lxc config

2022-02-11 14:07:03 +03:00 · 2022-02-11 14:07:03 +03:00 · db0d376595
commit db0d376595
parent 00b65f0106
14 changed files with 128 additions and 62 deletions
--- a/flake.lock
+++ b/flake.lock
@ -99,11 +99,11 @@
    },
    "flake-utils_2": {
      "locked": {
-        "lastModified": 1642700792,
-        "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
+        "lastModified": 1644229661,
+        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+        "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
        "type": "github"
      },
      "original": {
@ -134,11 +134,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1643307345,
-        "narHash": "sha256-xiu7i6Q3Dqu4lLfDNaAL/f2DVewBxL+ysMuAyJiGv+4=",
+        "lastModified": 1644534280,
+        "narHash": "sha256-Gzf/Jq/F1vvTp6XkzPU+pBCj3OSAFLiR7f0ptwRseiI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4e92ec84f93a293042a64c3ed56ac8aee62fb6e1",
+        "rev": "6d9d9294d09b5e88df65f8c6651efb8a4d7d2476",
        "type": "github"
      },
      "original": {
@ -224,11 +224,11 @@
        "nixpkgs-regression": "nixpkgs-regression"
      },
      "locked": {
-        "lastModified": 1643379043,
-        "narHash": "sha256-TCOGKEuHBLgqfCUkMmEWsC/fCynmrPn4xXhZHKSa+0g=",
+        "lastModified": 1644524107,
+        "narHash": "sha256-X/4pRZ4RkG2AhurEER8DQecqB1FaX34jFc7bTpkd4PU=",
        "owner": "nixos",
        "repo": "nix",
-        "rev": "4bf6af7b555033de5c1d6851edb60a91940d43c3",
+        "rev": "5b809f9e0e0fe84304c2ae0f5f7b2d4db02565ad",
        "type": "github"
      },
      "original": {
@ -306,11 +306,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1643403894,
-        "narHash": "sha256-5j30wrw5HN/xhEChv+wfCRzTmJeJuB/mMGLlfw/PofY=",
+        "lastModified": 1644572214,
+        "narHash": "sha256-ATafeAQayQX4QQLYuicwJUghS46OXe/xOi04SR3+AvI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e87db3c8c332cfed455f39a7784f473bab886c2d",
+        "rev": "e1e76842a1d5303a4b0d2af0087a4be112f12369",
        "type": "github"
      },
      "original": {
@ -323,11 +323,11 @@
    "nixpkgs-mozilla": {
      "flake": false,
      "locked": {
-        "lastModified": 1638887313,
-        "narHash": "sha256-FMYV6rVtvSIfthgC1sK1xugh3y7muoQcvduMdriz4ag=",
+        "lastModified": 1643634764,
+        "narHash": "sha256-EcFlgzZnZSHwZixELYV1pa267t+u5mCeLhSNBeAA/+c=",
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
-        "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f",
+        "rev": "f233fdc4ff6ba2ffeb1e3e3cd6d63bb1297d6996",
        "type": "github"
      },
      "original": {
@ -369,11 +369,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1643247693,
-        "narHash": "sha256-rmShxIuNjYBz4l83J0J++sug+MURUY1koPCzX4F8hfo=",
+        "lastModified": 1644472683,
+        "narHash": "sha256-sP6iM4NksOYO6NFfTJ96cg+ClPnq6cdY30xKA1iYtyU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca",
+        "rev": "7adc9c14ec74b27358a8df9b973087e351425a79",
        "type": "github"
      },
      "original": {
@ -391,11 +391,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1643400116,
-        "narHash": "sha256-q8BH3R1FlsFJqKKPCCPPFUuRy0TdUd5PUzrlVH3NZ3Q=",
+        "lastModified": 1644572525,
+        "narHash": "sha256-x/ITjqXCJATZ9vRrK45aVzb5beYMvA1SlZvZ6IS4EuI=",
