diff --git a/configs/nixos/common.nix b/configs/nixos/common.nix index 1299677..74baa54 100644 --- a/configs/nixos/common.nix +++ b/configs/nixos/common.nix @@ -3,6 +3,7 @@ pkgs, inputs, outputs, + lib, ... }: { nix = { @@ -24,6 +25,16 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; + time.timeZone = lib.mkDefault "America/Chicago"; + # Select internationalisation properties. + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + + # Configure keymap in X11 + services.xserver = { + xkb.layout = lib.mkDefault "us"; + xkb.variant = lib.mkDefault ""; + }; + # packages that should be on every system. environment.systemPackages = with pkgs; [ neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. diff --git a/configs/nixos/sshd.nix b/configs/nixos/sshd.nix index 11a8ad1..310cfcc 100644 --- a/configs/nixos/sshd.nix +++ b/configs/nixos/sshd.nix @@ -3,6 +3,8 @@ pkgs, inputs, outputs, + configLib, + lib, ... }: { services.openssh = { @@ -14,6 +16,9 @@ environment.systemPackages = with pkgs; [ kitty.terminfo ]; + + users.users.root.openssh.authorizedKeys.keys = + lib.mkDefault (configLib.dirToStrings "${inputs.nix-secrets}/public-keys"); # if it can log into root, it should also be able to log in to the main user. users.users.${config.host.user}.openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; diff --git a/flake.lock b/flake.lock index 7f30b4d..19a069c 100644 --- a/flake.lock +++ b/flake.lock @@ -254,6 +254,42 @@ "url": "ssh://git@git.venberg.xyz:7920/Gabe/nix-secrets.git" } }, + "nixlib": { + "locked": { + "lastModified": 1712450863, + "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716210724, + "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": [ @@ -379,6 +415,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "nix-secrets": "nix-secrets", + "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index e8b9e1d..c7620a4 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,11 @@ inputs.flake-compat.follows = "flake-compat"; }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + #https://unmovedcentre.com/technology/2024/03/22/secrets-management.html sops-nix = { url = "github:mic92/sops-nix"; @@ -103,6 +108,8 @@ "gabe@gv-ubuntu" = import ./hosts/home-workstation.nix {inherit inputs outputs configLib;}; }; + packages.x86_64-linux.proxmox = import ./packages/proxmox.nix {inherit inputs outputs configLib;}; + templates = import ./templates {inherit inputs outputs;}; }; } diff --git a/hosts/archlaptop-vm/default.nix b/hosts/archlaptop-vm/default.nix index e4a880c..14b8aca 100644 --- a/hosts/archlaptop-vm/default.nix +++ b/hosts/archlaptop-vm/default.nix @@ -31,20 +31,6 @@ inputs.nixpkgs.lib.nixosSystem { isVm = true; }; networking.hostName = "archlaptop-vm"; # Define your hostname. - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - # Configure keymap in X11 - services.xserver = { - xkb.layout = "us"; - xkb.variant = ""; - }; - - users.users.root.openssh.authorizedKeys.keys = - configLib.dirToStrings "${inputs.nix-secrets}/public-keys"; programs.zsh.enable = true; environment.shells = with pkgs; [zsh]; @@ -95,8 +81,6 @@ inputs.nixpkgs.lib.nixosSystem { }; }; }; - # Enable the OpenSSH daemon. - services.openssh.enable = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/packages/proxmox.nix b/packages/proxmox.nix new file mode 100644 index 0000000..25d1f49 --- /dev/null +++ b/packages/proxmox.nix @@ -0,0 +1,60 @@ +{ + inputs, + outputs, + configLib, + ... +}: +inputs.nixos-generators.nixosGenerate { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs configLib;}; + format = "proxmox-lxc"; + modules = [ + inputs.home-manager.nixosModules.home-manager + ../configs/nixos/sshd.nix + ../configs/nixos/common.nix + ({ + config, + pkgs, + configLib, + modulesPath, + ... + }: { + imports = [(modulesPath + "/virtualisation/proxmox-lxc.nix")]; + proxmoxLXC.manageHostName = false; + host.user = "gabe"; + + programs.zsh.enable = true; + environment.shells = with pkgs; [zsh]; + users.users.${config.host.user} = { + isNormalUser = true; + description = "Gabe Venberg"; + shell = pkgs.zsh; + extraGroups = ["wheel"]; + }; + + home-manager.users.${config.host.user} = { + inputs, + osConfig, + ... + }: { + host = osConfig.host; + user = { + git = { + profile = { + name = "Gabe Venberg"; + email = "gabevenberg@gmail.com"; + }; + workProfile.enable = false; + }; + }; + imports = [ + ../roles/home-manager/minimal-terminal.nix + ../configs/home-manager/common.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + + system.stateVersion = "24.05"; + }) + ]; +}