enabled libvirt-qemu on gandalf

flake.lock

@@ -374,6 +374,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-ovmf": {
+      "locked": {
+        "lastModified": 1708984720,
+        "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1720282526,
@@ -406,6 +422,28 @@
         "type": "github"
       }
     },
+    "nixvirt-git": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-ovmf": "nixpkgs-ovmf"
+      },
+      "locked": {
+        "lastModified": 1712439808,
+        "narHash": "sha256-QoONoZPBpNTw5cia05QSvDlaxXo3moKAJQOw7c5hMXA=",
+        "owner": "AshleyYakeley",
+        "repo": "NixVirt",
+        "rev": "9f1cdca730d92461075709e867c1e9ad93d58a8d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "AshleyYakeley",
+        "ref": "v0.5.0",
+        "repo": "NixVirt",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
         "lastModified": 1720478695,
@@ -517,6 +555,7 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixvirt-git": "nixvirt-git",
         "nur": "nur",
         "sops-nix": "sops-nix",
         "talhelper": "talhelper"

flake.nix

@@ -23,7 +23,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # home-manager - unstable
+    # home-manager - Manage user configuration with nix
     # https://github.com/nix-community/home-manager
     home-manager = {
       url = "github:nix-community/home-manager/release-24.05";
@@ -64,10 +64,20 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    # Lix- Substitution of the Nix package manager, focused on correctness, usability, and growth – and committed to doing right by its community.
+    # https://git.lix.systems/lix-project/lix
     lix-module = {
       url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    # NixVirt for qemu & libvirt
+    # https://github.com/AshleyYakeley/NixVirt
+    nixvirt-git = {
+      url = "github:AshleyYakeley/NixVirt/v0.5.0";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
   };
 
   outputs =
@@ -98,7 +108,7 @@
           inherit inputs;
           # Import overlays for building nixosconfig with them.
           overlays = import ./nixos/overlays { inherit inputs; };
-          # generate a base nixos configuration with the specified overlays, hardware modules, and any extraModules applied
+          # generate a base nixos configuration with the specified overlays, hardware modules, and any AerModules applied
           mkNixosConfig =
             { hostname
             , system ? "x86_64-linux"
@@ -229,13 +239,13 @@
           "gandalf" = mkNixosConfig {
             # X9DRi-LN4+/X9DR3-LN4+ - Intel(R) Xeon(R) CPU E5-2650 v2
             # NAS
-            hostname = "telperion";
+            hostname = "gandalf";
             system = "x86_64-linux";
             hardwareModules = [
+              lix-module.nixosModules.default
               ./nixos/profiles/hw-supermicro.nix
               disko.nixosModules.disko
               (import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/sda/dev/disk/by-id/ata-Seagate_IronWolfPro_ZA240NX10001-2ZH100_7TF002RA" ]; })
-              lix-module.nixosModules.default
             ];
             profileModules = [
               ./nixos/profiles/role-server.nix

nixos/hosts/gandalf/config/samba-config.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ ... }:
 ''
   workgroup = WORKGROUP
   server string = gandalf

nixos/hosts/gandalf/config/sanoid.nix

@@ -0,0 +1,36 @@
+{ ... }:
+{
+  outputs = {
+    # ZFS automated snapshots
+    templates = {
+      "production" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly = 24;
+        daily = 7;
+        monthly = 12;
+      };
+    };
+    datasets = {
+      "eru/xen-backups" = {
+        useTemplate = ["production"];
+      };
+      "eru/hansonhive" = {
+        useTemplate = ["production"];
+      };
+      "eru/tm_joe" = {
+        useTemplate = ["production"];
+      };
+      "eru/tm_elisia" = {
+        useTemplate = ["production"];
+      };
+      "eru/containers/volumes/xo-data" = {
+        useTemplate = ["production"];
+      };
+      "eru/containers/volumes/xo-redis-data" = {
+        useTemplate = ["production"];
+      };
+    };
+  };
+}

nixos/hosts/gandalf/default.nix

@@ -2,7 +2,9 @@
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, modulesPath, ... }:
-
+let 
+  sanoidConfig = import ./config/sanoid.nix { };
+in
 {
   imports =
     [
@@ -66,6 +68,15 @@
 
