generate pxvirt lxc template tar

move more stuf out of flake.nix
move host specific module imports into hosts default.nix
2026-01-03 18:45:55 +01:00 · 2026-01-03 18:44:59 +01:00 · 2025-12-11 21:13:48 +01:00
11 changed files with 243 additions and 126 deletions
--- a/flake.lock
+++ b/flake.lock
@ -440,6 +440,42 @@
        "type": "github"
      }
    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764234087,
+        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1764522689,
@ -561,6 +597,7 @@
        "niri": "niri",
        "nix-filter": "nix-filter",
        "nix-vscode-extensions": "nix-vscode-extensions",
+        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nur": "nur",
--- a/flake.nix
+++ b/flake.nix
@ -31,6 +31,10 @@
      url = "github:nix-community/nix-vscode-extensions";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    nur = {
      url = "github:nix-community/NUR";
      inputs = {
@ -80,7 +84,7 @@
  };

  outputs =
-    {
+    inputs@{
      self,
      nixpkgs,
      home-manager,
@ -88,6 +92,7 @@
      lanzaboote,
      niri,
      nix-vscode-extensions,
+      nixos-generators,
      nixpkgs-unstable,
      servicepoint-cli,
      servicepoint-simulator,
@ -102,49 +107,18 @@
      devices = {
        vinzenz-lpt2 = {
          system = "x86_64-linux";
-          additional-modules = [
-            self.nixosModules.user-vinzenz
-
-            self.nixosModules.gnome
-            self.nixosModules.wine-gaming
-            self.nixosModules.steam
-            self.nixosModules.podman
-            self.nixosModules.vinzenz-desktop-settings
-            self.nixosModules.intel-graphics
-            self.nixosModules.secure-boot
-          ];
          home-manager-users = {
            inherit (self.homeConfigurations) vinzenz;
          };
        };
        vinzenz-pc2 = {
          system = "x86_64-linux";
-          additional-modules = [
-            self.nixosModules.user-vinzenz
-            self.nixosModules.user-ronja
-
-            self.nixosModules.gnome
-            self.nixosModules.wine-gaming
-            self.nixosModules.steam
-            self.nixosModules.podman
-            self.nixosModules.vinzenz-desktop-settings
-            self.nixosModules.amd-graphics
-            self.nixosModules.secure-boot
-          ];
          home-manager-users = {
-            inherit (self.homeConfigurations) vinzenz ronja;
+            inherit (self.homeConfigurations) vinzenz;
          };
        };
        ronja-pc = {
          system = "x86_64-linux";
-          additional-modules = [
-            self.nixosModules.user-ronja
-
-            self.nixosModules.gnome
-            self.nixosModules.steam
-            self.nixosModules.wine-gaming
-            self.nixosModules.vinzenz-desktop-settings
-          ];
          home-manager-users = {
            inherit (self.homeConfigurations) ronja;
          };
@ -154,7 +128,9 @@
        };
        forgejo-runner-1 = {
          system = "aarch64-linux";
-          additional-modules = [ self.nixosModules.podman ];
+        };
+        epimetheus = {
+          system = "aarch64-linux";
        };
      };
      inherit (nixpkgs) lib;
@ -230,104 +206,30 @@
          device,
          system,
          home-manager-users ? { },
-          additional-modules ? [ ],
        }:
        let
-          specialArgs = {
-            inherit device;
+          specialArgs = inputs // {
+            inherit device home-manager-users;
          };
        in
        nixpkgs.lib.nixosSystem {
          inherit system specialArgs;
          modules = [
            {
-              networking.hostName = device;
+              imports = [
+                ./nixosConfigurations/${device}
+                self.nixosModules.global-settings
+              ]
+              ++ (lib.optionals (home-manager-users != { }) [
+                self.nixosModules.global-settings-desktop
+              ]);
+
              nixpkgs = {
                inherit system;
                hostPlatform = lib.mkDefault system;
              };
-              system = {
-                stateVersion = "22.11";
-                autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
-              };
-
-              nixpkgs.overlays = [
-                self.overlays.unstable-packages
-              ];
-
-              nix.settings.experimental-features = [
-                "nix-command"
-                "flakes"
-              ];
-
-              documentation = {
-                info.enable = false; # info pages and the info command
-                doc.enable = false; # documentation distributed in packages' /share/doc
-              };
            }
-
-            ./nixosConfigurations/${device}
-
-            # keep-sorted start
-            lanzaboote.nixosModules.lanzaboote
-            self.nixosModules.allowed-unfree-list
-            self.nixosModules.autoupdate
-            self.nixosModules.default
-            self.nixosModules.extra-caches
-            self.nixosModules.globalinstalls
-            self.nixosModules.lix-is-nix
-            self.nixosModules.openssh
-            self.nixosModules.prometheus-node
-            self.nixosModules.systemd-boot
-            self.nixosModules.tailscale
-            zerforschen-plus.nixosModules.default
-            # keep-sorted end
-          ]
-          ++ (nixpkgs.lib.optionals (home-manager-users != { }) [
-            {
-              home-manager = {
-                extraSpecialArgs = specialArgs;
-                useGlobalPkgs = true;
-                useUserPackages = true;
-              };
-
-              time.timeZone = "Europe/Berlin";
-
-              home-manager.sharedModules = [
-                { home.stateVersion = "22.11"; }
-                # keep-sorted start
-                self.homeModules.git
-                self.homeModules.gnome-extensions
-                self.homeModules.nano
-                self.homeModules.templates
-                self.homeModules.zsh-basics
-                self.homeModules.zsh-powerlevel10k
-                # keep-sorted end
-              ];
-
-              home-manager.users = home-manager-users;
-            }
-
-            # keep-sorted start
-            home-manager.nixosModules.home-manager
-            self.nixosModules.en-de
-            self.nixosModules.firmware-updates
-            self.nixosModules.gnome
-            self.nixosModules.kdeconnect
-            self.nixosModules.modern-desktop
-            self.nixosModules.niri
-            self.nixosModules.nix-ld
-            self.nixosModules.pkgs-unstable
-            self.nixosModules.pkgs-vscode-extensions
-            self.nixosModules.quiet-boot
-            self.nixosModules.stylix
-            servicepoint-cli.nixosModules.default
-            servicepoint-simulator.nixosModules.default
-            servicepoint-tanks.nixosModules.default
-            stylix.nixosModules.stylix
-            # keep-sorted end
-          ])
-          ++ additional-modules;
+          ];
        }
      );

