From 7f813c24887309b6c2a41d33bbdab7ed7a97786b Mon Sep 17 00:00:00 2001 From: Clara Dautermann Date: Thu, 13 Mar 2025 13:53:46 +0100 Subject: [PATCH] basic nix conf for lxc containers --- configs/container_config.nix | 64 ++++++++++++++++++++++++++++++++++++ flake.lock | 27 +++++++++++++++ flake.nix | 26 +++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 configs/container_config.nix create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/configs/container_config.nix b/configs/container_config.nix new file mode 100644 index 0000000..8976e19 --- /dev/null +++ b/configs/container_config.nix @@ -0,0 +1,64 @@ +{ modulesPath, pkgs, ... }: { + imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + + time.timeZone = "Europe/Berlin"; + + environment.systemPackages = with pkgs; [ + wget + sudo + ]; + + # zsh because I like it :3 + programs.zsh.enable = true; + + # default user with sudo + users.users.clara = { + isNormalUser = true; + initialPassword = "123456"; + extraGroups = [ "sudo" "wheel" ]; + shell = pkgs.zsh; + }; + + # localization stuff + console.keyMap = "de"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + # Enable networking + networking.networkmanager.enable = true; + + # enable ssh access + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "clara" "root" ]; + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + + # configure firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5f6f499 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1741724370, + "narHash": "sha256-WsD+8uodhl58jzKKcPH4jH9dLTLFWZpVmGq4W1XDVF4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "95600680c021743fd87b3e2fe13be7c290e1cac4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ebdbb66 --- /dev/null +++ b/flake.nix @@ -0,0 +1,26 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + }; + outputs = { nixpkgs, ... }: { + colmena = { + meta = { + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + }; + }; + + testhost = { + deployment = { + targetHost = "192.168.178.50"; + targetPort = 22; + targetUser = "root"; + }; + networking.hostName = "testhost"; + imports = [ + ./configs/container_config.nix + ]; + }; + }; + }; +} \ No newline at end of file