        "owner": "nix-community",
        "repo": "nixpkgs-wayland",
-        "rev": "ea3913eda1ed45951e6f47e43b26e3bc8f9f756d",
+        "rev": "a3cd4ebb1c8332477ee5009b01823878dca5fd5b",
        "type": "github"
      },
      "original": {
@ -421,11 +421,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1643650039,
-        "narHash": "sha256-/CNYphB5xu/1eoDSPozkXXU+L+qtpRVF2QyGtt1xKTw=",
+        "lastModified": 1644572214,
+        "narHash": "sha256-ATafeAQayQX4QQLYuicwJUghS46OXe/xOi04SR3+AvI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a0ba069da39a5dc38ff3009423b2700c2fb5447d",
+        "rev": "e1e76842a1d5303a4b0d2af0087a4be112f12369",
        "type": "github"
      },
      "original": {
@ -436,11 +436,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1643169865,
-        "narHash": "sha256-+KIpNRazbc8Gac9jdWCKQkFv9bjceaLaLhlwqUEYu8c=",
+        "lastModified": 1644420267,
+        "narHash": "sha256-rFJuctggkjM412OC6OGPdXogFp7czGDW05ueWqpJbj8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "945ec499041db73043f745fad3b2a3a01e826081",
+        "rev": "98bb5b77c8c6666824a4c13d23befa1e07210ef1",
        "type": "github"
      },
      "original": {
@ -485,11 +485,11 @@
    "qbittorrent-ee": {
      "flake": false,
      "locked": {
-        "lastModified": 1643267137,
-        "narHash": "sha256-FHX0FYCpVqg8UmerQiq3vWKSbmsxO4FG4rxxEsIMOLE=",
+        "lastModified": 1644253080,
+        "narHash": "sha256-0tzLqWo/apr5iDV2q4gLDtJnccJF+VdkE1Tp7T1IYww=",
        "owner": "c0re100",
        "repo": "qBittorrent-Enhanced-Edition",
-        "rev": "21c1ca4e495923a2cddfbd8cd09523bc332957d8",
+        "rev": "f3fd3cef350362187cad17a23fee010be193630f",
        "type": "github"
      },
      "original": {
@ -526,11 +526,11 @@
    "rycee": {
      "flake": false,
      "locked": {
-        "lastModified": 1643342537,
-        "narHash": "sha256-pm37P9/AJbFILqxZzcS0dqdXkftJssyHs3Jk7pRY0gs=",
+        "lastModified": 1644552128,
+        "narHash": "sha256-lEr3ly9l+M/GL44m4krFUk5x7Xddc1WYwbUFUKLUBGk=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "2ce49ac394974b2fffcdaefc835042d111a3b836",
+        "rev": "b0bc3ed37a683a6a5beb569a13c927a71510643d",
        "type": "gitlab"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -15,6 +15,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    base16.url = "github:alukardbf/base16-nix";
+    # base16.url = "/home/alukard/projects/base16-nix";
    base16-horizon-scheme = {
      url = "github:michael-ball/base16-horizon-scheme";
      flake = false;
@ -77,7 +78,7 @@
    };
  };

-  outputs = { nixpkgs, nix, self, ... }@inputs:
+  outputs = { self, nixpkgs, nixpkgs-stable, ... }@inputs:
    let
      rebuild = (pkgs: pkgs.writeShellScriptBin "rebuild" ''
        if [[ -z $1 ]]; then
@ -113,30 +114,26 @@
      nixosConfigurations = with nixpkgs.lib;
        let
          hosts = builtins.attrNames (builtins.readDir ./machines);
-          mkHost = name:
-          let
+          mkHost = name: nixosSystem {
            system = builtins.readFile (./machines + "/${name}/system");
-          in nixosSystem {
-              system = system;
-              modules = [ (import (./machines + "/${name}")) { device = name; } ];
