metrics lxc

2025-08-23 23:14:40 -05:00 · 2025-08-23 23:14:40 -05:00 · 02596b8624
commit 02596b8624
parent 0559c57556
7 changed files with 222 additions and 20 deletions
--- a/10
+++ b/10
@ -12,7 +12,11 @@ build() {

 dump() {
  build "$@"
-  sudo cp -f result/vzdump* /mnt/share/proxmox/dump/
+  if [ -a "vm-$1.nix" ]; then
+    sudo cp -f result/vzdump* /mnt/share/proxmox/dump/
+  elif [ -a "lxc-$1.nix" ]; then
+    sudo cp -f result/tarball/nixos-system-x86_64-linux.tar.xz "/mnt/share/proxmox/dump/$1.tar.xz"
+  fi
 }

 get-ip() {
@ -20,8 +24,10 @@ get-ip() {
  if [[ "$file" = "proxmox" ]]; then
    echo 192.168.0.3
    return
-  elif [[ "$file" != *.nix ]]; then
+  elif [[ "$file" != *.nix && -a "vm-$1.nix" ]]; then
    file="vm-$1.nix"
+  elif [[ "$file" != *.nix && -a "lxc-$1.nix" ]]; then
+    file="lxc-$1.nix"
  fi
  grep ip4 "$file" | grep -Po "[0-9]+(\.[0-9]+){3}"
 }
--- a/flake.lock
+++ b/flake.lock
@ -3,11 +3,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1733328505,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
@ -41,11 +41,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1748051893,
-        "narHash": "sha256-KV6bgVHPzb9ymVk9WDRX1lkkeoZETMbS/MyPpIOUWVo=",
+        "lastModified": 1755914134,
+        "narHash": "sha256-RZNriojTbxeuCcytq/RlXQ7xJIDZPzGScPxWRft2fbM=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "a600d058c19e1668db6ba759ecc4cfd154079ab5",
+        "rev": "f4f58df48f0ebd1c898a043790cd58dd95bc272c",
        "type": "github"
      },
      "original": {
@ -56,11 +56,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1742889210,
-        "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
+        "lastModified": 1748929857,
+        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
+        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
        "type": "github"
      },
      "original": {
@ -72,16 +72,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1747862697,
-        "narHash": "sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0=",
+        "lastModified": 1755704039,
+        "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2baa12ff69913392faf0ace833bc54bba297ea95",
+        "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -1,13 +1,13 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
    nix-minecraft.url = "github:Infinidoge/nix-minecraft";
  };

 outputs = { self, nixpkgs, ... }@inputs:
  let
    system = "x86_64-linux";
-    nixos = path: nixpkgs.lib.nixosSystem {
+    nixos-vma = path: nixpkgs.lib.nixosSystem {
      specialArgs = { inherit system inputs; };
      modules = [
        "${nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
@ -15,16 +15,27 @@ outputs = { self, nixpkgs, ... }@inputs:
        path
      ];
    };
+    nixos-lxc = path: nixpkgs.lib.nixosSystem {
+      specialArgs = { inherit system inputs; };
+      modules = [
+        "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
+        { nixpkgs.hostPlatform = "${system}"; }
+        path
+      ];
+    };
    image = name: self.nixosConfigurations.${name}.config.system.build.VMA;
+    lxc = name: self.nixosConfigurations.${name}.config.system.build.tarball;
  in {
    nixosConfigurations = {
-      majcraft = nixos ./vm-majcraft.nix;
-      homelab = nixos ./vm-homelab.nix;
+      majcraft = nixos-vma ./vm-majcraft.nix;
+      homelab = nixos-vma ./vm-homelab.nix;
+      metrics = nixos-lxc ./lxc-metrics.nix;
    };

