nixos-config/hosts/sarek/configuration.nix

{ config, pkgs, lib, modulesPath, ... }:

{
  imports =
    [
      (modulesPath + "/virtualisation/proxmox-lxc.nix")
      ../../base.nix
      ../../common/metrics-exporters.nix

      ./services/flame.nix
      ./services/hedgedoc.nix
      ./services/nginx.nix
      ./services/postgresql.nix
  ];

  # Boot and console is handled by proxmoxLXC.
  boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.

  # Override proxmox networking
  proxmoxLXC.manageNetwork = true;
  networking = {
    hostName = "sarek";
    defaultGateway = "192.168.10.1";
    interfaces."eth0".ipv4 = {
      addresses = [
        { address = "192.168.10.181"; prefixLength = 24; }
      ];
    };
    hostId = "15dd36bc";
  };

  sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
  virtualisation.docker.enable = true;
  virtualisation.oci-containers.backend = "docker";

  # Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers
  system.activationScripts.var = lib.mkForce ''
    # Various log/runtime directories.
    mkdir -p /var/tmp
    chmod 1777 /var/tmp
    # Empty, immutable home directory of many system accounts.
    mkdir -p /var/empty
    # Make sure it's really empty
    ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
    find /var/empty -mindepth 1 -delete
    chmod 0555 /var/empty
    chown root:root /var/empty
    ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
  '';
  systemd.tmpfiles.rules = lib.mkForce [];

  system.stateVersion = "23.05";
}
Add sarek and related NFS shares 2023-10-03 01:25:33 +02:00			`{ config, pkgs, lib, modulesPath, ... }:`

			`{`
			`imports =`
			`[`
			`(modulesPath + "/virtualisation/proxmox-lxc.nix")`
			`../../base.nix`
			`../../common/metrics-exporters.nix`
sarek: initialize postgresql 2023-10-05 22:14:29 +02:00
sarek: remove jupyter 2023-12-16 16:45:59 +01:00			`./services/flame.nix`
			`./services/hedgedoc.nix`
sarek: intialize service config. Move firewall to base.nix 2023-10-05 23:44:58 +02:00			`./services/nginx.nix`
sarek: initialize postgresql 2023-10-05 22:14:29 +02:00			`./services/postgresql.nix`
Add sarek and related NFS shares 2023-10-03 01:25:33 +02:00			`];`

sarek: Manually configure networking 2023-10-05 22:05:09 +02:00			`# Boot and console is handled by proxmoxLXC.`
Add sarek and related NFS shares 2023-10-03 01:25:33 +02:00			`boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.`
sarek: Manually configure networking 2023-10-05 22:05:09 +02:00
			`# Override proxmox networking`
			`proxmoxLXC.manageNetwork = true;`
			`networking = {`
			`hostName = "sarek";`
			`defaultGateway = "192.168.10.1";`
			`interfaces."eth0".ipv4 = {`
			`addresses = [`
			`{ address = "192.168.10.181"; prefixLength = 24; }`
			`];`
			`};`
			`hostId = "15dd36bc";`
			`};`
Add sarek and related NFS shares 2023-10-03 01:25:33 +02:00
sarek: intialize service config. Move firewall to base.nix 2023-10-05 23:44:58 +02:00			`sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;`
Flake -> 23.05. Patch/update sarek 2023-12-16 17:38:22 +01:00			`virtualisation.docker.enable = true;`
			`virtualisation.oci-containers.backend = "docker";`

			`# Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers`
			`system.activationScripts.var = lib.mkForce ''`
			`# Various log/runtime directories.`
			`mkdir -p /var/tmp`
			`chmod 1777 /var/tmp`
			`# Empty, immutable home directory of many system accounts.`
			`mkdir -p /var/empty`
			`# Make sure it's really empty`
			`${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty \|\| true`
			`find /var/empty -mindepth 1 -delete`
			`chmod 0555 /var/empty`
			`chown root:root /var/empty`
			`${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty \|\| true`
			`'';`
			`systemd.tmpfiles.rules = lib.mkForce [];`
Add sarek and related NFS shares 2023-10-03 01:25:33 +02:00
			`system.stateVersion = "23.05";`
			`}`