nixos-hypervisor/flake.nix

{
  description = "A simple system flake using some Aux defaults";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
    home-manager = {
      url = "github:nix-community/home-manager/release-24.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    microvm.url = "github:astro/microvm.nix";
    microvm.inputs.nixpkgs.follows = "nixpkgs";
    authentik-nix.url = "github:nix-community/authentik-nix";
    agenix.url = "github:yaxitech/ragenix";
  };

  outputs = inputs@{ self, nixpkgs, home-manager, microvm, agenix, ... }:
    let
      system     = "x86_64-linux";
      username   = "tbarnouin";
      proxy_host = "192.168.1.40";
      pgsql_host = "192.168.1.13";
    in
    {
      nixosConfigurations = {
        nixmox-curiosity = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            ./hosts/nixmox-curiosity/configuration.nix
            {
              networking.hostName = "nixmox-curiosity";
            }
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.${username} = import ./hosts/nixmox-curiosity/home.nix;
            }
            microvm.nixosModules.host
            {
              microvm = {
                autostart = [];
                vms = {};
              };
            }
          ];

          specialArgs = {
            inherit inputs;
            inherit username;
            inherit proxy_host;
            inherit pgsql_host;
            inherit system;
          };
        };
        nginx = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
            "${inputs.self}/systems/minimalLXCConfig.nix"
            "${inputs.self}/services"
            {
              networking.hostName = "nginx";
              services.vm_nginx = {
                enable = true;
              };
            }
          ];
        };
        onlyoffice = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
            "${inputs.self}/systems/minimalLXCConfig.nix"
            "${inputs.self}/services"
            {
              networking.hostName = "onlyoffice";
              services.vm_onlyoffice = {
                enable = true;
                pgsql_ip = pgsql_host;
              };
            }
          ];
        };
#        template = nixpkgs.lib.nixosSystem {
#          inherit system;
#          modules = [
#            agenix.nixosModules.default
#            "${inputs.self}/systems/minimalVMConfig.nix"
#            {
#              networking.hostName = "nixos";
#            }
#          ];
#        };
        jellyfin = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            microvm.nixosModules.microvm
            "${inputs.self}/systems/minimalVMConfig.nix"
            "${inputs.self}/services"
            {
              services.vm_jellyfin = {
                enable = true;
              };
            }
          ];
        };
        redis = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
            "${inputs.self}/systems/minimalLXCConfig.nix"
            "${inputs.self}/services"
            {
              networking.hostName = "redis";
              services.vm_redis = {
                enable = true;
              };
            }
          ];
        };
        grafana-lxc = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
            "${inputs.self}/systems/minimalLXCConfig.nix"
            "${inputs.self}/services"
            {
              services.vm_grafana = {
                enable   = true;
                vm_ip    = "192.168.1.27";
                proxy_ip = proxy_host;
                pgsql_ip = pgsql_host;
              };
            }
          ];
        };
        grafana = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            microvm.nixosModules.microvm
            "${inputs.self}/systems/minimalMicrovmConfig.nix"
            "${inputs.self}/services"
            {
              services.vm_grafana = {
                enable   = true;
                vm_ip    = "192.168.1.27";
                proxy_ip = proxy_host;
                pgsql_ip = pgsql_host;
              };
              services.micro_vm = {
                enable   = true;
                hostname = "grafana";
                vm_ip    = "192.168.1.20";
                vm_cpu   = 1;
                vm_mem   = 512;
                macAddr  = "02:00:00:00:00:20";
              };
            }
          ];
        };
        authentik = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            agenix.nixosModules.default
            inputs.authentik-nix.nixosModules.default
            {
              services.authentik = {
                enable = true;
                environmentFile = "/run/secrets/authentik/authentik-env";
                settings = {
                  disable_startup_analytics = true;
                  avatars = "initials";
                };
              };
              services.vm_authentik = {
                enable = true;
              };
            }
            microvm.nixosModules.microvm
            "${inputs.self}/systems/minimalMicrovmConfig.nix"
            "${inputs.self}/services"
            {
              microvm = {
                volumes = [
                  {
                    mountPoint = "/media";
                    image = "/var/lib/microvms/authentik/media.img";
                    size = 2048;
                  }
                ];
              };
              services.micro_vm = {
                enable   = true;
                hostname = "authentik";
                vm_ip    = "192.168.1.25";
                vm_cpu   = 2;
                vm_mem   = 2048;
                macAddr  = "02:00:00:00:00:25";
              };
            }
          ];
        };
      };
    };
}
First commit 2024-09-09 10:48:56 +02:00			`{`
			`description = "A simple system flake using some Aux defaults";`