    packages.${system} = {
      majcraft = image "majcraft";
      homelab = image "homelab";
+      metrics = lxc "metrics";
    };
  };
 }
--- a/lxc-base.nix
+++ b/lxc-base.nix
@ -0,0 +1,116 @@
+{ config, pkgs, modulesPath, lib, ... }:
+
+{
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+  ];
+
+  options.my.vm = {
+    name = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      example = "hello01";
+      description = "Used for vm name and hostname";
+    };
+
+    iface = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "ens18";
+      example = "ens18";
+      description = "Interface on which static IP is bound";
+    };
+
+    ip4 = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      example = "192.168.0.42";
+      description = "Static IP for this VM";
+    };
+  };
+
+  config = let cfg = config.my.vm; in {
+    proxmoxLXC = {
+      enable = true;
+    };
+
+    # Allow remote updates with flakes and non-root users
+    nix.settings.trusted-users = [ "root" "@wheel" ];
+    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+    # Enable mDNS for `hostname.local` addresses
+    services.avahi.enable = true;
+    services.avahi.nssmdns4 = true;
+    services.avahi.publish = {
+      enable = true;
+      addresses = true;
+    };
+
+    # Some sane packages we need on every system
+    environment.systemPackages = with pkgs; [
+      vim
+      git  # for pulling nix flakes
+    ];
+
+    # doing it here opens udp port _and_ installs package
+    programs.mosh.enable = true;
+
+    # Don't ask for passwords
+    security.sudo.wheelNeedsPassword = false;
+
+    # Don't use cloud-init
+    services.cloud-init.network.enable = lib.mkForce false;
+    networking = {
+      hostName = cfg.name;
+      nameservers = ["192.168.0.1"];
+      interfaces.${cfg.iface} = {
+        ipv4.addresses = [{
+          address = cfg.ip4;
+          prefixLength = 24;
+        }];
+      };
+      defaultGateway = {
+        address = "192.168.0.1";
+        interface = "${cfg.iface}";
+      };
+      defaultGateway6 = {
+        address = "fe80::1";
+        interface = "${cfg.iface}";
+      };
+    };
+
+    # Enable ssh
+    services.openssh = {
+      enable = true;
+      settings.PasswordAuthentication = false;
+      settings.KbdInteractiveAuthentication = false;
+    };
+    programs.ssh.startAgent = true;
+
+    # Enable prometheus metrics export
+    networking.firewall.allowedTCPPorts = [ 9100 ];
+    services.prometheus.exporters.node = {
+      enable = true;
+      port = 9100;
+      enabledCollectors = ["systemd"];
+    };
+
+    # Add an admin user
+    users.users.admin = {
+      isNormalUser = true;
+      description = "Robert Perce";
+      extraGroups = [ "wheel" ];
+    };
+
+    users.users.admin.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
+    ];
+
+    # Default filesystem
+    fileSystems."/" = lib.mkDefault {
+      device = "/dev/disk/by-label/nixos";
+      autoResize = true;
+      fsType = "ext4";
+    };
+
+    system.stateVersion = lib.mkDefault "24.11";
+  };
+}
--- a/lxc-metrics.nix
+++ b/lxc-metrics.nix
@ -0,0 +1,61 @@
+{ config, inputs, pkgs, ... }:
+
+{
+  imports = [
+    ./lxc-base.nix
+  ];
+
+  config = {
+    my.vm = {
+      name = "metrics01";
+      ip4 = "192.168.0.6";
+    };
+
+    # environment.systemPackages = with pkgs; [
+
+    # ]
+    networking.extraHosts = ''
+      192.168.0.2    xalicas
+      192.168.0.3    proxmox
+      192.168.0.4    craft01
+      192.168.0.5    lab01
+      192.168.0.6    metrics01
+      192.168.0.100  unifi
+    '';
+
+    networking.firewall.allowedTCPPorts = [ 3000 ];
+
+    services.grafana = {
+      enable = true;
+      settings = {
+        server = {
+          http_addr = "0.0.0.0";
+          http_port = 3000;
+
+          enable_gzip = true;
+          enforce_domain = false;
+          domain = "metrics.rperce.net";
+        };
+      };
+    };
+
+    services.prometheus = {
+      enable = true;
+      port = 9001;
+      scrapeConfigs = [
+        { job_name = "nodes";
+          static_configs = [{
+            targets = [
+              "xalicas:9100"
+              "proxmox:9100"
+              "craft01:9100"
+              "lab01:9100"
+              "127.0.0.1:9100"
+              "unifi:9100"
+            ];
+          }];
+        }
+      ];
+    };
+  };
+}
--- a/recipes/proxmox-nag.bash
+++ b/recipes/proxmox-nag.bash
@ -0,0 +1,8 @@
+echo '$ run ssh proxmox'
+echo '$ su # with "proxmox root" pw'
+echo '$ vi /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js'
+echo '/No valid'
+echo '?!== .active'
+echo 'x'
+echo ':wq'
+echo 'systemctl restart pveproxy'
--- a/vm-homelab.nix
+++ b/vm-homelab.nix
@ -36,7 +36,7 @@
          reverse_proxy http://192.168.0.2:2283
        '';
        "metrics.rperce.net".extraConfig = ''
-          reverse_proxy http://192.168.0.2:3000
+          reverse_proxy http://192.168.0.6:3000
        '';
        "jellyfin.rperce.net".extraConfig = ''
          reverse_proxy http://192.168.0.2:8096