feat: meiling

2026-02-09 04:19:19 -08:00 · 2025-09-03 23:18:59 -07:00 · 2025-09-03 23:18:59 -07:00 · 47ca22ff47
commit 47ca22ff47
parent dd30009b7e
30 changed files with 431 additions and 70 deletions
--- a/nixos/access/proxmox.nix
+++ b/nixos/access/proxmox.nix
@ -7,7 +7,8 @@
  inherit (lib.modules) mkDefault;
  inherit (lib.strings) escapeRegex;
  inherit (config.services) nginx tailscale;
-  proxyPass = access.proxyUrlFor {serviceName = "proxmox";} + "/";
+  # TODO: submodule/instancing or options
+  proxyPass = access.proxyUrlFor {serviceName = "proxmox"; serviceId = "proxmox-reisen"; } + "/";
 in {
  config.services.nginx.virtualHosts = let
    locations."/" = {
--- a/nixos/ct/meiling/proxmox.nix
+++ b/nixos/ct/meiling/proxmox.nix
@ -0,0 +1,16 @@
+{
+  lib,
+  meta,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
+  imports = let
+    inherit (meta) nixos;
+  in [
+    nixos.ct.proxmox
+    nixos.avahi
+  ];
+
+  services.kanidm.serverSettings.db_fs_type = mkDefault "zfs";
+}
--- a/nixos/ct/proxmox/filesystem.nix
+++ b/nixos/ct/proxmox/filesystem.nix
@ -1,7 +1,4 @@
-{lib, ...}: let
-  inherit (lib) mkDefault;
-in {
-  services.kanidm.serverSettings.db_fs_type = mkDefault "zfs";
+_: {
  # work around a filesystem issue when migrating an unprivileged container to privileged
  boot.postBootCommands = ''
    if [[ $(stat -c '%u' /) != 0 ]]; then
--- a/nixos/ct/proxmox/network.nix
+++ b/nixos/ct/proxmox/network.nix
@ -0,0 +1,26 @@
+{
+  lib,
+  gensokyo-zone,
+  config,
+  options,
+  ...
+}: let
+  inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
+  inherit (lib.modules) mkIf;
+in {
+  systemd.services.avahi-daemon = mkIf (options ? proxmoxLXC && config.services.avahi.enable) {
+    serviceConfig.ExecStartPre = mkIf config.services.resolved.enable [
+      "+-${config.systemd.package}/bin/resolvectl mdns ${config.systemd.network.networks._00-local.name or "eth0"} yes"
+    ];
+  };
+  systemd.network.networks._00-local = mkIf (! options ? proxmoxLXC) {
+    name = mkAlmostOptionDefault "ens18";
+    linkConfig.Multicast = true;
+    networkConfig.MulticastDNS = true;
+  };
+
+  boot.kernel.sysctl = {
+    # not sure how to get it to overlap with subgid/idmap...
+    "net.ipv4.ping_group_range" = "0 7999";
+  };
+}
--- a/nixos/ct/proxmox/system.nix
+++ b/nixos/ct/proxmox/system.nix
@ -1,31 +1,22 @@
 {
+  config,
  systemConfig,
  gensokyo-zone,
  lib,
-  modulesPath,
  meta,
  ...
 }: let
  inherit (gensokyo-zone.lib) unmerged;
-  inherit (lib.modules) mkIf mkMerge mkDefault;
+  inherit (lib.modules) mkIf mkMerge;
  inherit (lib.attrsets) mapAttrsToList;
  inherit (systemConfig) proxmox;
 in {
  imports = let
    inherit (meta) nixos;
  in [
-    nixos.hw.headless
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    nixos.hw.proxmox
  ];

-  environment.variables = {
-    # nix default is way too big
-    GC_INITIAL_HEAP_SIZE = mkDefault "8M";
-  };
-  # XXX: this might be okay if the nix daemon's tmp is overridden
-  # (but still avoid since containers are usually low on provisioned memory)
-  boot.tmp.useTmpfs = mkDefault false;
-
  proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true;

  systemd.network = mkIf proxmox.enabled (mkMerge (mapAttrsToList (_: interface:
@ -42,4 +33,6 @@ in {
      lan.nftables.conditions = intConditions;
      local.nftables.conditions = intConditions;
    };
+
+  image.baseName = "${systemConfig.name}-${config.system.nixos.label}-proxmox";
 }
--- a/nixos/reisen-ct/network.nix
+++ b/nixos/reisen-ct/network.nix
@ -1,13 +1,10 @@
 {
  lib,
-  gensokyo-zone,
  config,
-  options,
  meta,
  access,
  ...
 }: let
-  inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
  inherit (lib.modules) mkIf mkBefore mkOrder;
  enableDns = !config.services.dnsmasq.enable && config.networking.hostName != "utsuho";
 in {
@ -17,17 +14,6 @@ in {
    nixos.avahi
  ];

-  #services.resolved.enable = mkIf enableDns false;
-  systemd.services.avahi-daemon = mkIf (options ? proxmoxLXC && config.services.avahi.enable) {
-    serviceConfig.ExecStartPre = mkIf config.services.resolved.enable [
-      "+-${config.systemd.package}/bin/resolvectl mdns ${config.systemd.network.networks._00-local.name or "eth0"} yes"
-    ];
-  };
-  systemd.network.networks._00-local = mkIf (! options ? proxmoxLXC) {
-    name = mkAlmostOptionDefault "ens18";
-    linkConfig.Multicast = true;
-    networkConfig.MulticastDNS = true;
-  };
  networking.nameservers' = mkIf enableDns (mkBefore [
    {address = access.getAddressFor (access.systemForService "dnsmasq").name "lan";}
  ]);
@ -39,9 +25,4 @@ in {
  services.resolved.extraConfig = mkIf enableDns ''
    DNSStubListener=no
  '';
-
-  boot.kernel.sysctl = {
-    # not sure how to get it to overlap with subgid/idmap...
-    "net.ipv4.ping_group_range" = "0 7999";
-  };
 }
--- a/nixos/ct/reisen/proxmox.nix
+++ b/nixos/ct/reisen/proxmox.nix
@ -0,0 +1,15 @@
+{
+  lib,
+  meta,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
+  imports = let
+    inherit (meta) nixos;
+  in [
+    nixos.ct.proxmox
+  ];
+
+  services.kanidm.serverSettings.db_fs_type = mkDefault "zfs";
+}
--- a/nixos/hw/proxmox.nix
+++ b/nixos/hw/proxmox.nix
@ -0,0 +1,23 @@
+{
+  lib,
+  modulesPath,
+  meta,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
+  imports = let
+    inherit (meta) nixos;
+  in [
+    nixos.hw.headless
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+  ];
+
+  environment.variables = {
+    # nix default is way too big
+    GC_INITIAL_HEAP_SIZE = mkDefault "8M";
+  };
+  # XXX: this might be okay if the nix daemon's tmp is overridden
+  # (but still avoid since containers are usually low on provisioned memory)
+  boot.tmp.useTmpfs = mkDefault false;
+}
--- a/nixos/reisen-ct.nix
+++ b/nixos/reisen-ct.nix
@ -0,0 +1,4 @@
+{ meta, ... }: {
+  # deprecated alias
+  imports = [ meta.nixos.ct.reisen ];
+}