chore: some cleaning + logging implementation

lib/config/alloy/config.alloy.nix

@@ -0,0 +1,15 @@
+let
+  infra = import ../../constants.nix;
+in
+{
+  out = ''
+    logging {
+      level = "warning"
+    }
+    loki.write "grafana_loki" {
+      endpoint {
+        url = "http://${infra.loki_addr}/loki/api/v1/push"
+      }
+    }
+  '';
+}

lib/config/alloy/metrics.alloy.nix

@@ -0,0 +1,47 @@
+{ container_id, ... }:
+let
+  infra = import ../../constants.nix;
+in
+{
+  out = ''
+    prometheus.exporter.unix "default" {
+      include_exporter_metrics = true
+      disable_collectors       = ["mdadm"]
+    }
+
+    prometheus.scrape "default" {
+      targets = array.concat(
+        prometheus.exporter.unix.default.targets,
+        [{
+          // Self-collect metrics
+          job         = "alloy",
+          __address__ = "127.0.0.1:12345",
+        }],
+      )
+
+      forward_to = [prometheus.relabel.filter_metrics.receiver]
+      scrape_interval = "60s"
+    }
+
+    prometheus.relabel "filter_metrics" {
+      rule {
+        action = "drop"
+        source_labels = [ "env" ]
+        regex = "dev"
+      }
+      rule {
+        action = "replace"
+        regex = "127\\.0\\.0\\.1"
+        target_label = "instance"
+        replacement = "${infra.build_ip container_id}"
+      }
+      forward_to = [prometheus.remote_write.metrics_service.receiver]
+    }
+
+    prometheus.remote_write "metrics_service" {
+      endpoint {
+        url = "http://${infra.prometheus_addr}/api/v1/write"
+      }
+    }
+  '';
+}

lib/constants.nix.template

@@ -0,0 +1,33 @@
+let 
+  ip_prefix = "10.0.0.";
+in
+{
+  # Centralizes the IP to the gateway for the containers.
+  gateway_ip = "10.0.0.1";
+
+  # Builders for IP addresses, given a container id.
+  ip_prefix = ip_prefix;
+  cidr = "24";
+  build_ip = id: "${ip_prefix}${toString id}";
+  build_ip_cidr = id: "${ip_prefix}${toString id}/${cidr}";
+
+  loki_addr = "10.0.0.42:3100";
+  prometheus_addr = "10.0.0.42:9090";
+  reverse_proxy_addr = "10.0.0.50";
+
+  domains = {
+    exposed = ".mydomain.tld";
+    internal = ".local";
+  };
+
+  # Your deployer's host
+  master_login = "admin";
+  master_htpasswd = "$2$10$pouet.pouet";
+  master_public_ssh_key = "ssh-ed25519 [...] me@here";
+
+  # Default timezone for the containers
+  default_tz = "UTC";
+
+  # NixOS template build name => see `ls nixos-template/tarball/`
+  nixos_template_name = "nixos-image-lxc-proxmox-25.11pre-git-x86_64-linux";
+}

lib/container.nix.template

@@ -0,0 +1,57 @@
+{ pkgs, containersMapping, ... }:
+let
+   infra = import ../lib/constants.nix;
+in
+{
+  # OPTIONAL int cores: number of CPU (default = 1)
+  cores = 2;
+
+  # OPTIONAL int memory: RAM memory (default 512)
+  memory = 512;
+
+  # OPTIONAL string disk: disk space (default "4G") - beware, NixOS is greedy
+  disk = "4G";
+
+  # OPTIONAL string swap: swap space (default null)
+  swap = null;
+
+  # OPTIONAL list of int ports: ports to open (TCP tho) (default [])
+  ports = [ 80 ];
+
+  # OPTIONAL submodule services: services to be passed to the NixOS Module (default {})
+  services = {
+    nginx.enable = true;
+  };
+
+  # OPTIONAL list of pkgs other_packages: packages to add to eenvironment.systemPackages (default [])
+  other_packages = [ pkgs.hello ];
+
+  # OPTIONAL submodule etc: files contents to pass to eenvironment.etc
+  etc."alloy/log-myservice.alloy" = ''
+    # logger_ip = ${infra.build_ip containersMapping.grafana}
+    # prometheus = ${infra.build_ip containersMapping.prometheus}
+  '';
+
+  # OPTIONAL bool logging.enable: whether to enable the Alloy configuration (=> Loki)
+  # Need further configuration in etc."alloy/log-myservice.alloy"
+  logging.enable = true;
+
+  # OPTIONAL bool logging.metrics.enable: whether to enable the Alloy metrics configuration (=> Prometheus)
+  logging.metrics.enable = true;
+
+  # OPTIONAL string template: template file to use (default defined in infra/constants.nix)
+  template = null;
+
+  # OPTIONAL bool unprivileged: whether the container should be unprivileged (default true)
+  unprivileged = true;
+
+  # OPTIONAL string tags: ';'-separated tags, appended to "terraform" (default empty)
+  tags = "";
+
+  # OPTIONAL list of paths additional_tf_modules: list of modules to merge into the tf ressource module (default [])
+  # Not implemented
+  additional_tf_modules = [];
+
+  # OPTIONAL bool exposed: whether this host should be exposed by the reverse proxy.
+  exposed = false;
+}

