diff --git a/nixos/hosts/gandalf/config/incus-preseed.nix b/nixos/hosts/gandalf/config/incus-preseed.nix new file mode 100644 index 0000000..797c446 --- /dev/null +++ b/nixos/hosts/gandalf/config/incus-preseed.nix @@ -0,0 +1,49 @@ +{ ... }: +{ + config = { + "core.https_address" = "10.1.1.15:8445"; # Need quotes around key + }; + networks = [ + { + config = { + "ipv4.address" = "auto"; # Need quotes around key + "ipv6.address" = "auto"; # Need quotes around key + }; + description = ""; + name = "incusbr0"; + type = ""; + project = "default"; + } + ]; + storage_pools = [ + { + config = { + source = "eru/incus"; + }; + description = ""; + name = "default"; + driver = "zfs"; + } + ]; + profiles = [ + { + config = { }; + description = ""; + devices = { + eth0 = { + name = "eth0"; + network = "incusbr0"; + type = "nic"; + }; + root = { + path = "/"; + pool = "default"; + type = "disk"; + }; + }; + name = "default"; + } + ]; + projects = [ ]; + cluster = null; +} diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix index ea4cfb9..87286b6 100644 --- a/nixos/hosts/gandalf/default.nix +++ b/nixos/hosts/gandalf/default.nix @@ -67,13 +67,6 @@ in "enp130s0f0".useDHCP = true; "enp130s0f1".useDHCP = true; }; - - # For VMs - # bridges = { - # "br0" = { - # interfaces = [ "enp130s0f1" ]; - # }; - # }; }; swapDevices = [ ]; @@ -109,6 +102,8 @@ in # Incus incus = { enable = true; + preseed = import ./config/incus-preseed.nix { }; + webuiport = 8445; }; # ZFS zfs.enable = true; @@ -127,15 +122,6 @@ in local.noWarning = true; remote.noWarning = true; }; - # Borg - # My only borg backup was for the Unifi controller. I've since installed a UDM SE. - # borgbackup = { - # enable = true; - # paths = [ "/eru/containers/volumes/unifi/" ]; - # exclude = [ ]; - # repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo"; - # repoKeyPath = config.sops.secrets."borg/repository/passphrase".path; - # }; }; services = { podman.enable = true; diff --git a/nixos/hosts/shadowfax/config/incus-preseed.nix b/nixos/hosts/shadowfax/config/incus-preseed.nix new file mode 100644 index 0000000..a2738a2 --- /dev/null +++ b/nixos/hosts/shadowfax/config/incus-preseed.nix @@ -0,0 +1,49 @@ +{ ... }: +{ + config = { + "core.https_address" = "10.1.1.61:8443"; # Need quotes around key + }; + networks = [ + { + config = { + "ipv4.address" = "auto"; # Need quotes around key + "ipv6.address" = "auto"; # Need quotes around key + }; + description = ""; + name = "incusbr0"; + type = ""; + project = "default"; + } + ]; + storage_pools = [ + { + config = { + source = "nahar/incus"; + }; + description = ""; + name = "default"; + driver = "zfs"; + } + ]; + profiles = [ + { + config = { }; + description = ""; + devices = { + eth0 = { + name = "eth0"; + network = "incusbr0"; + type = "nic"; + }; + root = { + path = "/"; + pool = "default"; + type = "disk"; + }; + }; + name = "default"; + } + ]; + projects = [ ]; + cluster = null; +} diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index bee6e9e..ea82a7c 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -95,6 +95,7 @@ in # Incus incus = { enable = true; + preseed = import ./config/incus-preseed.nix { }; }; # ZFS diff --git a/nixos/modules/nixos/system/incus/default.nix b/nixos/modules/nixos/system/incus/default.nix index 7113522..c7dfb1c 100644 --- a/nixos/modules/nixos/system/incus/default.nix +++ b/nixos/modules/nixos/system/incus/default.nix @@ -9,62 +9,24 @@ in # }; options.mySystem.system.incus = { enable = lib.mkEnableOption "incus"; + preseed = lib.mkOption { + type = lib.types.unspecified; + default = ""; + description = "Incus preseed configuration. Generate with `incus admin init`."; + }; + webuiport = lib.mkOption { + type = lib.types.int; + default = 8443; + description = "Port for the Incus Web UI"; + }; }; config = lib.mkIf cfg.enable { virtualisation.incus = { + inherit (cfg) preseed; enable = true; ui.enable = true; - - preseed = { - config = { - "core.https_address" = "10.1.1.15:8445"; # Need quotes around key - }; - networks = [ - { - config = { - "ipv4.address" = "auto"; # Need quotes around key - "ipv6.address" = "auto"; # Need quotes around key - }; - description = ""; - name = "incusbr0"; - type = ""; - project = "default"; - } - ]; - storage_pools = [ - { - config = { - source = "eru/incus"; - }; - description = ""; - name = "default"; - driver = "zfs"; - } - ]; - profiles = [ - { - config = { }; - description = ""; - devices = { - eth0 = { - name = "eth0"; - network = "incusbr0"; - type = "nic"; - }; - root = { - path = "/"; - pool = "default"; - type = "disk"; - }; - }; - name = "default"; - } - ]; - projects = [ ]; - cluster = null; - }; }; users.users.${user}.extraGroups = [ "incus-admin" ]; @@ -75,7 +37,7 @@ in # nftables.enable = true; firewall = { allowedTCPPorts = [ - 8445 + cfg.webuiport 53 67 ];