			`inputs = {`
Update everyone to 24.11 2025-01-08 10:02:38 +01:00			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";`
First commit 2024-09-09 10:48:56 +02:00			`home-manager = {`
Update everyone to 24.11 2025-01-08 10:02:38 +01:00			`url = "github:nix-community/home-manager/release-24.11";`
First commit 2024-09-09 10:48:56 +02:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`microvm.url = "github:astro/microvm.nix";`
			`microvm.inputs.nixpkgs.follows = "nixpkgs";`
Add authentik-nix input 2024-09-13 10:32:18 +02:00			`authentik-nix.url = "github:nix-community/authentik-nix";`
Use ragenix instead of agenix 2024-11-28 12:09:01 +01:00			`agenix.url = "github:yaxitech/ragenix";`
First commit 2024-09-09 10:48:56 +02:00			`};`

Agenix config for forgejo tested and working 2024-10-23 13:10:45 +02:00			`outputs = inputs@{ self, nixpkgs, home-manager, microvm, agenix, ... }:`
First commit 2024-09-09 10:48:56 +02:00			`let`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`system = "x86_64-linux";`
			`username = "tbarnouin";`
Add authentik-nix input 2024-09-13 10:32:18 +02:00			`proxy_host = "192.168.1.40";`
Add external database for grafana 2024-09-25 13:36:18 +02:00			`pgsql_host = "192.168.1.13";`
First commit 2024-09-09 10:48:56 +02:00			`in`
			`{`
			`nixosConfigurations = {`
Fix second hypervisor 2024-09-17 18:24:38 +02:00			`nixmox-curiosity = nixpkgs.lib.nixosSystem {`
First commit 2024-09-09 10:48:56 +02:00			`inherit system;`
			`modules = [`
Add agenix module to nixmox-curiosity 2024-10-23 15:57:49 +02:00			`agenix.nixosModules.default`
Fix second hypervisor 2024-09-17 18:24:38 +02:00			`./hosts/nixmox-curiosity/configuration.nix`
First commit 2024-09-09 10:48:56 +02:00			`{`
Fix second hypervisor 2024-09-17 18:24:38 +02:00			`networking.hostName = "nixmox-curiosity";`
First commit 2024-09-09 10:48:56 +02:00			`}`
			`home-manager.nixosModules.home-manager`
			`{`
			`home-manager.useGlobalPkgs = true;`
			`home-manager.useUserPackages = true;`
Fix second hypervisor 2024-09-17 18:24:38 +02:00			`home-manager.users.${username} = import ./hosts/nixmox-curiosity/home.nix;`
First commit 2024-09-09 10:48:56 +02:00			`}`
			`microvm.nixosModules.host`
			`{`
Add other services 2024-09-09 15:19:57 +02:00			`microvm = {`
Delete grafana VM from nixmox-curiosity because i don't want to deal with agenix import error 2024-10-23 15:59:37 +02:00			`autostart = [];`
			`vms = {};`
First commit 2024-09-09 10:48:56 +02:00			`};`
			`}`
			`];`
Add other services 2024-09-09 15:19:57 +02:00
First commit 2024-09-09 10:48:56 +02:00			`specialArgs = {`
			`inherit inputs;`
			`inherit username;`
Add second hypervisor 2024-09-17 14:48:19 +02:00			`inherit proxy_host;`
Fix variable 2024-09-25 13:44:15 +02:00			`inherit pgsql_host;`
Add second hypervisor 2024-09-17 14:48:19 +02:00			`inherit system;`
			`};`
			`};`
First commit 2024-09-09 10:48:56 +02:00			`nginx = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
Fix typos, working agenix and grafana config 2024-10-23 16:45:46 +02:00			`agenix.nixosModules.default`
LXC config is imported in minimalConfig, enabled in flake.nix and proxmox-lxc.nix module is imported in flake 2024-10-16 15:37:45 +02:00			`"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"`
Changes in flake 2025-01-07 13:38:19 +01:00			`"${inputs.self}/systems/minimalLXCConfig.nix"`
First commit 2024-09-09 10:48:56 +02:00			`"${inputs.self}/services"`
			`{`
Change nginx hostname 2024-10-15 15:46:57 +02:00			`networking.hostName = "nginx";`
First commit 2024-09-09 10:48:56 +02:00			`services.vm_nginx = {`
			`enable = true;`
			`};`
Changes in flake 2025-01-07 13:38:19 +01:00			`}`
			`];`
			`};`
Add onlyoffice service 2025-01-07 13:55:31 +01:00			`onlyoffice = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
			`agenix.nixosModules.default`
			`"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"`
			`"${inputs.self}/systems/minimalLXCConfig.nix"`
			`"${inputs.self}/services"`
			`{`
			`networking.hostName = "onlyoffice";`
			`services.vm_onlyoffice = {`
			`enable = true;`
Add onlyoffice service 2025-01-07 14:06:00 +01:00			`pgsql_ip = pgsql_host;`
Add onlyoffice service 2025-01-07 13:55:31 +01:00			`};`
			`}`
			`];`
			`};`
Comment template config to avoie flake check error 2025-01-08 11:54:10 +01:00			`# template = nixpkgs.lib.nixosSystem {`
			`# inherit system;`
			`# modules = [`
			`# agenix.nixosModules.default`
			`# "${inputs.self}/systems/minimalVMConfig.nix"`
			`# {`
			`# networking.hostName = "nixos";`
			`# }`
			`# ];`
			`# };`
