feat: initial version of the full setup

2025-10-23 19:36:05 +02:00
commit cc957061de
12 changed files with 841 additions and 0 deletions
--- a/infra/constants.nix.template
+++ b/infra/constants.nix.template
@@ -0,0 +1,19 @@
+{
+  # Centralizes the IP to the gateway for the containers.
+  gateway_ip = "10.0.0.1";
+
+  # Builders for IP addresses, given a container id.
+  ip_prefix = "10.0.0.";
+  cidr = "24";
+  build_ip = id: "${ip_prefix}${toString id}";
+  build_ip_cidr = id: "${ip_prefix}${toString id}/${cidr}";
+
+  # Your deployer's host
+  master_public_ssh_key = "ssh-ed25519 [...] me@here";
+
+  # Default timezone for the containers
+  default_tz = "UTC";
+
+  # NixOS template build name => see `ls nixos-template/tarball/`
+  nixos_template_name = "nixos-image-lxc-proxmox-25.11pre-git-x86_64-linux";
+}
--- a/infra/default.nix
+++ b/infra/default.nix
@@ -0,0 +1,21 @@
+{ lib, ... }:
+{
+  terraform.required_providers = {
+    proxmox = {
+      source = "Telmate/proxmox";
+      version = "~> 2.9.11";
+    };
+  };
+
+  provider.proxmox = {
+    pm_api_url = "\${var.pm_api_url}";
+    pm_api_token_id = "\${var.pm_api_token_id}";
+    pm_api_token_secret = "\${var.pm_api_token_secret}";
+    pm_tls_insecure = false;
+  };
+
+  variable.pm_api_url.type = "string";
+  variable.pm_api_token_id.type = "string";
+  variable.pm_api_token_secret.type = "string";
+  variable.pve_node.type = "string";
+}
--- a/infra/lxc-template.nix
+++ b/infra/lxc-template.nix
@@ -0,0 +1,57 @@
+{
+  pkgs,
+  lib,
+  modulesPath,
+  ...
+}:
+let
+  infra = import ./constants.nix;
+in
+{
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+  ];
+
+  boot.isContainer = true;
+
+  systemd.suppressedSystemUnits = [
+    "dev-mqueue.mount"
+    "sys-kernel-debug.mount"
+    "sys-fs-fuse-connections.mount"
+  ];
+  environment.systemPackages = with pkgs; [
+    vim
+    openssl
+    coreutils
+  ];
+  services.openssh.enable = true;
+  services.chrony = {
+    enable = true;
+    enableNTS = true;
+    servers = [ "time.cloudflare.com" ];
+  };
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    auto-optimise-store = true;
+  };
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+
+  time.timeZone = infra.default_tz;
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      infra.master_public_ssh_key
+    ];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  system.stateVersion = "25.11";
+}