From 3cda9d73aa2783d38b4decfc3820a002fbfb1f62 Mon Sep 17 00:00:00 2001 From: rhaenys Date: Thu, 14 Nov 2024 19:40:25 -0300 Subject: [PATCH] feat: initial commit w proxmox --- flake.lock | 163 +++++++++++++++++++++++ flake.nix | 27 ++++ nixos/common.nix | 11 ++ nixos/essos/configuration.nix | 72 ++++++++++ nixos/essos/hardware-configuration.nix | 38 ++++++ nixos/essos/hypervisor.nix | 173 +++++++++++++++++++++++++ 6 files changed, 484 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 nixos/common.nix create mode 100644 nixos/essos/configuration.nix create mode 100644 nixos/essos/hardware-configuration.nix create mode 100644 nixos/essos/hypervisor.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..97680bf --- /dev/null +++ b/flake.lock @@ -0,0 +1,163 @@ +{ + "nodes": { + "crane": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1717383740, + "narHash": "sha256-559HbY4uhNeoYvK3H6AMZAtVfmR3y8plXZ1x6ON/cWU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "b65673fce97d277934488a451724be94cc62499a", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "v0.17.3", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1723556749, + "narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4a92571f9207810b559c9eac203d1f4d79830073", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.05", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1723637854, + "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1714656196, + "narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "94035b482d181af0a0f8f77823a790b256b7c3cc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "proxmox-nixos": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-unstable": "nixpkgs-unstable", + "utils": "utils" + }, + "locked": { + "lastModified": 1730963029, + "narHash": "sha256-+jlyA9jROgLjHKHXTLgJWmhQ0xK95LjKXQaRe2gxP7A=", + "owner": "5aaee9", + "repo": "proxmox-nixos", + "rev": "31e7e10c75d43313db000ff9834e7befebe6eb01", + "type": "github" + }, + "original": { + "owner": "5aaee9", + "repo": "proxmox-nixos", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "proxmox-nixos": "proxmox-nixos" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3677a20 --- /dev/null +++ b/flake.nix @@ -0,0 +1,27 @@ +{ + description = "Renesto's Nix configurations"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + #proxmox-nixos.url = "github:SaumonNet/proxmox-nixos"; + proxmox-nixos.url = "github:5aaee9/proxmox-nixos"; + }; + + outputs = { nixpkgs, proxmox-nixos, ... }@inputs: let + inherit (nixpkgs.lib) nixosSystem; + + overlays = [ ]; + in rec { + nixosConfigurations = { + essos = nixosSystem { + system = "x86_64-linux"; + modules = [ + proxmox-nixos.nixosModules.proxmox-ve + ./nixos/essos/configuration.nix + ./nixos/common.nix + ]; + specialArgs = { inherit inputs; overlays = overlays; }; + }; + }; + }; +} diff --git a/nixos/common.nix b/nixos/common.nix new file mode 100644 index 0000000..ccff2f4 --- /dev/null +++ b/nixos/common.nix @@ -0,0 +1,11 @@ +{ inputs, lib, config, pkgs, overlays, ...}: { + nixpkgs.overlays = overlays; + + environment.systemPackages = with pkgs; [ + neovim + wget + bottom + bat + ripgrep + ]; +} diff --git a/nixos/essos/configuration.nix b/nixos/essos/configuration.nix new file mode 100644 index 0000000..5b5a9e6 --- /dev/null +++ b/nixos/essos/configuration.nix @@ -0,0 +1,72 @@ +{ inputs, lib, config, pkgs, ...