feat: enable better seperation of lxc dependencies

2023-11-16 01:09:35 +00:00 · 2023-11-16 01:09:35 +00:00 · 4c0f3a1645
commit 4c0f3a1645
parent 4a95e48179
13 changed files with 196 additions and 101 deletions
--- a/applications/proxmox-lxc.nix
+++ b/applications/proxmox-lxc.nix
@ -0,0 +1,93 @@
+/*
+Once https://github.com/NixOS/nixpkgs/pull/267764 is merged this can be removed
+*/
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; {
+  options.proxmoxLXC = {
+    enable = mkOption {
+      default = true;
+      type = types.bool;
+      description = lib.mdDoc "Whether to enable the ProxmoxLXC.";
+    };
+    privileged = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to enable privileged mounts
+      '';
+    };
+    manageNetwork = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to manage network interfaces through nix options
+        When false, systemd-networkd is enabled to accept network
+        configuration from proxmox.
+      '';
+    };
+    manageHostName = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to manage hostname through nix options
+        When false, the hostname is picked up from /etc/hostname
+        populated by proxmox.
+      '';
+    };
+  };
+
+  config = let
+    cfg = config.proxmoxLXC;
+  in
+    mkIf cfg.enable {
+      system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
+        storeContents = [
+          {
+            object = config.system.build.toplevel;
+            symlink = "none";
+          }
+        ];
+
+        contents = [
+          {
+            source = config.system.build.toplevel + "/init";
+            target = "/sbin/init";
+          }
+        ];
+
+        extraCommands = "mkdir -p root etc/systemd/network";
+      };
+
+      boot = {
+        isContainer = true;
+        loader.initScript.enable = true;
+      };
+
+      networking = mkIf (!cfg.manageNetwork) {
+        useDHCP = false;
+        useHostResolvConf = false;
+        useNetworkd = true;
+        # pick up hostname from /etc/hostname generated by proxmox
+        hostName = mkIf (!cfg.manageHostName) (mkForce "");
+      };
+
+      services.openssh = {
+        enable = mkDefault true;
+        startWhenNeeded = mkDefault true;
+      };
+
+      systemd.mounts =
+        mkIf (!cfg.privileged)
+        [
+          {
+            where = "/sys/kernel/debug";
+            enable = false;
+          }
+        ];
+    };
+}
--- a/machines/_base.nix
+++ b/machines/_base.nix
@ -4,9 +4,17 @@
  config,
  options,
  inputs,
+  lib,
  ...
-}: {
+}:
+with lib; let
+  cfg = config.skynet;
+in {
  imports = [
+    # custom lxc mocule until the patch gets merged in
+    ../applications/proxmox-lxc.nix
+    # (modulesPath + "/virtualisation/proxmox-lxc.nix")
+
    # for the secrets
    inputs.agenix.nixosModules.default

@ -23,7 +31,18 @@
    ../applications/restic.nix
  ];

-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  options.skynet = {
+    lxc = mkOption {
+      type = types.bool;
+      # most of our servers are lxc so its true by default
+      default = true;
+      description = mdDoc "Is this a Linux Container?";
+    };
+  };
+
+  config = {
+    # if its a lxc enable
+    proxmoxLXC.enable = cfg.lxc;

    nix = {
      settings = {
@ -113,4 +132,5 @@
      pkgs.openldap
      pkgs.screen
    ];
+  };
 }
--- a/machines/cadie.nix
+++ b/machines/cadie.nix
@ -12,7 +12,6 @@ Notes:
  pkgs,
  lib,
  nodes,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -21,7 +20,6 @@ Notes:
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/nextcloud.nix
  ];

--- a/machines/earth.nix
+++ b/machines/earth.nix
@ -13,7 +13,6 @@ Notes:
  lib,
  nodes,
  inputs,
-  modulesPath,
  ...
 }: let
  name = "earth";
@ -21,7 +20,6 @@ Notes:
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/skynet.ie.nix
  ];

--- a/machines/galatea.nix
+++ b/machines/galatea.nix
@ -13,7 +13,6 @@ Notes:
  lib,
  nodes,
  config,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -22,7 +21,6 @@ Notes:
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/ulfm.nix
  ];

--- a/machines/gir.nix
+++ b/machines/gir.nix
@ -12,7 +12,6 @@ Notes:
  pkgs,
  lib,
  nodes,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -22,7 +21,6 @@ Notes:
  #hostname  = ip_pub;
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/email.nix
  ];

--- a/machines/glados.nix
+++ b/machines/glados.nix
@ -13,7 +13,6 @@ Notes:    Each user has roughly 20gb os storage
  pkgs,
  lib,
  nodes,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -22,7 +21,6 @@ Notes:    Each user has roughly 20gb os storage
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/gitlab.nix
  ];

--- a/machines/hardware/_base.nix
+++ b/machines/hardware/_base.nix
@ -11,6 +11,8 @@ with lib; let
  has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0;
 in {
  config = {
+    skynet.lxc = false;
+
    assertions = [
      {
        assertion = lists.any has_ip interfaces;
--- a/machines/kitt.nix
+++ b/machines/kitt.nix
@ -12,7 +12,6 @@ Notes:
  pkgs,
  lib,
  nodes,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -22,7 +21,6 @@ Notes:
  #hostname  = ip_pub;
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/ldap/server.nix
    ../applications/discord.nix
    ../applications/bitwarden/vaultwarden.nix
--- a/machines/optimus.nix
+++ b/machines/optimus.nix
@ -13,7 +13,6 @@ Notes:
  lib,
  nodes,
  arion,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -22,7 +21,6 @@ Notes:
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/games.nix
  ];

--- a/machines/skynet.nix
+++ b/machines/skynet.nix
@ -13,7 +13,6 @@ Notes:    Does not host offical sites
  lib,
  nodes,
  inputs,
-  modulesPath,
  ...
 }: let
  name = "skynet";
@ -23,7 +22,6 @@ Notes:    Does not host offical sites
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/skynet_users.nix
  ];

--- a/machines/vigil.nix
+++ b/machines/vigil.nix
@ -12,7 +12,6 @@ Notes:
  pkgs,
  lib,
  nodes,
-  modulesPath,
  ...
 }: let
  name = "vigil";
@ -20,7 +19,6 @@ Notes:
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
  ];

  deployment = {
--- a/machines/wheatly.nix
+++ b/machines/wheatly.nix
@ -12,7 +12,6 @@ Notes:
  pkgs,
  lib,
  nodes,
-  modulesPath,
  ...
 }: let
  # name of the server, sets teh hostname and record for it
@ -21,7 +20,6 @@ Notes:
  hostname = "${name}.skynet.ie";
 in {
  imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../applications/gitlab_runner.nix
  ];