Add several NixOS hosts on Proxmox and Oracle Cloud

2025-12-06 09:07:21 +01:00 · 2023-12-22 01:15:04 +01:00 · 2023-12-22 01:15:04 +01:00 · acc0ad68e0
commit acc0ad68e0
parent 9afb9ec47e
43 changed files with 4356 additions and 187 deletions
--- a/profiles/server1/sound/hardware-configuration.nix
+++ b/profiles/server1/sound/hardware-configuration.nix
@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/mnt/data/images/118/vm-118-disk-0.raw";
+      fsType = "ext4";
+      options = [ "loop" ];
+    };
+
+  fileSystems."/media" =
+    { device = "//192.168.1.3/Eternor";
+      fsType = "cifs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/profiles/server1/sound/nixos.nix
+++ b/profiles/server1/sound/nixos.nix
@ -0,0 +1,132 @@
+{ config, pkgs, modulesPath, ... }:
+
+{
+  
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    ./hardware-configuration.nix
+  ];
+  
+  
+  
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "altgr-intl";
+  };
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  proxmoxLXC.manageNetwork = true; # manage network myself
+  proxmoxLXC.manageHostName = false; # manage hostname myself
+  networking.useDHCP = true;
+  networking.enableIPv6 = false;
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "yes";
+    listenAddresses = [{
+      port = 22;
+      addr = "0.0.0.0";
+    }];
+  };
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../../secrets/keys/authorized_keys
+  ];
+  
+  system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
+  
+  environment.shellAliases = {
+    nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
+  };
+  
+  
+
+  proxmoxLXC.privileged = true; # manage hostname myself
+
+  users.groups.lxc_pshares = {
+    gid = 110000;
+    members = [
+      "navidrome"
+      "mpd"
+      "root"
+    ];
+  };
+
+  users.groups.navidrome = {
+    gid = 61593;
+  };
+
+  users.groups.mpd = {};
+
+  users.users.navidrome = {
+    isSystemUser = true;
+    uid = 61593;
+    group = "navidrome";
+    extraGroups  = [ "audio" "utmp" ];
+  };
+
+  users.users.mpd = {
+    isSystemUser = true;
+    group = "mpd";
+    extraGroups  = [ "audio" "utmp" ];
+  };
+
+  sound = {
+    enable = true;
+  };
+
+  hardware.enableAllFirmware = true;
+  networking.hostName = "sound"; # Define your hostname.
+  networking.firewall.enable = false;
+  environment.systemPackages = with pkgs; [
+    git
+    gnupg
+    ssh-to-age
+    pciutils
+    alsa-utils
+    mpv
+  ];
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops.defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
+  sops.validateSopsFiles = false;
+  sops.secrets.mpdpass = { owner = "mpd";};
+
+  services.navidrome = {
+    enable = true;
+    settings = {
+      Address = "0.0.0.0";
+      Port = 4040;
+      MusicFolder = "/media";
+      EnableSharing = true;
+      EnableTranscodingConfig = true;
+      Scanner.GroupAlbumReleases = true;
+      ScanSchedule = "@every 1d";
+      # Insert these values locally as sops-nix does not work for them
+      LastFM.ApiKey = TEMPLATE;
+      LastFM.Secret = TEMPLATE;
+      Spotify.ID = TEMPLATE;
+      Spotify.Secret = TEMPLATE;
+      UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
+      UIWelcomeMessage = "~SwarselSound~";
+    };
+  };
+  services.mpd = {
+    enable = true;
+    musicDirectory = "/media";
+    user = "mpd";
+    group = "mpd";
+    network = {
+      port = 3254;
+      listenAddress = "any";
+    };
+    credentials = [
+      {
+        passwordFile = config.sops.secrets.mpdpass.path;
+        permissions = [
+          "read"
+          "add"
+          "control"
+          "admin"
+        ];
+      }
+    ];
+  };
+}