xavier/nixos-infra
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Initial scripts for a LXC container and for a reverse proxy improved. Not yet ready to test.

Browse Source
This commit is contained in:
Xavier Lagraula
2026-04-29 21:52:32 +02:00
parent c1864fdb9c
commit 2001379577
3 changed files with 9 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos-infra/hosts/servers/rp01/configuration.nix
+1 -1
View File
@@ -11,7 +11,7 @@
# Configuration réseau (IPv4 + IPv6) # Configuration réseau (IPv4 + IPv6)
networking.hostName = "rp01"; networking.hostName = "rp01";
networking.interfaces.eth0.ipv4.addresses = [ networking.interfaces.eth0.ipv4.addresses = [
{ address = "192.168.1.100"; prefixLength = 24; } { address = "10.40.0.199"; prefixLength = 24; }
]; ];
# networking.interfaces.eth0.ipv6.addresses = [ # networking.interfaces.eth0.ipv6.addresses = [
# { address = "2001:db8::1"; prefixLength = 64; } # { address = "2001:db8::1"; prefixLength = 64; }
nixos-infra/modules/machine-types/lxc.nix
-13
View File
@@ -41,19 +41,6 @@
boot.kernelModules = [ ]; # TODO : review the disabling of all kernelModules in a container boot.kernelModules = [ ]; # TODO : review the disabling of all kernelModules in a container
powerManagement.enable = false; powerManagement.enable = false;
# Enable SSH for deployment
# TODO : maybe move this to a module shared by all machines
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
# TODO : confirm that SSH//PermitEmptyPasswords is not actually needed.
# PermitEmptyPasswords = "yes";
};
};
# Limiter les ressources si nécessaire # Limiter les ressources si nécessaire
# TODO : review the need to limit ZFS pools in the LXC container configuration, in my ZFSless context # TODO : review the need to limit ZFS pools in the LXC container configuration, in my ZFSless context
boot.zfs.extraPools = [ ]; boot.zfs.extraPools = [ ];
nixos-infra/scripts/initial-configuration.nix
+8 -5
View File
@@ -1,17 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
# Activer SSH pour le déploiement # Install Git, curl, and other required tools
environment.systemPackages = with pkgs; [ git curl ];
# Enable unsecured SSH for initial deployment
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "yes"; permitRootLogin = "yes";
passwordAuthentication = true; passwordAuthentication = true;
}; };
# Installer Git, curl, et les outils nécessaires # Deployment script
environment.systemPackages = with pkgs; [ git curl ];
# Ajouter le script de déploiement
system.activationScripts.setup-deploy = '' system.activationScripts.setup-deploy = ''
#!${pkgs.bash}/bin/bash #!${pkgs.bash}/bin/bash
set -euo pipefail set -euo pipefail
@@ -26,4 +26,7 @@
git clone https://gitea.lagraula.fr/xavier/nixos-infra.git /etc/nixos-infra git clone https://gitea.lagraula.fr/xavier/nixos-infra.git /etc/nixos-infra
fi fi
''; '';
system.stateVersion = "25.11";
} }