-              specialArgs = { inherit inputs; };
-            };
-        in genAttrs hosts mkHost;
+            modules = [ (import (./machines + "/${name}")) { device = name; } ];
+            specialArgs = { inherit inputs; };
+          };
+        in (genAttrs hosts mkHost) // {
+          NixOS-CT = nixpkgs-stable.lib.nixosSystem {
+            system = builtins.readFile (./machines + "/${name}/system");
+            modules = [ (import (./machines + "/${name}")) { device = name; } ];
+            specialArgs = { inherit inputs; };
+          };
+        };

      legacyPackages.x86_64-linux =
        (builtins.head (builtins.attrValues self.nixosConfigurations)).pkgs;
-      legacyPackages.aarch64-linux =
-        (builtins.head (builtins.attrValues self.nixosConfigurations)).pkgs;

      devShell.x86_64-linux = let
        pkgs = self.legacyPackages.x86_64-linux;
      in pkgs.mkShell {
        nativeBuildInputs = [ (rebuild pkgs) ];
      };
-      devShell.aarch64-linux = let
-        pkgs = self.legacyPackages.aarch64-linux;
-      in pkgs.mkShell {
-        nativeBuildInputs = [ (rebuild pkgs) ];
-      };
    };
 }
--- a/machines/NixOS-CT/default.nix
+++ b/machines/NixOS-CT/default.nix
@ -0,0 +1,31 @@
+{ inputs, lib, ... }: {
+  imports = with inputs.self.nixosModules; with inputs.self.nixosProfiles; [
+    ./hardware-configuration.nix
+    inputs.self.nixosRoles.container
+  ];
+
+  deviceSpecific.devInfo = {
+    cpu = {
+      vendor = "intel";
+      clock = 2300;
+      cores = 2;
+    };
+    drive = {
+      type = "hdd";
+      speed = 100;
+      size = 10;
+    };
+    gpu = {
+      vendor = "other";
+    };
+    bigScreen = false;
+    ram = 1;
+  };
+  deviceSpecific.enableVirtualisation = true;
+  deviceSpecific.wireguard.enable = false;
+  deviceSpecific.isServer = lib.mkForce true;
+
+  systemd.suppressedSystemUnits = [
+    "sys-kernel-debug.mount"
+  ];
+}
--- a/machines/NixOS-CT/hardware-configuration.nix
+++ b/machines/NixOS-CT/hardware-configuration.nix
@ -0,0 +1,3 @@
+{ config, lib, pkgs, modulesPath, ... }: {
+  imports = [ (modulesPath + "/virtualisation/lxc-container.nix") ];
+}
--- a/machines/NixOS-CT/system
+++ b/machines/NixOS-CT/system
@ -0,0 +1 @@
+x86_64-linux
--- a/modules/devices.nix
+++ b/modules/devices.nix
@ -41,6 +41,11 @@ with types; {
        default =
          !isNull (builtins.match ".*(Cloud|Server)" config.networking.hostName);
      };
+      isContainer = mkOption {
+        type = bool;
+        default =
+          !isNull (builtins.match ".*(CT|Container)" config.networking.hostName);
+      };
      isISO = mkOption {
        type = bool;
        default =
--- a/profiles/boot.nix
+++ b/profiles/boot.nix
@ -19,6 +19,7 @@ with config.deviceSpecific; {
        "rd.udev.log_priority=3"
        "pti=off"
        "spectre_v2=off"
+        "kvm.ignore_msrs=1"
      ];

    kernelPackages = pkgs.linuxPackages_zen;
--- a/profiles/nix/default.nix
+++ b/profiles/nix/default.nix
@ -25,7 +25,7 @@
      inputs.nix.defaultPackage.${pkgs.system}.overrideAttrs (oa: {
        patches = [ ./nix.patch ] ++ oa.patches or [ ];
      })
-    else pkgs.nixStable;
+    else pkgs.nixFlakes;

    extraOptions = ''
      experimental-features = nix-command flakes
--- a/profiles/overlay.nix
+++ b/profiles/overlay.nix
