feat: enable better seperation of lxc dependencies

applications/proxmox-lxc.nix

@@ -0,0 +1,93 @@
+/*
+Once https://github.com/NixOS/nixpkgs/pull/267764 is merged this can be removed
+*/
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; {
+  options.proxmoxLXC = {
+    enable = mkOption {
+      default = true;
+      type = types.bool;
+      description = lib.mdDoc "Whether to enable the ProxmoxLXC.";
+    };
+    privileged = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to enable privileged mounts
+      '';
+    };
+    manageNetwork = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to manage network interfaces through nix options
+        When false, systemd-networkd is enabled to accept network
+        configuration from proxmox.
+      '';
+    };
+    manageHostName = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to manage hostname through nix options
+        When false, the hostname is picked up from /etc/hostname
+        populated by proxmox.
+      '';
+    };
+  };
+
+  config = let
+    cfg = config.proxmoxLXC;
+  in
+    mkIf cfg.enable {
+      system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
+        storeContents = [
+          {
+            object = config.system.build.toplevel;
+            symlink = "none";
+          }
+        ];
+
+        contents = [
+          {
+            source = config.system.build.toplevel + "/init";
+            target = "/sbin/init";
+          }
+        ];
+
+        extraCommands = "mkdir -p root etc/systemd/network";
+      };
+
+      boot = {
+        isContainer = true;
+        loader.initScript.enable = true;
+      };
+
+      networking = mkIf (!cfg.manageNetwork) {
+        useDHCP = false;
+        useHostResolvConf = false;
+        useNetworkd = true;
+        # pick up hostname from /etc/hostname generated by proxmox
+        hostName = mkIf (!cfg.manageHostName) (mkForce "");
+      };
+
+      services.openssh = {
+        enable = mkDefault true;
+        startWhenNeeded = mkDefault true;
+      };
+
+      systemd.mounts =
+        mkIf (!cfg.privileged)
+        [
+          {
+            where = "/sys/kernel/debug";
+            enable = false;
+          }
+        ];
+    };
+}

machines/_base.nix

@@ -4,9 +4,17 @@
   config,
   options,
   inputs,
+  lib,
   ...
-}: {
+}:
+with lib; let
+  cfg = config.skynet;
+in {
   imports = [
+    # custom lxc mocule until the patch gets merged in
+    ../applications/proxmox-lxc.nix
+    # (modulesPath + "/virtualisation/proxmox-lxc.nix")
+
     # for the secrets
     inputs.agenix.nixosModules.default
 
@@ -23,7 +31,18 @@
     ../applications/restic.nix
   ];
 
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  options.skynet = {
+    lxc = mkOption {
+      type = types.bool;
+      # most of our servers are lxc so its true by default
+      default = true;
+      description = mdDoc "Is this a Linux Container?";
+    };
+  };
+
+  config = {
+    # if its a lxc enable
+    proxmoxLXC.enable = cfg.lxc;
 
     nix = {
       settings = {
@@ -113,4 +132,5 @@
       pkgs.openldap
       pkgs.screen
     ];
+  };
 }

machines/cadie.nix

@@ -12,7 +12,6 @@ Notes:
   pkgs,
   lib,
   nodes,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -21,7 +20,6 @@ Notes:
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/nextcloud.nix
   ];
 

machines/earth.nix

@@ -13,7 +13,6 @@ Notes:
   lib,
   nodes,
   inputs,
-  modulesPath,
   ...
 }: let
   name = "earth";
@@ -21,7 +20,6 @@ Notes:
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/skynet.ie.nix
   ];
 

machines/galatea.nix

@@ -13,7 +13,6 @@ Notes:
   lib,
   nodes,
   config,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -22,7 +21,6 @@ Notes:
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/ulfm.nix
   ];
 

machines/gir.nix

@@ -12,7 +12,6 @@ Notes:
   pkgs,
   lib,
   nodes,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -22,7 +21,6 @@ Notes:
   #hostname  = ip_pub;
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/email.nix
   ];
 

machines/glados.nix

@@ -13,7 +13,6 @@ Notes:    Each user has roughly 20gb os storage
   pkgs,
   lib,
   nodes,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -22,7 +21,6 @@ Notes:    Each user has roughly 20gb os storage
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/gitlab.nix
   ];
 

machines/hardware/_base.nix

@@ -11,6 +11,8 @@ with lib; let
   has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0;
 in {
   config = {
+    skynet.lxc = false;
+
     assertions = [
       {
         assertion = lists.any has_ip interfaces;

machines/kitt.nix

@@ -12,7 +12,6 @@ Notes:
   pkgs,
   lib,
   nodes,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -22,7 +21,6 @@ Notes:
   #hostname  = ip_pub;
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/ldap/server.nix
     ../applications/discord.nix
     ../applications/bitwarden/vaultwarden.nix

machines/optimus.nix

@@ -13,7 +13,6 @@ Notes:
   lib,
   nodes,
   arion,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -22,7 +21,6 @@ Notes:
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/games.nix
   ];
 

machines/skynet.nix

@@ -13,7 +13,6 @@ Notes:    Does not host offical sites
   lib,
   nodes,
   inputs,
-  modulesPath,
   ...
 }: let
   name = "skynet";
@@ -23,7 +22,6 @@ Notes:    Does not host offical sites
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/skynet_users.nix
   ];
 

machines/vigil.nix

@@ -12,7 +12,6 @@ Notes:
   pkgs,
   lib,
   nodes,
-  modulesPath,
   ...
 }: let
   name = "vigil";
@@ -20,7 +19,6 @@ Notes:
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
   ];
 
   deployment = {

machines/wheatly.nix

@@ -12,7 +12,6 @@ Notes:
   pkgs,
   lib,
   nodes,
-  modulesPath,
   ...
 }: let
   # name of the server, sets teh hostname and record for it
@@ -21,7 +20,6 @@ Notes:
   hostname = "${name}.skynet.ie";
 in {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../applications/gitlab_runner.nix
   ];