micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stage #19

Merged
micqdf merged 12 commits from stage into master 2026-02-28 00:13:24 +00:00
Conversation 0 Commits 12 Files Changed 13 +104 -56
9 changed files with 104 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e714a56980 - Show all commits

2
.gitea/workflows/terraform-apply.yml
View File

@@ -19,8 +19,6 @@ jobs:
run: | run: |
cat > secrets.auto.tfvars << EOF cat > secrets.auto.tfvars << EOF
pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
SSH_KEY_PUBLIC = "${{ secrets.SSH_KEY_PUBLIC }}"
TS_AUTHKEY = "${{ secrets.TS_AUTHKEY }}"
EOF EOF
- name: Set up Terraform - name: Set up Terraform

2
.gitea/workflows/terraform-plan.yml
View File

@@ -21,8 +21,6 @@ jobs:
echo "PM_API_TOKEN_SECRET length: $(echo -n '${{ secrets.PM_API_TOKEN_SECRET }}' | wc -c)" echo "PM_API_TOKEN_SECRET length: $(echo -n '${{ secrets.PM_API_TOKEN_SECRET }}' | wc -c)"
cat > secrets.auto.tfvars << EOF cat > secrets.auto.tfvars << EOF
pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
SSH_KEY_PUBLIC = "${{ secrets.SSH_KEY_PUBLIC }}"
TS_AUTHKEY = "${{ secrets.TS_AUTHKEY }}"
EOF EOF
echo "Created secrets.auto.tfvars:" echo "Created secrets.auto.tfvars:"
cat secrets.auto.tfvars | sed 's/=.*/=***/' cat secrets.auto.tfvars | sed 's/=.*/=***/'

27
nixos/template-base/README.md Normal file
View File

@@ -0,0 +1,27 @@
# NixOS Proxmox Template Base
This folder contains a minimal NixOS base config you can copy into a new
template VM build.
## Files
- `flake.nix`: pins `nixos-24.11` and exposes one host config.
- `configuration.nix`: base settings for Proxmox guest use.
## Before first apply
1. Replace `REPLACE_WITH_YOUR_SSH_PUBLIC_KEY` in `configuration.nix`.
2. Add `hardware-configuration.nix` from the VM install:
- `nixos-generate-config --root /`
- copy `/etc/nixos/hardware-configuration.nix` next to `configuration.nix`
## Build/apply example inside the VM
```bash
sudo nixos-rebuild switch --flake .#template
```
## Notes
- This is intentionally minimal and avoids cloud-init assumptions.
- If you want host-specific settings, create additional modules and import them.

60
nixos/template-base/configuration.nix Normal file
View File

@@ -0,0 +1,60 @@
{ lib, pkgs, ... }:
{
imports =
lib.optional (builtins.pathExists ./hardware-configuration.nix)
./hardware-configuration.nix;
networking.hostName = "nixos-template";
networking.useDHCP = lib.mkDefault true;
networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
services.qemuGuest.enable = true;
services.openssh.enable = true;
services.tailscale.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "prohibit-password";
};
programs.fish.enable = true;
users.users.micqdf = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDyfhho9WSqK2OWxizt45Q5KHgox3uVWDnbvMBJaDnRph6CZeKmzaS60/+HN/o7MtIm+q86TfdYeWJVt4erPEvrYN8AWfvCWi+hP2Y0l18wS8GEA+efEXyQ5CLCefraXvIneORObKetzO73bq0HytDRXDowc4J0NcbEFB7ncf2RqVTC6QRlNPRD3jHLkUeKXVmyteNgTtGdMz4MFHCC7xtzgL7kEuuHDEWuVhPkK+dkeGBejq+RzkYcd8v37L7NjFZCK91jANBVcQnTLQVUVVlMovVPyoaROn4N8KpIhb85SYZIJGUEKMhmCowb2NnZLJNC07qn8sz1dmNZO635aquuWMhZTevCySJjvIuMxDSffhBaAjkK1aVixMCW3jyzbpFIEG6FOj27TpcMnen6a0j0AecdCKgXI/Ezb08pj9qmVppAvJPyYoqN4OwHNHGWb8U2X3GghFesei8ZmBgch12RkIaXYxVzkNqv3FG4kAMFMEnGe4e6aqAAuDzUIkcjsPl2XrNJp+pxnPWDc7EMTKPUuKIcteXVDgCVgufQjPBO5/DgUyygLTzt8py9sZyyFDsqRAZ6E3IzBpxyWfUOoN81mUL6G31pZ/1b3YKpNs7DuqvP/aXIvb94o8KsLPQeoG7L2ulcOWX7I0yhlAgd8QUjhNoNq3mK/sQylq9Zy63GhQ=="
];
# optional while testing noVNC login:
# initialPassword = "changeme123";
};
security.sudo.wheelNeedsPassword = false;
environment.systemPackages = with pkgs; [
btop
curl
dig
eza
fd
fzf
git
htop
jq
ripgrep
tree
unzip
vim
wget
];
system.stateVersion = "24.11";
}