@ -32,7 +32,7 @@ with lib; {
        vscode-fhs = master.vscode-fhs;
        xonar-fp = pkgs.callPackage ./packages/xonar-fp.nix { };
        youtube-to-mpv = pkgs.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
-        vivaldi = stable.vivaldi;
+        vivaldi = master.vivaldi;
        wine = super.wineWowPackages.staging;
        pass-secret-service = super.pass-secret-service.overrideAttrs (_: { installCheckPhase = null; });
        qbittorrent = super.qbittorrent.overrideAttrs (old: rec {
--- a/profiles/security.nix
+++ b/profiles/security.nix
@ -46,7 +46,7 @@ with config.deviceSpecific; {
    ];
  };
  home-manager.users.alukard = {
-    systemd.user.services.polkit-agent = {
+    systemd.user.services.polkit-agent = lib.mkIf (!isServer) {
      Unit = {
        Description = "Run polkit authentication agent";
        X-RestartIfChanged = true;
@ -55,7 +55,6 @@ with config.deviceSpecific; {
      Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
    };
  };
-  home-manager.useUserPackages = true;
  systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
  services.getty.autologinUser = "alukard";
 }
--- a/profiles/workspace/gpg.nix
+++ b/profiles/workspace/gpg.nix
@ -1,5 +1,5 @@
 { config, ... }:
-{
+with config.deviceSpecific; {
  home-manager.users.alukard = {
    programs.gpg = {
      enable = true;
@ -8,7 +8,7 @@
    services.gpg-agent = {
      enable = true;
      enableSshSupport = true;
-      pinentryFlavor = "gnome3";
+      pinentryFlavor = if !isServer then "gnome3" else "curses";
      sshKeys = [
        "7A7130ABF128CC2C32B3D6AD27515056B0193CE1"
        "E6A6377C3D0827C36428A290199FDB3B91414AFE"
--- a/profiles/workspace/ssh.nix
+++ b/profiles/workspace/ssh.nix
@ -1,10 +1,10 @@
-{ pkgs, lib, config, ... }: {
-
+{ pkgs, lib, config, ... }:
+with config.deviceSpecific; {
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    permitRootLogin = "no";
-    forwardX11 = true;
+    forwardX11 = !isServer;
    extraConfig = "StreamLocalBindUnlink yes";
    ports = [ 22 ];
  };
@ -20,12 +20,16 @@
        "*" = {
          compression = false;
        };
-        "oracle-cloud" = {
-          hostname = "ataraxia.1337.cx";
+        "proxmox.pve" = {
+          hostname = "192.168.0.10";
+          user = "root";
+        };
+        "matrix.pve" = {
+          hostname = "192.168.0.11";
          user = "alukard";
        };
-        "oracle-arm" = {
-          hostname = "ataraxiadev.1337.cx";
+        "nixos.pve" = {
+          hostname = "192.168.0.12";
          user = "alukard";
        };
      };
--- a/roles/container.nix
+++ b/roles/container.nix
@ -0,0 +1,24 @@
+{ inputs, pkgs, ... }: {
+  imports = with inputs.self.nixosModules; with inputs.self.nixosProfiles; [
+    inputs.home-manager.nixosModules.home-manager {
+      home-manager.useGlobalPkgs = true;
+      home-manager.useUserPackages = true;
+    }
+
+    devices
+    git
+    gpg
+    locale
+    misc
+    network
+    nix
+    overlay
+    secrets
+    secrets-envsubst
+    security
+    ssh
+    zsh
+  ];
+
+  environment.systemPackages = [ pkgs.kitty ];
+}
--- a/roles/default.nix
+++ b/roles/default.nix
@ -3,4 +3,5 @@
  desktop = ./desktop.nix;
  base = ./base.nix;
  workstation = ./workstation.nix;
+  container = ./container.nix;
 }