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 
+  sops = {
+    secrets = {
+      "lego/dnsimple/token" = {
+        mode = "0444";
+        sopsFile = ./secrets.sops.yaml;
+      };
+    };
+  };
+  
   # System settings and services.
   mySystem = {
     purpose = "Production";
@@ -81,5 +92,26 @@
       samba.shares = import ./config/samba-shares.nix { };
       samba.extraConfig = import ./config/samba-config.nix { };
     };
+
+    services = {
+      podman.enable = true;
+      libvirt-qemu.enable = true;
+
+      # Sanoid
+      sanoid = {
+        enable = true;
+        inherit (sanoidConfig.outputs) templates datasets;
+      };
+      
+      # Unifi & Lego-Auto
+      unifi.enable = true;
+      lego-auto = {
+        enable = true;
+        dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
+        domains = "gandalf.jahanson.tech";
+        email = "joe@veri.dev";
+        provider = "dnsimple";
+      };
+    };
   };
 }

nixos/hosts/gandalf/secrets.sops.yaml

@@ -0,0 +1,68 @@
+lego:
+    dnsimple:
+        token: ENC[AES256_GCM,data:3Lj6jhHuh0YbQCSZvUnSDtyo9Qi6Mx1d8eAGuIFih9YfDlIzYGkpI7YpvQ==,iv:YKpsMww+58+/wi70iXfVYcjkB5MPIA3epWXkqdSxJ1s=,tag:yi+Kstm1Vs3D+1c549QhlA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NnVtdU9ObzB0TkdHUHBy
+            aGVJaXg2NExmbkpzb3JYUXgza3lrOTR2K2pJCmNNdGs1MzZ0NFIyYktaMlhWK1Vq
+            K0E0OXBMWjd5Tk16MUFFL2gvVzdiZzQKLS0tIEx6bEN6ZkYrKzdxNGtYM0s3VnE1
+            a3YweEdFaGU2bkh5R3hvNWhMTHhxSmMKS22+GD1O8RWMvg+V2IqnbSPol5wKKfEj
+            hNB9fkAmRQtnKieSv957XTwbraxf7IVB/BO96CtLM0d29VFNErwsXg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nuj9sk2k8ede06f8gk5twdlc593uuc7lll2dvuy20nxw9zn97u5swrcjpj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NUtYSGJvSkwzTFp4QTV5
+            WU9hcXVILzlEdklESUtKdzZIWUVzWmR2UGlFCngrUTNTM0N6VkF0ZGowbE9pVWFu
+            YXlCdjd0RmlXVnBmRlBGMncrZk1oeE0KLS0tIGpGOHBub3pEbVZ1Zlhxa0lEc3oy
+            M1lCSGNQVy96anBVTzF2Q0ZXVTlrY1EKkBzej4W8tsAqn2bgfDv7VvXuyH3rj0vT
+            9FPqSaMjcyPCfXvzL14+mQj24pkA1z/fYlxKnd+rDQCdvOh/T1xvNg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWnlKRHBhbUV5empIODNZ
+            bDdXcWVpMDY0TkV0bUtuS3ZSY3JqZVJTTzB3CjJCUEdzbmc3Rm5pSWdqQkw5MXJO
+            eE9ZVlo4RnFmUlI1UExBS1RkbmFwbmcKLS0tIEo1aFdSMDFFT3AvQ1ZUV3RsSHZ3
+            WWJuUnpJNlRsako2VDlpdEc1QVI4aDAKNKvUK6soiEKatD/y2RL8Glx3aSDAJHiI
+            KBtP/xL6if720Ge1EodQGjAqHa6Q65LJUmKK0wqwdOhrPNrA7Ea2fQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VkVBQXJCdTNiZzFCVEQ5
+            bDZuNVdDd3B6dGJZS1pkVm40bitJODAxdXpzCmQ3WVppMEVGenBaMU4ybk5PM01L
+            NjJwd05vQ3dPWENSTUZiQnhkUU5meTQKLS0tIDQxL3QwanBYMzlTUVN6K3JqVWp4
+            aDVmWHo1bkdGRDFzb0ZPeDJJWUptcHcK2Z/AYb0yNmPwnY04SVurDromVkhinRKo
+            MsYAlynO4ivwrPXXLBZY136b7ecDpy5YzacJRP/YZzuaniJP4mrm2w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbXRmald0cXBjOExHRTZT
+            K2Nab0NvOVhiclRBMVQ2a1RreVBUa1BoMlY0ClY2OHdnSFBmTHNEOStEVlk2c0FD
+            Zzh4bUQzZGFWU1RyWXh4b2xVY1B2MkEKLS0tIHpBcHViNjF2YnNjOXArcDArWW1i
+            a3VuRDU3bzdmWnpySmowVDNkWUNic2cKxBV/uUUT/WrklKeHIrdtcxa1s7C3C+cb
+            A5aOMUNEDtqo9Clg+PPs8RQy45uGRhio3B80SJgChH7RYn0ifJafFA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeGZvUnk4b28wSlFJYlFN
+            NEJ5ZzdOT0M2cGxRVVRHRVBJYSt6dS90WUdjCndTYlViaGcwY0dxNnp6aFZFQnMx
+            ZUlFS1Y3SG52L05ZL3NrOXhLRjVBOXMKLS0tIGhYVXR0cjJGc0JCTTdEdFY3NEc3
+            REg4dkpMZmJoVDhhaUYxRVMwTVg2OHMKOs63Zk6TmRjLnloNj1QUK+I8aVcPUvJr
+            7Qgn2bYbyjG/seI0DzcDvUH4eRSjvDkCOqqh9Ry6K3TaRty28XS29g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-13T11:28:05Z"
+    mac: ENC[AES256_GCM,data:j2xatOmDBCBCApSomOx6LI4HpyoQ4nVLjsdNX8gKImGKGvJYQUG7liRhEVIwPeUH9oxGoZ1dJF1r4msQnfXk/OTgUNpQvoHyufeUOv+v1IBxwJRYbaAEoq8h59glJaBSJHZTBLWNsPDnijpv8f2q3HmvN9nrQhC1b0rfvMmH8hU=,iv:wsV5WBwhhZqHEBmsqczpnS7f6/8D39APmQspqOZKt8I=,tag:WdGFjwtw3jOyuYZ6OWxkHg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