@ -339,5 +241,22 @@
          formatting = treefmt-eval.config.build.check self;
        }
      );
+
+      packages = forAllSystems (
+        { ... }:
+        {
+          nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate {
+            system = "aarch64-linux";
+            format = "proxmox-lxc";
+            specialArgs = inputs // {
+              device = "nixos-aarch64-pxvirt-lxc-template";
+            };
+            modules = [
+              self.nixosModules.global-settings
+              self.nixosModules.pxvirt-guest
+            ];
+          };
+        }
+      );
    };
 }
--- a/nixosConfigurations/epimetheus/default.nix
+++ b/nixosConfigurations/epimetheus/default.nix
@ -0,0 +1,8 @@
+{ self, ... }:
+{
+  imports = [ self.nixosModules.pxvirt-guest ];
+
+  config = {
+
+  };
+}
--- a/nixosConfigurations/forgejo-runner-1/default.nix
+++ b/nixosConfigurations/forgejo-runner-1/default.nix
@ -1,7 +1,9 @@
+{ self, ... }:
 {
  imports = [
    ./hardware.nix
    ./forgejo-runner.nix
+    self.nixosModules.podman
  ];

  config = {
--- a/nixosConfigurations/ronja-pc/default.nix
+++ b/nixosConfigurations/ronja-pc/default.nix
@ -1,11 +1,17 @@
 {
  config,
  pkgs,
+  self,
  ...
 }:
 {
  imports = [
    ./hardware.nix
+    self.nixosModules.user-ronja
+    self.nixosModules.gnome
+    self.nixosModules.steam
+    self.nixosModules.wine-gaming
+    self.nixosModules.vinzenz-desktop-settings
  ];

  config = {
--- a/nixosConfigurations/vinzenz-lpt2/default.nix
+++ b/nixosConfigurations/vinzenz-lpt2/default.nix
@ -1,6 +1,15 @@
+{ self, ... }:
 {
  imports = [
    ./hardware.nix
+    self.nixosModules.user-vinzenz
+    self.nixosModules.gnome
+    self.nixosModules.wine-gaming
+    self.nixosModules.steam
+    self.nixosModules.podman
+    self.nixosModules.vinzenz-desktop-settings
+    self.nixosModules.intel-graphics
+    self.nixosModules.secure-boot
  ];

  config = {
@ -53,5 +62,7 @@
    nixpkgs.config.permittedInsecurePackages = [
      "mbedtls-2.28.10"
    ];
+
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  };
 }
--- a/nixosConfigurations/vinzenz-pc2/default.nix
+++ b/nixosConfigurations/vinzenz-pc2/default.nix
@ -1,9 +1,18 @@
-{ pkgs, ... }:
+{ pkgs, self, ... }:
 {
  imports = [
    ./hardware.nix
    ./vscode-server.nix
    ./hass.nix
+
+    self.nixosModules.user-vinzenz
+    self.nixosModules.gnome
+    self.nixosModules.wine-gaming
+    self.nixosModules.steam
+    self.nixosModules.podman
+    self.nixosModules.vinzenz-desktop-settings
+    self.nixosModules.amd-graphics
+    self.nixosModules.secure-boot
  ];

  config = {
@ -27,11 +36,6 @@
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
    ];

