tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-hypervisor/flake.nix
Théo Barnouin 64986d2883 Remove microvm and correct build for nginx
2025-04-04 14:09:58 +02:00

216 lines
6.4 KiB
Nix
Raw Blame History

{
description = "A simple system flake using some Aux defaults";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
crowdsec = {
url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:yaxitech/ragenix";
};
outputs = inputs @ {
self,
nixpkgs,
home-manager,
agenix,
crowdsec,
...
}: let
system = "x86_64-linux";
username = "tbarnouin";
proxy_host = "192.168.1.40";
pgsql_host = "192.168.1.13";
pkgs = import nixpkgs {inherit system;};
in {
nixosConfigurations = {
nginx = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
{
services.crowdsec-firewall-bouncer = {
enable = true;
package = inputs.crowdsec.packages."x86_64-linux".crowdsec-firewall-bouncer;
};
}
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
services = {
vm_nginx = {
enable = true;
};
crowdsec = {
enable = true;
package = pkgs.crowdsec;
autoUpdateService = false;
settings = {
general = {
api = {
server = {
enable = false;
#listen_uri = "127.0.0.1:8080";
};
};
prometheus.listen_addr = "0.0.0.0";
};
};
hub.collections = [
"firix/authentik"
"crowdsecurity/sshd"
"crowdsecurity/linux"
"crowdsecurity/nginx"
"LePresidente/grafana"
"LePresidente/jellyfin"
"crowdsecurity/http-cve"
"crowdsecurity/nextcloud"
"crowdsecurity/base-http-scenarios"
];
localConfig = {
acquisitions = [
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels = {
type = "syslog";
};
}
];
};
};
};
networking.hostName = "nginx";
}
];
};
pgsql = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
{
networking.hostName = "pgsql";
services.vm_postgresql = {
enable = true;
};
}
];
};
onlyoffice = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
{
networking.hostName = "onlyoffice";
services.vm_onlyoffice = {
enable = true;
pgsql_ip = pgsql_host;
};
}
];
};
collabora = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
{
networking.hostName = "collabora";
services.vm_collabora = {
enable = true;
};
}
];
};
forgejo = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
{
networking.hostName = "forgejo";
services.vm_forgejo = {
enable = true;
pgsql_ip = pgsql_host;
};
}
];
};
template = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix"
{
networking.hostName = "nixos";
}
];
};
jellyfin = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix"
"${inputs.self}/services"
{
services.vm_jellyfin = {
enable = true;
};
}
];
};
redis = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
{
networking.hostName = "redis";
services.vm_redis = {
enable = true;
};
}
];
};
grafana-lxc = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
{
services.vm_grafana = {
enable = true;
vm_ip = "192.168.1.27";
proxy_ip = proxy_host;
pgsql_ip = pgsql_host;
};
}
];
};
};
};
}
Reference in a new issue View git blame Copy permalink