rob/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

working backup

Browse source
This commit is contained in:
Robert Perce 2025-08-25 23:20:08 -05:00
parent 6d3532bc16
commit e2e7ffb75e
4 changed files with 176 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

203
vm-base.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, modulesPath, lib, ... }:
{
config,
pkgs,
modulesPath,
lib,
...
}:
{
imports = [
@ -27,105 +33,116 @@
};
};
config = let cfg = config.my.vm; in {
proxmox.qemuConf.name = cfg.name;
# virtualisation.diskSize = 10240; # MiB
proxmox.qemuConf.diskSize = "auto";
config =
let
cfg = config.my.vm;
in
{
proxmox.qemuConf.name = cfg.name;
virtualisation.diskSize = "auto";
# Enable QEMU Guest for Proxmox
services.qemuGuest.enable = lib.mkDefault true;
# Enable QEMU Guest for Proxmox
services.qemuGuest.enable = lib.mkDefault true;
# Use the boot drive for grub
boot.loader.grub.enable = lib.mkDefault true;
boot.loader.grub.devices = [ "nodev" ];
# Use the boot drive for grub
boot.loader.grub.enable = lib.mkDefault true;
boot.loader.grub.devices = [ "nodev" ];
boot.growPartition = lib.mkDefault true;
boot.growPartition = lib.mkDefault true;
# Allow remote updates with flakes and non-root users
nix.settings.trusted-users = [ "root" "@wheel" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Allow remote updates with flakes and non-root users
nix.settings.trusted-users = [
"root"
"@wheel"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Enable mDNS for `hostname.local` addresses
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
services.avahi.publish = {
enable = true;
addresses = true;
};
# Some sane packages we need on every system
environment.systemPackages = with pkgs; [
vim
git # for pulling nix flakes
];
# doing it here opens udp port _and_ installs package
programs.mosh.enable = true;
# Don't ask for passwords
security.sudo.wheelNeedsPassword = false;
# Don't use cloud-init
services.cloud-init.network.enable = lib.mkForce false;
networking = {
hostName = cfg.name;
nameservers = ["192.168.0.1"];
interfaces.${cfg.iface} = {
ipv4.addresses = [{
address = cfg.ip4;
prefixLength = 24;
}];
# Enable mDNS for `hostname.local` addresses
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
services.avahi.publish = {
enable = true;
addresses = true;
};
defaultGateway = {
address = "192.168.0.1";
interface = "${cfg.iface}";
# Some sane packages we need on every system
environment.systemPackages = with pkgs; [
vim
git # for pulling nix flakes
];
# doing it here opens udp port _and_ installs package
programs.mosh.enable = true;
# Don't ask for passwords
security.sudo.wheelNeedsPassword = false;
# Don't use cloud-init
services.cloud-init.network.enable = lib.mkForce false;
networking = {
hostName = cfg.name;
nameservers = [ "192.168.0.1" ];
interfaces.${cfg.iface} = {
ipv4.addresses = [
{
address = cfg.ip4;
prefixLength = 24;
}
];
};
defaultGateway = {
address = "192.168.0.1";
interface = "${cfg.iface}";
};
defaultGateway6 = {
address = "fe80::1";
interface = "${cfg.iface}";
};
};
defaultGateway6 = {
address = "fe80::1";
interface = "${cfg.iface}";
# Enable ssh
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.startAgent = true;
# Enable prometheus metrics export
networking.firewall.allowedTCPPorts = [ 9100 ];
services.prometheus.exporters.node = {
enable = true;
port = 9100;
enabledCollectors = [ "systemd" ];
};
# Add an admin user
users.users.admin = {
isNormalUser = true;
description = "Robert Perce";
extraGroups = [ "wheel" ];
};
users.users.admin.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
];
# Default filesystem
fileSystems."/" = lib.mkDefault {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
fileSystems."/mnt/nfs" = lib.mkDefault {
device = "192.168.0.3:/";
fsType = "nfs";
};
system.stateVersion = lib.mkDefault "24.11";
};
# Enable ssh
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.startAgent = true;
# Enable prometheus metrics export
networking.firewall.allowedTCPPorts = [ 9100 ];
services.prometheus.exporters.node = {
enable = true;
port = 9100;
enabledCollectors = ["systemd"];
};
# Add an admin user
users.users.admin = {
isNormalUser = true;
description = "Robert Perce";
extraGroups = [ "wheel" ];
};
users.users.admin.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
];
# Default filesystem
fileSystems."/" = lib.mkDefault {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
fileSystems."/mnt/nfs" = lib.mkDefault {
device = "192.168.0.3:/";
fsType = "nfs";
};
system.stateVersion = lib.mkDefault "24.11";
};
}