From 65e54e09913b02606ebd20e11565a80c7dc2b9ed Mon Sep 17 00:00:00 2001 From: Alexander Derevianko Date: Thu, 31 Jul 2025 11:55:28 +0200 Subject: [PATCH] Create proxmox configuration, create izanagi config, update readme, move configurations to /machines/ --- .envrc | 1 + .gitignore | 2 + README.org | 2 +- flake.lock | 56 +++++++- flake.nix | 63 ++++++++- iso/proxmox/default.nix | 123 ++++++++++++++++ .../proxmox}/hardware-configuration.nix | 0 iso/proxmox/home.nix | 29 ++++ machines/izanagi-minimal/default.nix | 131 ++++++++++++++++++ machines/izanagi-minimal/disko-config.nix | 28 ++++ .../hardware-configuration.nix | 0 machines/izanagi-minimal/home.nix | 34 +++++ .../susano-minimal}/default.nix | 0 .../susano-minimal}/disko-config.nix | 0 .../susano-minimal/hardware-configuration.nix | 28 ++++ {main => machines/susano-minimal}/home.nix | 0 {main => machines/susano}/.sops.yaml | 0 {main => machines/susano}/default.nix | 0 {minimal => machines/susano}/disko-config.nix | 0 machines/susano/hardware-configuration.nix | 28 ++++ {minimal => machines/susano}/home.nix | 0 .../susano}/secrets/secrets.yaml | 0 {main => machines/susano}/sops.nix | 0 23 files changed, 521 insertions(+), 4 deletions(-) create mode 100644 .envrc create mode 100644 iso/proxmox/default.nix rename {main => iso/proxmox}/hardware-configuration.nix (100%) create mode 100644 iso/proxmox/home.nix create mode 100644 machines/izanagi-minimal/default.nix create mode 100644 machines/izanagi-minimal/disko-config.nix rename {minimal => machines/izanagi-minimal}/hardware-configuration.nix (100%) create mode 100644 machines/izanagi-minimal/home.nix rename {minimal => machines/susano-minimal}/default.nix (100%) rename {main => machines/susano-minimal}/disko-config.nix (100%) create mode 100644 machines/susano-minimal/hardware-configuration.nix rename {main => machines/susano-minimal}/home.nix (100%) rename {main => machines/susano}/.sops.yaml (100%) rename {main => machines/susano}/default.nix (100%) rename {minimal => machines/susano}/disko-config.nix (100%) create mode 100644 machines/susano/hardware-configuration.nix rename {minimal => machines/susano}/home.nix (100%) rename {main => machines/susano}/secrets/secrets.yaml (100%) rename {main => machines/susano}/sops.nix (100%) diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore index bf20e2c..971965a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ tmp/ result +.direnv +*.local.md diff --git a/README.org b/README.org index fd5cee6..02138bc 100644 --- a/README.org +++ b/README.org @@ -15,7 +15,7 @@ This guide documents the process for a minimal installation of NixOS on a Proxmo 2. *Deploy NixOS:* From your workstation, run =nixos-anywhere=, pointing to your flake and the VM's IP address. #+begin_src sh nix run github:nix-community/nixos-anywhere -- \ - --flake .#your-machine-name \ + --flake .#susano-minimal \ --target-host root@ #+end_src diff --git a/flake.lock b/flake.lock index 9d6d124..db9a63d 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1753122741, @@ -127,9 +163,11 @@ "copyparty": "copyparty", "disko": "disko", "home-manager": "home-manager", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "unstable": "unstable" } }, "sops-nix": { @@ -151,6 +189,22 @@ "repo": "sops-nix", "type": "github" } + }, + "unstable": { + "locked": { + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 3773542..9aba576 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,12 @@ inputs = { # Nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; @@ -25,6 +30,7 @@ self, nixpkgs, nixos-hardware, + nixos-generators, disko, home-manager, sops-nix, @@ -34,6 +40,8 @@ extraHomeModules = [ ./hm-modules ]; + + upkgs = import inputs.unstable { system = "x86_64-linux"; config.allowUnfree = true; }; in { nixosConfigurations = { susano-minimal = nixpkgs.lib.nixosSystem { @@ -41,7 +49,7 @@ modules = [ disko.nixosModules.disko home-manager.nixosModules.home-manager - ./minimal + ./machines/susano-minimal ]; }; @@ -53,10 +61,61 @@ sops-nix.nixosModules.sops inputs.copyparty.nixosModules.default - ./main + ./machines/susano ./modules ]; }; + + izanagi-minimal = + let + username = "izanagi"; + in nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs extraHomeModules username;}; + modules = [ + disko.nixosModules.disko + home-manager.nixosModules.home-manager + ./machines/izanagi-minimal + ]; + }; + }; + + packages.x86_64-linux = { + izanami-proxmox = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + home-manager.nixosModules.home-manager + + ./iso/proxmox + ]; + + specialArgs = { + inherit inputs; + + username = "izanami"; + extraHomeModules = [ + ./hm-modules + ]; + }; + + format = "proxmox"; + }; + }; + + devShells = { + "x86_64-linux" = { + default = upkgs.mkShell { + buildInputs = with upkgs; [ + + # AI Coding agents + gemini-cli + opencode + claude-code + ]; + + shellHook = '' + ''; + }; + }; }; }; } diff --git a/iso/proxmox/default.nix b/iso/proxmox/default.nix new file mode 100644 index 0000000..b950a2f --- /dev/null +++ b/iso/proxmox/default.nix @@ -0,0 +1,123 @@ +{ config, pkgs, extraHomeModules, inputs, lib, username, ... }: + +let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; +in { + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Opinionated: disable global registry + flake-registry = ""; + # Workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; + + # Allow user to reubild nixos without sudo + trusted-users = [ "root" username ]; + }; + # Opinionated: disable channels + channel.enable = false; + + # Opinionated: make flake registry and nix path match flake inputs + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; + + # Bootloader. + boot.loader.grub = { + enable = true; + useOSProber = true; + }; + + networking = { + hostName = username; + networkmanager.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Warsaw"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + security = { + rtkit.enable = true; + sudo.extraRules = [{ + users = [ username ]; + commands = [{ + command = "ALL"; + options = + [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea + }]; + }]; + }; + + users.users.${username} = { + isNormalUser = true; + description = "NixOS Proxmox Base Image"; + hashedPassword = + "$6$YhcYhZA4dn.DKxfg$PFUomdcTMxM6wQx5indT9paO7TQAoT/a85NZ2.T2wR5OtRhsRgFnySQSlAp5qSjzrwsAY2T40Js7gHkGe5chZ/"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com" + ]; + + shell = pkgs.zsh; + }; + + environment.systemPackages = with pkgs; [ vim wget ripgrep ]; + + services.openssh = { + enable = true; + settings = { + # Opinionated: forbid root login through SSH. + PermitRootLogin = "no"; + # Opinionated: use keys only. + # Remove if you want to SSH using passwords + PasswordAuthentication = false; + }; + }; + + programs = { zsh.enable = true; }; + + ### + # Home Manger configuration + ### + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + extraSpecialArgs = { inherit inputs username; }; + + users."${username}" = { imports = [ ./home.nix ] ++ extraHomeModules; }; + }; + + # DO NOT CHANGE AT ANY POINT! + system.stateVersion = "25.05"; +} diff --git a/main/hardware-configuration.nix b/iso/proxmox/hardware-configuration.nix similarity index 100% rename from main/hardware-configuration.nix rename to iso/proxmox/hardware-configuration.nix diff --git a/iso/proxmox/home.nix b/iso/proxmox/home.nix new file mode 100644 index 0000000..c551006 --- /dev/null +++ b/iso/proxmox/home.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, username, ... }: + +{ + home = { + inherit username; + stateVersion = "25.05"; + homeDirectory = "/home/${username}"; + }; + + dov = { + shell = { + zsh = { + enable = true; + shellAliases = { + ll = "eza -al"; + sc = "source $HOME/.zshrc"; + psax = "ps ax | grep"; + cp = "rsync -ah --progress"; + }; + }; + }; + }; + + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + eza + ]; +} diff --git a/machines/izanagi-minimal/default.nix b/machines/izanagi-minimal/default.nix new file mode 100644 index 0000000..5b4bf61 --- /dev/null +++ b/machines/izanagi-minimal/default.nix @@ -0,0 +1,131 @@ +{ + config, + pkgs, + extraHomeModules, + inputs, + lib, + username, + ... +}: + +let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; +in { + imports = + [ + ./hardware-configuration.nix + ./disko-config.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Opinionated: disable global registry + flake-registry = ""; + # Workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; + + # Allow user to reubild nixos without sudo + trusted-users = [ "root" username ]; + }; + # Opinionated: disable channels + channel.enable = false; + + # Opinionated: make flake registry and nix path match flake inputs + registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.useOSProber = true; + + networking.hostName = username; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Warsaw"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + security.rtkit.enable = true; + + users.users.