14
nixos/template-base/flake.nix Normal file
View File

@@ -0,0 +1,14 @@
{
description = "Base NixOS config for Proxmox template";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.template = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./configuration.nix ];
};
};
}

6
terraform/cloud-init.tf
View File

@@ -2,10 +2,8 @@ data "template_file" "cloud_init_global" {
template = file("${path.module}/files/cloud_init_global.tpl") template = file("${path.module}/files/cloud_init_global.tpl")
vars = { vars = {
hostname = "generic" hostname = "generic"
domain = "home.arpa" domain = "home.arpa"
TS_AUTHKEY = var.TS_AUTHKEY
SSH_KEY_PUBLIC = var.SSH_KEY_PUBLIC
} }
} }

37
terraform/files/cloud_init_global.tpl
View File

@@ -6,42 +6,5 @@ resolv_conf:
- 8.8.8.8 - 8.8.8.8
- 1.1.1.1 - 1.1.1.1
package_update: true
package_upgrade: true
# APT fails to acquire GPG keys if package dirmngr is missing
bootcmd:
- [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
- [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ]
- [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ]
packages:
- jq
- curl
- qemu-guest-agent
users:
- name: stuart
groups: sudo
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh_authorized_keys:
- ${SSH_KEY_PUBLIC}
preserve_hostname: false preserve_hostname: false
fqdn: ${hostname}.${domain} fqdn: ${hostname}.${domain}
#cloud-config
# The above header must generally appear on the first line of a cloud config
# file, but all other lines that begin with a # are optional comments.
runcmd:
# One-command install, from https://tailscale.com/download/
- ['sh', '-c', 'curl -fsSL https://tailscale.com/install.sh | sh']
# Set sysctl settings for IP forwarding (useful when configuring an exit node)
- ['sh', '-c', "echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && sudo sysctl -p /etc/sysctl.d/99-tailscale.conf" ]
# Generate an auth key from your Admin console
# https://login.tailscale.com/admin/settings/keys
# and replace the placeholder below
- ['tailscale', 'up', '--auth-key=${TS_AUTHKEY}']

2
terraform/terraform.tfvars
View File

@@ -1,5 +1,5 @@
target_node = "flex" target_node = "flex"
clone_template = "ubuntu-cloudinit" clone_template = "nixos-template"
cores = 1 cores = 1
memory = 1024 memory = 1024
disk_size = "15G" disk_size = "15G"

10
terraform/variables.tf
View File

@@ -66,13 +66,3 @@ variable "llama_vm_count" {
default = 1 default = 1
description = "How many Llama VMs to create" description = "How many Llama VMs to create"
} }
variable "TS_AUTHKEY" {
type = string
description = "Tailscale auth key used in cloud-init"
}
variable "SSH_KEY_PUBLIC" {
type = string
description = "My Public SSH key for ssh auth list"
}