incus preseed

moving configuration to module option to allow for multiple hosts to use the same module.
2024-09-04 16:36:43 -05:00 · 2024-09-04 16:36:43 -05:00 · 5f40891320
commit 5f40891320
parent 6414b1cd49
5 changed files with 113 additions and 66 deletions
--- a/nixos/hosts/gandalf/config/incus-preseed.nix
+++ b/nixos/hosts/gandalf/config/incus-preseed.nix
@ -0,0 +1,49 @@
+{ ... }:
+{
+  config = {
+    "core.https_address" = "10.1.1.15:8445"; # Need quotes around key
+  };
+  networks = [
+    {
+      config = {
+        "ipv4.address" = "auto"; # Need quotes around key
+        "ipv6.address" = "auto"; # Need quotes around key
+      };
+      description = "";
+      name = "incusbr0";
+      type = "";
+      project = "default";
+    }
+  ];
+  storage_pools = [
+    {
+      config = {
+        source = "eru/incus";
+      };
+      description = "";
+      name = "default";
+      driver = "zfs";
+    }
+  ];
+  profiles = [
+    {
+      config = { };
+      description = "";
+      devices = {
+        eth0 = {
+          name = "eth0";
+          network = "incusbr0";
+          type = "nic";
+        };
+        root = {
+          path = "/";
+          pool = "default";
+          type = "disk";
+        };
+      };
+      name = "default";
+    }
+  ];
+  projects = [ ];
+  cluster = null;
+}
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@ -67,13 +67,6 @@ in
      "enp130s0f0".useDHCP = true;
      "enp130s0f1".useDHCP = true;
    };
-
-    # For VMs
-    # bridges = {
-    #   "br0" = {
-    #     interfaces = [ "enp130s0f1" ];
-    #   };
-    # };
  };

  swapDevices = [ ];
@ -109,6 +102,8 @@ in
      # Incus
      incus = {
        enable = true;
+        preseed = import ./config/incus-preseed.nix { };
+        webuiport = 8445;
      };
      # ZFS
      zfs.enable = true;
@ -127,15 +122,6 @@ in
        local.noWarning = true;
        remote.noWarning = true;
      };
-      # Borg
-      # My only borg backup was for the Unifi controller. I've since installed a UDM SE.
-      # borgbackup = {
-      #   enable = true;
-      #   paths = [ "/eru/containers/volumes/unifi/" ];
-      #   exclude = [ ];
-      #   repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
-      #   repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
-      # };
    };
    services = {
      podman.enable = true;
--- a/nixos/hosts/shadowfax/config/incus-preseed.nix
+++ b/nixos/hosts/shadowfax/config/incus-preseed.nix
@ -0,0 +1,49 @@
+{ ... }:
+{
+  config = {
+    "core.https_address" = "10.1.1.61:8443"; # Need quotes around key
+  };
+  networks = [
+    {
+      config = {
+        "ipv4.address" = "auto"; # Need quotes around key
+        "ipv6.address" = "auto"; # Need quotes around key
+      };
+      description = "";
+      name = "incusbr0";
+      type = "";
+      project = "default";
+    }
+  ];
+  storage_pools = [
+    {
+      config = {
+        source = "nahar/incus";
+      };
+      description = "";
+      name = "default";
+      driver = "zfs";
+    }
+  ];
+  profiles = [
+    {
+      config = { };
+      description = "";
+      devices = {
+        eth0 = {
+          name = "eth0";
+          network = "incusbr0";
+          type = "nic";
+        };
+        root = {
+          path = "/";
+          pool = "default";
+          type = "disk";
+        };
+      };
+      name = "default";
+    }
+  ];
+  projects = [ ];
+  cluster = null;
+}
--- a/nixos/hosts/shadowfax/default.nix
+++ b/nixos/hosts/shadowfax/default.nix
@ -95,6 +95,7 @@ in
      # Incus
      incus = {
        enable = true;
+        preseed = import ./config/incus-preseed.nix { };
      };

      # ZFS
--- a/nixos/modules/nixos/system/incus/default.nix
+++ b/nixos/modules/nixos/system/incus/default.nix
@ -9,62 +9,24 @@ in
  # };
  options.mySystem.system.incus = {
    enable = lib.mkEnableOption "incus";
+    preseed = lib.mkOption {
+      type = lib.types.unspecified;
+      default = "";
+      description = "Incus preseed configuration. Generate with `incus admin init`.";
+    };
+    webuiport = lib.mkOption {
+      type = lib.types.int;
+      default = 8443;
+      description = "Port for the Incus Web UI";
+    };
  };

  config = lib.mkIf cfg.enable {

    virtualisation.incus = {
+      inherit (cfg) preseed;
      enable = true;
      ui.enable = true;
-
-      preseed = {
-        config = {
-          "core.https_address" = "10.1.1.15:8445"; # Need quotes around key
-        };
-        networks = [
-          {
-            config = {
-              "ipv4.address" = "auto"; # Need quotes around key
-              "ipv6.address" = "auto"; # Need quotes around key
-            };
-            description = "";
-            name = "incusbr0";
-            type = "";
-            project = "default";
-          }
-        ];
-        storage_pools = [
-          {
-            config = {
-              source = "eru/incus";
-            };
-            description = "";
-            name = "default";
-            driver = "zfs";
-          }
-        ];
-        profiles = [
-          {
-            config = { };
-            description = "";
-            devices = {
-              eth0 = {
-                name = "eth0";
-                network = "incusbr0";
-                type = "nic";
-              };
-              root = {
-                path = "/";
-                pool = "default";
-                type = "disk";
-              };
-            };
-            name = "default";
-          }
-        ];
-        projects = [ ];
-        cluster = null;
-      };
    };

    users.users.${user}.extraGroups = [ "incus-admin" ];
@ -75,7 +37,7 @@ in
      # nftables.enable = true;
      firewall = {
        allowedTCPPorts = [
-          8445
+          cfg.webuiport
          53
          67
        ];