${username} = { + isNormalUser = true; + description = "NixOS Proxmox DevMachine"; + hashedPassword = "$6$fgXNf1aUOgGn7QWQ$rOcVKUnBC7td/KVdyLzknQy4LjgQDETKPIxivi1yWd4boWbRgITr/.iYlekZOuRuC6m.WydgV9PviqlrioDF91"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com" + ]; + + shell = pkgs.zsh; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + ripgrep + ]; + + services.openssh = { + enable = true; + settings = { + # Opinionated: forbid root login through SSH. + PermitRootLogin = "no"; + # Opinionated: use keys only. + # Remove if you want to SSH using passwords + PasswordAuthentication = false; + }; + }; + + programs = { + zsh.enable = true; + }; + + ### + # Home Manger configuration + ### + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + extraSpecialArgs = { inherit inputs username; }; + + users."${username}" = { + imports = [ + ./home.nix + ] ++ extraHomeModules; + }; + }; + + # DO NOT CHANGE AT ANY POINT! + system.stateVersion = "25.05"; +} diff --git a/machines/izanagi-minimal/disko-config.nix b/machines/izanagi-minimal/disko-config.nix new file mode 100644 index 0000000..8afb0bb --- /dev/null +++ b/machines/izanagi-minimal/disko-config.nix @@ -0,0 +1,28 @@ +{ username, ... }: +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/minimal/hardware-configuration.nix b/machines/izanagi-minimal/hardware-configuration.nix similarity index 100% rename from minimal/hardware-configuration.nix rename to machines/izanagi-minimal/hardware-configuration.nix diff --git a/machines/izanagi-minimal/home.nix b/machines/izanagi-minimal/home.nix new file mode 100644 index 0000000..156b952 --- /dev/null +++ b/machines/izanagi-minimal/home.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, username, ... }: + +let +in { + imports = [ + ]; + + + home = { + inherit username; + stateVersion = "25.05"; + homeDirectory = "/home/${username}"; + }; + + dov = { + shell = { + zsh = { + enable = true; + shellAliases = { + ll = "eza -al"; + sc = "source $HOME/.zshrc"; + psax = "ps ax | grep"; + cp = "rsync -ah --progress"; + }; + }; + }; + }; + + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + eza + ]; +} diff --git a/minimal/default.nix b/machines/susano-minimal/default.nix similarity index 100% rename from minimal/default.nix rename to machines/susano-minimal/default.nix diff --git a/main/disko-config.nix b/machines/susano-minimal/disko-config.nix similarity index 100% rename from main/disko-config.nix rename to machines/susano-minimal/disko-config.nix diff --git a/machines/susano-minimal/hardware-configuration.nix b/machines/susano-minimal/hardware-configuration.nix new file mode 100644 index 0000000..c760612 --- /dev/null +++ b/machines/susano-minimal/hardware-configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/301d5990-7186-4a90-94aa-997044007358"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/main/home.nix b/machines/susano-minimal/home.nix similarity index 100% rename from main/home.nix rename to machines/susano-minimal/home.nix diff --git a/main/.sops.yaml b/machines/susano/.sops.yaml similarity index 100% rename from main/.sops.yaml rename to machines/susano/.sops.yaml diff --git a/main/default.nix b/machines/susano/default.nix similarity index 100% rename from main/default.nix rename to machines/susano/default.nix diff --git a/minimal/disko-config.nix b/machines/susano/disko-config.nix similarity index 100% rename from minimal/disko-config.nix rename to machines/susano/disko-config.nix diff --git a/machines/susano/hardware-configuration.nix b/machines/susano/hardware-configuration.nix new file mode 100644 index 0000000..c760612 --- /dev/null +++ b/machines/susano/hardware-configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/301d5990-7186-4a90-94aa-997044007358"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/minimal/home.nix b/machines/susano/home.nix similarity index 100% rename from minimal/home.nix rename to machines/susano/home.nix diff --git a/main/secrets/secrets.yaml b/machines/susano/secrets/secrets.yaml similarity index 100% rename from main/secrets/secrets.yaml rename to machines/susano/secrets/secrets.yaml diff --git a/main/sops.nix b/machines/susano/sops.nix similarity index 100% rename from main/sops.nix rename to machines/susano/sops.nix