nixos/hosts/telperion/secrets.sops.yaml

@@ -1,6 +1,3 @@
-lego:
-    dnsimple:
-        token: ENC[AES256_GCM,data:QR4UWhkNyHJQ5TR5Rb7TzfQmOiimiwBDY4rRV79OwnZ7snvpcoCLHrxNrg==,iv:DMvy9H/4E+ZXrQET4GSE7RWyoOkXghW7aBVld8UbYqQ=,tag:4V3NRX7aefJ0PNx09Mny4Q==,type:str]
 1password-credentials.json: ENC[AES256_GCM,data:VnwFSNn+5xeyhW2IMBi7eupjmtmozALBgKLRw5pprW1RZbXNT653KgtNpB6qEozDPBlbnqfp4IjsicAGqcDPx7ojruHXmYenKwZoEooxWAMTgXClz0narsmtMQUsrfdJxPHfkwbGex5QG4/GKjKDRKtnKZCyBv2gBzBPCfeznEr/vrCjEVKajqMpfO2RojNbNfsuTOl0pQgKZIjbov47GVx+zbflKlhfNsZXMZvvhDyJg1a2gxOntHtdC9RJ9lgENRFAo931/IBCKsRmuAaj15Ugx/rpkTrnZCrxv2fRElTgzRCBklepMVKaCyJqKUhaGCTmVVMqziVq6RdFnpxUYN42W7O3OTrV1lFVRO+1b7jhALDoK4jbakD3wjIOln3HHOsXg5/FQpUuDg1B0PF/+/e5IwFi8jcdK9VK8XpZ/xoDqQ6boihwxl720ywy7+Q+0MNTMmWgiHOPzsu+1QGPCYnghU5hbUacmDbJt7I4hf9EvrCkUL62k1eAwuqcWxQRANW0vDpYYzdbJXGvxl6wk+ESKYl8eQ+rQCKUd+9aQ4psWYdYS2pD4TBr/8qZUOZww/iHdLCD4CY6dWtefNOKSKEru1LDrcvD/nYTsLv/hiUYkLGPt8pJPHU12E8ukMC3DllROtmTUh6q7Rkl7se4qt612M/girsAah23YvRb5ppo0PMCHZnn92uOD7cW7qESTKiRBjg/PK3s/fZqbiY+Qq1sRdK8cv6MzFk1ZQNrVyXfu8LJEsSz0JFFbYKu8Le4AUGEr0uw1ZJL4j7vnbgl87gYjo1oOyklrXkwUJg7R1CZQ72XFzV+xq8klqJujMBK4nVOW6/hrrBzRaazItlRRpu1JngYadxDSreLDE0ZKoo9CO+z7iE2GDNpfqya2G5cycPnyNaRWlj2QCZchHu9jVT632TWwNEbWIo2qJ0wi4/BXj0yE9DYI59gjKIDVdyt1dyDYygxwJtE2rAPpfU+c6TqbcXF6FJVbUwUic3cdLYdCoIP34UUIOqEmxxv7zKKTnaqiPdWfNlw8qeh8ueCz7IfFUXfmyZxfw4o56UpWGxTGS7pBs4+Glz3IfTSQcXXGk6lo1TsF6roPFtT9pbUvfkKhzG8eKtH9iGqaZDPR6PibO2cOdSfO48uaEJrbSF8y0yA9ektfyyG/SxLUqnTVvKVcuq0YJmUoWakkiflJi/GbfIzNlAvl1xlc4T8NDALBJ2FbZf0TmEBQgY3aHDKxfIYx3LYi9H+bXgvY+Lm80oeISyIUlISZ7rBq1s3RnaKiI5+h+SqzUYkSJBy0CGU6zYGz1Wfppq6meLXH0QrwBLCfdB7qrevcu+T67kq+XpvI6n9zpHLXA9zQRSP84KNam12unNwmyLGOgApxWMD8N6Y9noXFlplZcvZRiWfCQJOVs/dMIRJOE71gbrlvvvIwn4DwjjlY8WCzzFDJF0N8cY=,iv:CUS+yxrCbfTCBhOtxViPylNT4fCho4Zb3HG9YSSXKGc=,tag:XdYo73cfk6f6wRFM/kZNhw==,type:str]
 bind:
     rndc-keys:
@@ -68,8 +65,8 @@ sops:
             cGYzbzkwZXBzSEdoRG5VQ1JlS2N1WEUKHWy7Qw7TiWsiz1hq9wjrYoFER+SDxXzB
             sjpzxpX9vuLZ3iEGCu80MKyeJ1nKABfRX8ajboR4kWA/ZcOlDCA9xw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-07T17:49:05Z"
+    lastmodified: "2024-07-13T11:28:17Z"
-    mac: ENC[AES256_GCM,data:j/xAud1osilHPTppO7AYUeFvBqsXEkQWUCJM1YzPUZeDbzGKwYWNldORGQT6hY1CuPT8dVJ3gox9aC0PwjYR7P9E486pv6N7UqGAKG9sYZijodY8ja1RvJIZGZ3WQ3vTgl5PDtGzXjVxd488HjHlpNO7LRywX1Ym+81dzo5Fn48=,iv:BlRsvmLP4XYatpTXyRGLpUeifMSwYQ7Gk/4rDuiLWHE=,tag:9J0n+JI2svCRQEeenIgMqw==,type:str]
+    mac: ENC[AES256_GCM,data:BR3fm4HpcHka57LrM+4uF7Td4y8hM1Yo6AYKgk/j2tuaL4MmHLZTso5tDMNq/IsX02GiTNlD3XuH3QBKUZcUTyp45Cmh1334StuMmaBUA15kh9EzsSqvgWr6YN6Nk11JaWbQbZ6O3kIXW0Tz5eO/2riPSwzM9oUGjCSVQRturhE=,iv:96MfEELPJPYQVPhwQAkG/yi18KvPzWY0mcZMAJ+0HZI=,tag:sWvHgz4xoKLB7yeD8hOzug==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

