tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-hypervisor/flake.nix
Théo Barnouin 4d337df460 Working crowdsec config
2025-04-04 16:48:14 +02:00

160 lines
4.8 KiB
Nix
Raw Blame History

{
description = "A simple system flake using some Aux defaults";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
crowdsec = {
url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:yaxitech/ragenix";
};
outputs = inputs @ {
self,
nixpkgs,
home-manager,
agenix,
crowdsec,
...
}: let
system = "x86_64-linux";
username = "tbarnouin";
proxy_host = "192.168.1.40";
pgsql_host = "192.168.1.13";
pkgs = import nixpkgs {inherit system;};
in {
nixosConfigurations = {
nginx = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
networking.hostName = "nginx";
services = {
vm_nginx = {
enable = true;
proxy_ip = proxy_host;
};
};
}
];
};
pgsql = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
networking.hostName = "pgsql";
services.vm_postgresql = {
enable = true;
};
}
];
};
forgejo = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
networking.hostName = "forgejo";
services.vm_forgejo = {
enable = true;
pgsql_ip = pgsql_host;
};
}
];
};
template = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix"
{
networking.hostName = "nixos";
}
];
};
jellyfin = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
services.vm_jellyfin = {
enable = true;
};
}
];
};
redis = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
networking.hostName = "redis";
services.vm_redis = {
enable = true;
};
}
];
};
grafana-lxc = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
services.vm_grafana = {
enable = true;
vm_ip = "192.168.1.27";
proxy_ip = proxy_host;
pgsql_ip = pgsql_host;
};
}
];
};
};
};
}
Reference in a new issue View git blame Copy permalink