lib/containers.nix

@@ -1,69 +0,0 @@
-{ def, ... }:
-let
-  infra = import ../infra/constants.nix;
-
-  hostname = def.hostname;
-  memory = def.memory or 512;
-  cores = def.cores or 1;
-  container_id = def.container_id;
-  disk = def.disk or "4G";
-  swap = def.swap or null; # TODO: Implement
-  services = def.services or { };
-  open_ports = def.open_ports or [ ];
-  other_packages = def.other_packages or [ ];
-  etc = def.etc or { };
-  logging_enabled = def.logging.enable or false; # TODO: Implement
-  logging_metrics_enabled = def.logging.metrics.enable or false;
-  extraModules = def.extraModules or [ ];
-  template = def.template or infra.nixos_template_name;
-  unprivileged = def.unprivileged or true;
-  tags = def.tags or "";
-in
-{
-  terraformResource = {
-    hostname = hostname;
-    memory = memory;
-    cores = cores;
-    ostemplate = "local:vztmpl/${template}.tar.xz";
-    unprivileged = unprivileged;
-    password = "changeme";
-    features.nesting = true;
-    target_node = "\${var.pve_node}";
-    network = {
-      name = "eth0";
-      bridge = "vmbr0";
-      ip = infra.build_ip_cidr container_id;
-      gw = infra.gateway_ip;
-      type = "veth";
-    };
-    rootfs = {
-      storage = "local-lvm";
-      size = disk;
-    };
-    vmid = container_id;
-    tags = "terraform;${tags}";
-  };
-
-  nixosModule =
-    { config, pkgs, ... }:
-    {
-      imports = [
-        ../infra/lxc-template.nix
-      ]
-      ++ extraModules;
-      networking.hostName = hostname;
-      networking.firewall.allowedTCPPorts = open_ports;
-      services = services;
-      environment.etc = etc;
-      environment.systemPackages = other_packages;
-      # logging things...
-      #     # logs configuration ...
-      #     # environment.etc."alloy/config.alloy" = '' loki blabla '';
-      #     # environment.etc."alloy/metrics.alloy" = '' prometheus blabla '';
-      #     #
-      #     # -> services.alloy.extraFlags = [
-      #     #   "--server.http.listen-addr=127.0.0.1:12346"
-      #     #   "--disable-reporting"
-      #     # ]
-    };
-}

lib/infra.nix

@@ -0,0 +1,21 @@
+{ lib, ... }:
+{
+  terraform.required_providers = {
+    proxmox = {
+      source = "Telmate/proxmox";
+      version = "~> 2.9.11";
+    };
+  };
+
+  provider.proxmox = {
+    pm_api_url = "\${var.pm_api_url}";
+    pm_api_token_id = "\${var.pm_api_token_id}";
+    pm_api_token_secret = "\${var.pm_api_token_secret}";
+    pm_tls_insecure = false;
+  };
+
+  variable.pm_api_url.type = "string";
+  variable.pm_api_token_id.type = "string";
+  variable.pm_api_token_secret.type = "string";
+  variable.pve_node.type = "string";
+}

lib/lxc-template.nix

@@ -0,0 +1,53 @@
+{
+  pkgs,
+  lib,
+  modulesPath,
+  ...
+}:
+let
+  infra = import ./constants.nix;
+in
+{
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+  ];
+
+  boot.isContainer = true;
+
+  systemd.suppressedSystemUnits = [
+    "dev-mqueue.mount"
+    "sys-kernel-debug.mount"
+    "sys-fs-fuse-connections.mount"
+  ];
+  environment.systemPackages = with pkgs; [
+    vim
+    openssl
+    coreutils
+  ];
+  services.openssh.enable = true;
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    auto-optimise-store = true;
+  };
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+
+  time.timeZone = infra.default_tz;
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      infra.master_public_ssh_key
+    ];
+    initialPassword = "nixos";
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  system.stateVersion = "25.11";
+}