nixos/modules/nixos/containers/default.nix

@@ -1,5 +1,7 @@
 {
   imports = [
     ./backrest
+    ./lego-auto
+    ./unifi
   ];
 }

nixos/modules/nixos/containers/lego-auto/default.nix

@@ -0,0 +1,62 @@
+{ lib, config, ... }:
+with lib;
+let
+  app = "lego-auto";
+  image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
+  user = "999"; #string
+  group = "102"; #string
+  port = 9898; #int
+  cfg = config.mySystem.services.${app};
+  appFolder = "/eru/containers/volumes/${app}";
+in
+{
+  options.mySystem.services.${app} = {
+    enable = mkEnableOption "${app}";
+    dnsimpleTokenPath = mkOption {
+      type = types.path;
+      example = "/config/dnsimple-token";
+      description = "Path to the DNSimple token file";
+    };
+    provider = mkOption {
+      type = types.str;
+      example = "dnsimple";
+      description = "DNS provider";
+    };
+    domains = mkOption {
+      type = types.str;
+      example = "gandalf.jahanson.tech";
+      description = "Domains to manage";
+    };
+    email = mkOption {
+      type = types.str;
+      example = "joe@veri.dev";
+      description = "Email address for Let's Encrypt";
+    };
+  };
+
+  # TODO: Add refresh cert path (ex. copy cert to unifi)
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.${app} = {
+      image = "${image}";
+      user = "${user}:${group}";
+      autoStart = true;
+      extraOptions = [
+        "--dns=1.1.1.1"
+      ];
+      environment = {
+        TZ = "America/Chicago";
+        LA_DATADIR = "/certs";
+        LA_CACHEDIR = "/certs/.cache";
+        LA_EMAIL = "cfg.email";
+        LA_DOMAINS = cfg.domains;
+        LA_PROVIDER = cfg.provider;
+      } // lib.optionalAttrs (cfg.provider == "dnsimple") {
+        DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
+      };
+
+      volumes = [
+        "${appFolder}/cert:/cert"
+      ] ++ optionals (cfg.provider == "dnsimple") [ "${cfg.dnsimpleTokenPath}:/config/dnsimple-token" ];
+    };
+  };
+}