Add second hypervisor 2024-09-17 14:48:19 +02:00			`jellyfin = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
Fix typos, working agenix and grafana config 2024-10-23 16:45:46 +02:00			`agenix.nixosModules.default`
Add second hypervisor 2024-09-17 14:48:19 +02:00			`microvm.nixosModules.microvm`
Changes in flake 2025-01-07 13:38:19 +01:00			`"${inputs.self}/systems/minimalVMConfig.nix"`
Add second hypervisor 2024-09-17 14:48:19 +02:00			`"${inputs.self}/services"`
			`{`
			`services.vm_jellyfin = {`
			`enable = true;`
			`};`
			`}`
			`];`
			`};`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`redis = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
Fix typos, working agenix and grafana config 2024-10-23 16:45:46 +02:00			`agenix.nixosModules.default`
LXC config is imported in minimalConfig, enabled in flake.nix and proxmox-lxc.nix module is imported in flake 2024-10-16 15:37:45 +02:00			`"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"`
Changes in flake 2025-01-07 13:38:19 +01:00			`"${inputs.self}/systems/minimalLXCConfig.nix"`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`"${inputs.self}/services"`
			`{`
Migrate redis to LXC 2024-10-15 15:44:21 +02:00			`networking.hostName = "redis";`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`services.vm_redis = {`
			`enable = true;`
			`};`
			`}`
			`];`
			`};`
Update nginx vhosts to serve grafana LXC 2024-10-23 15:52:46 +02:00			`grafana-lxc = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
			`agenix.nixosModules.default`
			`"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"`
Changes in flake 2025-01-07 13:38:19 +01:00			`"${inputs.self}/systems/minimalLXCConfig.nix"`
Update nginx vhosts to serve grafana LXC 2024-10-23 15:52:46 +02:00			`"${inputs.self}/services"`
			`{`
			`services.vm_grafana = {`
			`enable = true;`
			`vm_ip = "192.168.1.27";`
			`proxy_ip = proxy_host;`
			`pgsql_ip = pgsql_host;`
			`};`
			`}`
			`];`
			`};`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`grafana = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
Fix typos, working agenix and grafana config 2024-10-23 16:45:46 +02:00			`agenix.nixosModules.default`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`microvm.nixosModules.microvm`
Changes in flake 2025-01-07 13:38:19 +01:00			`"${inputs.self}/systems/minimalMicrovmConfig.nix"`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`"${inputs.self}/services"`
			`{`
			`services.vm_grafana = {`
			`enable = true;`
Fix typos, working agenix and grafana config 2024-10-23 16:45:46 +02:00			`vm_ip = "192.168.1.27";`
Fix variable 2024-09-25 13:44:15 +02:00			`proxy_ip = proxy_host;`
			`pgsql_ip = pgsql_host;`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`};`
Separate LXC, VM and microvm configs (it's getting ugly, need to tidy things up soon) 2024-12-12 11:54:49 +01:00			`services.micro_vm = {`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`enable = true;`
			`hostname = "grafana";`
			`vm_ip = "192.168.1.20";`
Lower grafana specs 2024-09-27 09:24:05 +02:00			`vm_cpu = 1;`
			`vm_mem = 512;`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`macAddr = "02:00:00:00:00:20";`
			`};`
			`}`
			`];`
			`};`
			`authentik = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
Fix typos, working agenix and grafana config 2024-10-23 16:45:46 +02:00			`agenix.nixosModules.default`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`inputs.authentik-nix.nixosModules.default`
			`{`
			`services.authentik = {`
			`enable = true;`
			`environmentFile = "/run/secrets/authentik/authentik-env";`
			`settings = {`
			`disable_startup_analytics = true;`
			`avatars = "initials";`
			`};`
			`};`
			`services.vm_authentik = {`
			`enable = true;`
			`};`
			`}`
			`microvm.nixosModules.microvm`
Changes in flake 2025-01-07 13:38:19 +01:00			`"${inputs.self}/systems/minimalMicrovmConfig.nix"`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`"${inputs.self}/services"`
			`{`
Ajout config OAuth pour grafana 2024-09-25 12:56:59 +02:00			`microvm = {`
			`volumes = [`
			`{`
			`mountPoint = "/media";`
			`image = "/var/lib/microvms/authentik/media.img";`
			`size = 2048;`
			`}`
			`];`
			`};`
Changes in flake 2025-01-07 13:38:19 +01:00			`services.micro_vm = {`
Adjust flake to match pve01 config 2024-09-10 14:40:56 +02:00			`enable = true;`
			`hostname = "authentik";`
			`vm_ip = "192.168.1.25";`
			`vm_cpu = 2;`
			`vm_mem = 2048;`
			`macAddr = "02:00:00:00:00:25";`
First commit 2024-09-09 10:48:56 +02:00			`};`
			`}`
			`];`
			`};`
			`};`
			`};`
			`}`