}: { + imports = [ + ./hardware-configuration.nix + ./hypervisor.nix + ]; + + nix = { + extraOptions = '' + experimental-features = nix-command flakes + ''; + registry = lib.mapAttrs' (n: v: lib.nameValuePair n { flake = v; }) inputs; + }; + + boot.loader = { + systemd-boot = { + enable = true; + }; + efi.canTouchEfiVariables = true; + timeout = 1; + }; + + networking = { + hostName = "essos"; + + #wireless.enable = true; + firewall.enable = true; + + networkmanager.enable = true; + + hosts = { + "10.1.1.1" = [ "essos" ]; + }; + }; + + time.timeZone = "America/Sao_Paulo"; + + i18n.defaultLocale = "en_US.UTF-8"; + + console = { + font = "Lat2-Terminus16"; + keyMap = "dvorak"; + }; + + users.users = { + elise = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + }; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + programs.zsh.enable = true; + + services = { + openssh = { + enable = true; + passwordAuthentication = true; + }; + + logind.lidSwitch = "ignore"; + }; + + services.proxmox-ve.enable = true; + nixpkgs.overlays = [ inputs.proxmox-nixos.overlays.x86_64-linux ]; + + system.stateVersion = "22.11"; +} diff --git a/nixos/essos/hardware-configuration.nix b/nixos/essos/hardware-configuration.nix new file mode 100644 index 0000000..19b6529 --- /dev/null +++ b/nixos/essos/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/nvme0n1p2"; + fsType = "xfs"; + }; + + fileSystems."/boot" = + { device = "/dev/nvme0n1p1"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + #powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/essos/hypervisor.nix b/nixos/essos/hypervisor.nix new file mode 100644 index 0000000..9301300 --- /dev/null +++ b/nixos/essos/hypervisor.nix @@ -0,0 +1,173 @@ +{ lib, pkgs, config, ... }: { + systemd.network.wait-online.enable = false; + + #networking.wlanInterfaces = { + # wlan-ap0 = { + # device = "wlp0s20f3"; + # mac = "d2:61:cf:a2:df:57"; + # }; + #}; + + systemd.network.enable = true; + + systemd.network.netdevs."wlan-ap0" = { + enable = true; + netdevConfig = { + Name = "wlan-ap0"; + Kind = "wlan"; + }; + wlanConfig = { + PhysicalDevice = 0; + Type = "ap"; + }; + }; + + systemd.network.networks."10-ap" = { + matchConfig = { + #Name = "wlan-ap0"; + Name = "vmbr0"; + }; + + networkConfig = { + Address = "10.1.1.1/16"; + Gateway = "10.1.1.1"; + }; + }; + + networking.defaultGateway = { + address = "192.168.0.1"; + interface = "wlp0s20f3"; + }; + + networking.networkmanager.unmanaged = [ "wlan-ap0" "vmbr0" ]; + + networking.bridges = { + vmbr0 = { + interfaces = [ "wlan-ap0" ]; + }; + }; + + networking.nftables = { + enable = true; + ruleset = '' + table ip nat { + chain PREROUTING { + type nat hook prerouting priority dstnat; policy accept; + } + } + ''; + }; + + networking.nat = { + enable = true; + internalInterfaces = [ "vmbr0" ]; + externalInterface = "wlp0s20f3"; + }; + + networking.hosts = { + "10.1.1.1" = [ "essos.local" ]; + "10.1.2.1" = [ "nas.essos.local" ]; + }; + + networking.nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + + networking.resolvconf.enable = false; + + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + services.hostapd = { + enable = true; + radios = { + wlan-ap0 = { + band = "5g"; + channel = 153; + networks.wlan-ap0 = { + ssid = "essos"; + authentication.saePasswords = [{ password = "valar morghulis"; }]; + }; + }; + }; + }; + + services.kea.dhcp4 = { + enable = true; + settings = { + interfaces-config = { + interfaces = [ "vmbr0" ]; + }; + + valid-lifetime = 4000; + renew-timer = 1000; + rebind-timer = 1000; + + lease-database = { + type = "memfile"; + persist = true; + name = "/var/lib/kea/dhcp4.leases"; + }; + + option-data = [ + { + name = "domain-name-servers"; + code = 6; + space = "dhcp4"; + csv-format = true; + data = "10.1.1.1"; + always-send = true; + } + + { + name = "routers"; + data = "10.1.1.1"; + } + ]; + + subnet4 = [ + { + id = 1; + pools = [{ pool = "10.1.1.2 - 10.1.1.240"; }]; + subnet = "10.1.1.0/16"; + } + ]; + }; + }; + + services.resolved.enable = lib.mkForce false; + + services.dnsmasq = let + resolv = pkgs.writeTextFile { + name = "vmbr0-resolv.conf"; + text = '' + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + }; + in { + enable = true; + + settings = { + resolv-file = "${resolv}"; + #listen-address = "10.1.1.1"; + }; + }; + + services.nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."console.essos.local" = { + locations."/" = { + proxyPass = "https://10.1.1.1:8006"; + extraConfig = '' + proxy_ssl_server_name on; + ''; + }; + }; + }; +} -- 2.47.0