nixos/modules/nixos/containers/unifi/default.nix

@@ -0,0 +1,42 @@
+{ lib, config, ... }:
+with lib;
+let
+  app = "unifi";
+  image = "ghcr.io/goofball222/unifi:8.1.113";
+  user = "999"; #string
+  group = "102"; #string
+  port = 9898; #int
+  cfg = config.mySystem.services.${app};
+  appFolder = "/eru/containers/volumes/${app}";
+  # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
+in
+{
+  options.mySystem.services.${app} = {
+    enable = mkEnableOption "${app}";
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.${app} = {
+      image = "${image}";
+      autoStart = true;
+      ports = [
+        "3478:3478/udp" # STUN
+        "8080:8080" # inform controller
+        "8443:8443" # https
+        "8880:8880" # HTTP portal redirect
+        "8843:8843" # HTTPS portal redirect
+      ];
+      environment = {
+        TZ = "America/Chicago";
+        RUNAS_UID0 = "false";
+        PGID = "102";
+        PUID = "999";
+      };
+      volumes = [
+        "${appFolder}/cert:/usr/lib/unifi/cert"
+        "${appFolder}/data:/usr/lib/unifi/data"
+        "${appFolder}/logs:/usr/lib/unifi/logs"
+      ];
+    };
+  };
+}

nixos/modules/nixos/services/default.nix

@@ -4,6 +4,7 @@
     ./cockpit
     ./forgejo
     ./haproxy
+    ./libvirt-qemu
     ./nginx
     ./onepassword-connect
     ./podman
@@ -11,5 +12,6 @@
     ./radicale
     ./reboot-required-check.nix
     ./restic
+    ./sanoid
   ];
 }

nixos/modules/nixos/services/libvirt-qemu/default.nix

@@ -0,0 +1,28 @@
+{ lib, config, pkgs, inputs, ... }:
+with lib;
+let
+  cfg = config.mySystem.services.libvirt-qemu;
+in
+{
+  imports = [ inputs.nixvirt-git.nixosModules.default ];
+  options.mySystem.services.libvirt-qemu = {
+    enable = mkEnableOption "libvirt-qemu";
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall = {
+      allowedTCPPorts = [ 16509 16514 ];
+    };
+
+    # Enable bind with domain configuration
+    virtualisation.libvirt.enable = true;
+    virtualisation.libvirtd = {
+      enable = true;
+      qemu = {
+        package = pkgs.qemu_kvm;
+        ovmf.enable = true;
+        ovmf.packages = [ pkgs.OVMFFull.fd ];
+      };
+    };
+  };
+}

nixos/modules/nixos/services/postgresql/default.nix

@@ -19,7 +19,7 @@ in
         };
       backupLocation = mkOption
         {
-          type = lib.types.string;
+          type = lib.types.str;
           description = "Location for sql backups to be stored.";
           default = "/persist/backup/postgresql";
         };

nixos/modules/nixos/services/sanoid/default.nix

@@ -0,0 +1,25 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+  cfg = config.mySystem.services.sanoid;
+in
+{
+  options.mySystem.services.sanoid = {
+    enable = mkEnableOption "sanoid";
+    package = mkPackageOption pkgs "sanoid" { };
+    datasets = mkOption {
+      type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified);
+    };
+    templates = mkOption {
+      type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified);
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Enable sanoid with the given templates and datasets
+    services.sanoid = {
+      enable = true;
+      inherit (cfg) package datasets templates;
+    };
+  };
+}

nixos/modules/nixos/system/nfs/default.nix

@@ -1,12 +1,9 @@
-{ lib
+{ lib, config, ... }:
-, config
-, ...
-}:
 let
-  cfg = config.mySystem.services.nfs;
+  cfg = config.mySystem.system.nfs;
 in
 {
-  options.mySystem.services.nfs = {
+  options.mySystem.system.nfs = {
     enable = lib.mkEnableOption "nfs";
     exports = lib.mkOption {
       type = lib.types.str;

nixos/modules/nixos/system/samba/default.nix

@@ -1,9 +1,9 @@
 { lib, config, ... }:
 let
-  cfg = config.mySystem.services.samba;
+  cfg = config.mySystem.system.samba;
 in
 {
-  options.mySystem.services.samba = {
+  options.mySystem.system.samba = {
     enable = lib.mkEnableOption "samba";
     extraConfig = lib.mkOption {
       type = lib.types.str;