-    users.users.ronja.openssh.authorizedKeys.keys = [
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius''
-    ];
-
    environment.systemPackages = with pkgs; [ lact ];

    networking.firewall.allowedUDPPorts = [
--- a/nixosModules/global-settings-desktop.nix
+++ b/nixosModules/global-settings-desktop.nix
@ -0,0 +1,57 @@
+{
+  home-manager-users,
+  self,
+  home-manager,
+  servicepoint-cli,
+  servicepoint-simulator,
+  servicepoint-tanks,
+  stylix,
+  specialArgs,
+  ...
+}:
+{
+  imports = [
+    {
+      home-manager = {
+        extraSpecialArgs = specialArgs;
+        useGlobalPkgs = true;
+        useUserPackages = true;
+      };
+
+      time.timeZone = "Europe/Berlin";
+
+      home-manager.sharedModules = [
+        { home.stateVersion = "22.11"; }
+        # keep-sorted start
+        self.homeModules.git
+        self.homeModules.gnome-extensions
+        self.homeModules.nano
+        self.homeModules.templates
+        self.homeModules.zsh-basics
+        self.homeModules.zsh-powerlevel10k
+        # keep-sorted end
+      ];
+
+      home-manager.users = home-manager-users;
+    }
+
+    # keep-sorted start
+    home-manager.nixosModules.home-manager
+    self.nixosModules.en-de
+    self.nixosModules.firmware-updates
+    self.nixosModules.gnome
+    self.nixosModules.kdeconnect
+    self.nixosModules.modern-desktop
+    self.nixosModules.niri
+    self.nixosModules.nix-ld
+    self.nixosModules.pkgs-unstable
+    self.nixosModules.pkgs-vscode-extensions
+    self.nixosModules.quiet-boot
+    self.nixosModules.stylix
+    servicepoint-cli.nixosModules.default
+    servicepoint-simulator.nixosModules.default
+    servicepoint-tanks.nixosModules.default
+    stylix.nixosModules.stylix
+    # keep-sorted end
+  ];
+}
--- a/nixosModules/global-settings.nix
+++ b/nixosModules/global-settings.nix
@ -0,0 +1,47 @@
+{
+  device,
+  self,
+  lanzaboote,
+  zerforschen-plus,
+  ...
+}:
+{
+  imports = [
+    # keep-sorted start
+    lanzaboote.nixosModules.lanzaboote
+    self.nixosModules.allowed-unfree-list
+    self.nixosModules.autoupdate
+    self.nixosModules.default
+    self.nixosModules.extra-caches
+    self.nixosModules.globalinstalls
+    self.nixosModules.lix-is-nix
+    self.nixosModules.openssh
+    self.nixosModules.prometheus-node
+    self.nixosModules.systemd-boot
+    self.nixosModules.tailscale
+    zerforschen-plus.nixosModules.default
+    # keep-sorted end
+  ];
+
+  config = {
+    networking.hostName = device;
+    system = {
+      stateVersion = "22.11";
+      autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
+    };
+
+    nixpkgs.overlays = [
+      self.overlays.unstable-packages
+    ];
+
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+
+    documentation = {
+      info.enable = false; # info pages and the info command
+      doc.enable = false; # documentation distributed in packages' /share/doc
+    };
+  };
+}
--- a/nixosModules/openssh.nix
+++ b/nixosModules/openssh.nix
@ -3,7 +3,7 @@
    enable = true;
    openFirewall = true;
    settings = {
-      PermitRootLogin = "without-password";
+      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
--- a/nixosModules/pxvirt-guest.nix
+++ b/nixosModules/pxvirt-guest.nix
@ -0,0 +1,26 @@
+{ modulesPath, lib, ... }:
+{
+  imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
+
+  config = {
+    # TODO is this needed?
+    # nix.settings.sandbox = false;
+
+    proxmoxLXC = {
+      manageNetwork = false;
+      privileged = false;
+    };
+
+    # Let Proxmox host handle fstrim
+    services.fstrim.enable = false;
+
+    # TODO is this needed
+    # Cache DNS lookups to improve performance
+    services.resolved.extraConfig = ''
+      Cache=true
+      CacheFromLocalhost=true
+    '';
+
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+  };
+}
Author	SHA1	Message	Date
Vinzenz Schroeter	33f5a07af1	generate pxvirt lxc template tar	2026-01-03 18:45:55 +01:00
Vinzenz Schroeter	6bfa995c4d	move more stuf out of flake.nix	2026-01-03 18:44:59 +01:00
Vinzenz Schroeter	0bb0018450	move host specific module imports into hosts default.nix	2025-12-11 21:13:48 +01:00