = { interfaces = [ "vmbr0" ]; }; valid-lifetime = 4000; renew-timer = 1000; rebind-timer = 1000; lease-database = { type = "memfile"; persist = true; name = "/var/lib/kea/dhcp4.leases"; }; option-data = [ { name = "domain-name-servers"; code = 6; space = "dhcp4"; csv-format = true; data = "10.1.1.1"; always-send = true; } { name = "routers"; data = "10.1.1.1"; } ]; subnet4 = [ { id = 1; pools = [{ pool = "10.1.1.2 - 10.1.1.240"; }]; subnet = "10.1.1.0/16"; } ]; }; }; services.resolved.enable = lib.mkForce false; services.dnsmasq = let resolv = pkgs.writeTextFile { name = "vmbr0-resolv.conf"; text = '' nameserver 1.1.1.1 nameserver 1.0.0.1 ''; }; in { enable = true; settings = { resolv-file = "${resolv}"; #listen-address = "10.1.1.1"; }; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."console.essos.local" = { locations."/" = { proxyPass = "https://10.1.1.1:8006"; extraConfig = '' proxy_ssl_server_name on; ''; }; }; }; }