5 changed files with 66 additions and 113 deletions
--- a/nixos/hosts/gandalf/config/incus-preseed.nix
+++ b/nixos/hosts/gandalf/config/incus-preseed.nix
@ -1,49 +0,0 @@
-{ ... }:
-{
-  config = {
-    "core.https_address" = "10.1.1.15:8445"; # Need quotes around key
-  };
-  networks = [
-    {
-      config = {
-        "ipv4.address" = "auto"; # Need quotes around key
-        "ipv6.address" = "auto"; # Need quotes around key
-      };
-      description = "";
-      name = "incusbr0";
-      type = "";
-      project = "default";
-    }
-  ];
-  storage_pools = [
-    {
-      config = {
-        source = "eru/incus";
-      };
-      description = "";
-      name = "default";
-      driver = "zfs";
-    }
-  ];
-  profiles = [
-    {
-      config = { };
-      description = "";
-      devices = {
-        eth0 = {
-          name = "eth0";
-          network = "incusbr0";
-          type = "nic";
-        };
-        root = {
-          path = "/";
-          pool = "default";
-          type = "disk";
-        };
-      };
-      name = "default";
-    }
-  ];
-  projects = [ ];
-  cluster = null;
-}
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@ -67,6 +67,13 @@ in
      "enp130s0f0".useDHCP = true;
      "enp130s0f1".useDHCP = true;
    };
+
+    # For VMs
+    # bridges = {
+    #   "br0" = {
+    #     interfaces = [ "enp130s0f1" ];
+    #   };
+    # };
  };

  swapDevices = [ ];
@ -102,8 +109,6 @@ in
      # Incus
      incus = {
        enable = true;
-        preseed = import ./config/incus-preseed.nix { };
-        webuiport = 8445;
      };
      # ZFS
      zfs.enable = true;
@ -122,6 +127,15 @@ in
        local.noWarning = true;
        remote.noWarning = true;
      };
+      # Borg
+      # My only borg backup was for the Unifi controller. I've since installed a UDM SE.
+      # borgbackup = {
+      #   enable = true;
+      #   paths = [ "/eru/containers/volumes/unifi/" ];
+      #   exclude = [ ];
+      #   repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
+      #   repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
+      # };
    };
    services = {
      podman.enable = true;
--- a/nixos/hosts/shadowfax/config/incus-preseed.nix
+++ b/nixos/hosts/shadowfax/config/incus-preseed.nix
@ -1,49 +0,0 @@
-{ ... }:
-{
-  config = {
-    "core.https_address" = "10.1.1.61:8443"; # Need quotes around key
-  };
-  networks = [
-    {
-      config = {
-        "ipv4.address" = "auto"; # Need quotes around key
-        "ipv6.address" = "auto"; # Need quotes around key
-      };
-      description = "";
-      name = "incusbr0";
-      type = "";
-      project = "default";
-    }
-  ];
-  storage_pools = [
-    {
-      config = {
-        source = "nahar/incus";
-      };
-      description = "";
-      name = "default";
-      driver = "zfs";
-    }
-  ];
-  profiles = [
-    {
-      config = { };
-      description = "";
-      devices = {
-        eth0 = {
-          name = "eth0";
-          network = "incusbr0";
-          type = "nic";
-        };
-        root = {
-          path = "/";
-          pool = "default";
-          type = "disk";
-        };
-      };
-      name = "default";
-    }
-  ];
-  projects = [ ];
-  cluster = null;
-}
--- a/nixos/hosts/shadowfax/default.nix
+++ b/nixos/hosts/shadowfax/default.nix
@ -95,7 +95,6 @@ in
      # Incus
      incus = {
        enable = true;
-        preseed = import ./config/incus-preseed.nix { };
      };

      # ZFS
--- a/nixos/modules/nixos/system/incus/default.nix
+++ b/nixos/modules/nixos/system/incus/default.nix
@ -9,24 +9,62 @@ in
  # };
  options.mySystem.system.incus = {
    enable = lib.mkEnableOption "incus";
-    preseed = lib.mkOption {
-      type = lib.types.unspecified;
-      default = "";
-      description = "Incus preseed configuration. Generate with `incus admin init`.";
-    };
-    webuiport = lib.mkOption {
-      type = lib.types.int;
-      default = 8443;
-      description = "Port for the Incus Web UI";
-    };
  };

  config = lib.mkIf cfg.enable {

    virtualisation.incus = {
-      inherit (cfg) preseed;
      enable = true;
      ui.enable = true;
+
+      preseed = {
+        config = {
+          "core.https_address" = "10.1.1.15:8445"; # Need quotes around key
+        };
+        networks = [
+          {
+            config = {
+              "ipv4.address" = "auto"; # Need quotes around key
+              "ipv6.address" = "auto"; # Need quotes around key
+            };
+            description = "";
+            name = "incusbr0";
+            type = "";
+            project = "default";
+          }
+        ];
+        storage_pools = [
+          {
+            config = {
+              source = "eru/incus";
+            };
+            description = "";
+            name = "default";
+            driver = "zfs";
+          }
+        ];
+        profiles = [
+          {
+            config = { };
+            description = "";
+            devices = {
+              eth0 = {
+                name = "eth0";
+                network = "incusbr0";
+                type = "nic";
+              };
+              root = {
+                path = "/";
+                pool = "default";
+                type = "disk";
+              };
+            };
+            name = "default";
+          }
+        ];
+        projects = [ ];
+        cluster = null;
+      };
    };

    users.users.${user}.extraGroups = [ "incus-admin" ];
@ -37,7 +75,7 @@ in
      # nftables.enable = true;
      firewall = {
        allowedTCPPorts = [
-          cfg.webuiport
+          8445
          53
          67
        ];