diff --git a/configuration.nix b/configuration.nix index 64caa71..a94f1c7 100644 --- a/configuration.nix +++ b/configuration.nix @@ -7,6 +7,33 @@ } : { system.stateVersion = "23.11"; + #boot.loader.systemd-boot.enable = true; + #boot.loader.efi.canTouchEfiVariables = true; + + # PROXMOX + services.qemuGuest.enable = true; + + # USER MANAGEMENT + nix.settings.trusted-users = [ "nixos" ]; + users.users.nixos = + { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space" + ]; + }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + }; + security.sudo.wheelNeedsPassword = false; + + # NGINX + services.nginx.enable = true; + environment.systemPackages = [ pkgs.nginx ]; diff --git a/flake.nix b/flake.nix index 5ae0374..0d0780b 100644 --- a/flake.nix +++ b/flake.nix @@ -28,12 +28,11 @@ { packages = forAllVMs ({ system, pkgs }: { vm = nixos-generators.nixosGenerate { - format = "proxmox"; + format = "qcow-efi"; system = system; specialArgs = { pkgs = pkgs; - #diskSize = "8G"; }; modules = [ diff --git a/justfile b/justfile index 674e068..563011e 100644 --- a/justfile +++ b/justfile @@ -18,7 +18,7 @@ build: deploy: #!/usr/bin/env sh export NIX_RESULT_DIR=$(nix build --print-out-paths .#vm) - export IMAGE_NAME=$(ls ${NIX_RESULT_DIR} | grep ".vma.zst") + export IMAGE_NAME=$(ls ${NIX_RESULT_DIR} | grep ".qcow2") export TF_VAR_image_path=${NIX_RESULT_DIR}/${IMAGE_NAME} cd {{justfile_directory()}}/terraform diff --git a/terraform/node.tf b/terraform/node.tf index b7de91e..7adbb2b 100644 --- a/terraform/node.tf +++ b/terraform/node.tf @@ -2,6 +2,7 @@ locals { nodes_with_names = { for k, v in var.nodes : k => merge(v, { id = 700 + index(keys(var.nodes), k) + name = "${v.name}.ingress.tjo.cloud" hash = sha1(v.name) }) } @@ -11,7 +12,6 @@ locals { }) } - ipv4_addresses = { for key, node in local.nodes : key => { for k, v in proxmox_virtual_environment_vm.nodes[key].ipv4_addresses : @@ -56,7 +56,7 @@ resource "proxmox_virtual_environment_file" "cloudinit" { data = <<-EOF EOF - file_name = "${each.value.name}-ingress-tjo-cloud.cloudinit.yaml" + file_name = "${each.value.name}.cloudinit.yaml" } } @@ -88,6 +88,8 @@ resource "proxmox_virtual_environment_vm" "nodes" { dedicated = each.value.memory } + bios = "ovmf" + operating_system { type = "l26" } @@ -102,14 +104,10 @@ resource "proxmox_virtual_environment_vm" "nodes" { mac_address = each.value.mac_address } - cdrom { - enabled = true - file_id = proxmox_virtual_environment_file.ingress.id - } - scsi_hardware = "virtio-scsi-single" disk { - file_format = "raw" + file_id = proxmox_virtual_environment_file.ingress.id + file_format = "qcow2" interface = "virtio0" datastore_id = each.value.storage size = each.value.boot_size