feat: initial version of the full setup

2025-10-23 19:36:05 +02:00
commit cc957061de
12 changed files with 841 additions and 0 deletions
--- a/lib/containers.nix
+++ b/lib/containers.nix
@@ -0,0 +1,69 @@
+{ def, ... }:
+let
+  infra = import ../infra/constants.nix;
+
+  hostname = def.hostname;
+  memory = def.memory or 512;
+  cores = def.cores or 1;
+  container_id = def.container_id;
+  disk = def.disk or "4G";
+  swap = def.swap or null; # TODO: Implement
+  services = def.services or { };
+  open_ports = def.open_ports or [ ];
+  other_packages = def.other_packages or [ ];
+  etc = def.etc or { };
+  logging_enabled = def.logging.enable or false; # TODO: Implement
+  logging_metrics_enabled = def.logging.metrics.enable or false;
+  extraModules = def.extraModules or [ ];
+  template = def.template or infra.nixos_template_name;
+  unprivileged = def.unprivileged or true;
+  tags = def.tags or "";
+in
+{
+  terraformResource = {
+    hostname = hostname;
+    memory = memory;
+    cores = cores;
+    ostemplate = "local:vztmpl/${template}.tar.xz";
+    unprivileged = unprivileged;
+    password = "changeme";
+    features.nesting = true;
+    target_node = "\${var.pve_node}";
+    network = {
+      name = "eth0";
+      bridge = "vmbr0";
+      ip = infra.build_ip_cidr container_id;
+      gw = infra.gateway_ip;
+      type = "veth";
+    };
+    rootfs = {
+      storage = "local-lvm";
+      size = disk;
+    };
+    vmid = container_id;
+    tags = "terraform;${tags}";
+  };
+
+  nixosModule =
+    { config, pkgs, ... }:
+    {
+      imports = [
+        ../infra/lxc-template.nix
+      ]
+      ++ extraModules;
+      networking.hostName = hostname;
+      networking.firewall.allowedTCPPorts = open_ports;
+      services = services;
+      environment.etc = etc;
+      environment.systemPackages = other_packages;
+      # logging things...
+      #     # logs configuration ...
+      #     # environment.etc."alloy/config.alloy" = '' loki blabla '';
+      #     # environment.etc."alloy/metrics.alloy" = '' prometheus blabla '';
+      #     #
+      #     # -> services.alloy.extraFlags = [
+      #     #   "--server.http.listen-addr=127.0.0.1:12346"
+      #     #   "--disable-reporting"
+      #     # ]
+    };
+}