WIP: Proxmox LXC config.

Includes some refactoring for tailscale and impermanence.

.gitignore

@@ -1,2 +1,3 @@
 *.swp
 .tmp
+result

common/global/tailscale.nix

@@ -1,12 +1,21 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
+with lib;
 let
+  cfg = config.custom.tailscale;
 in
 {
   imports = [ ./tailscale_lib.nix ];
 
+  options.custom.tailscale = {
+    enable = mkEnableOption {
+      description = "Enable Tailscale";
+      default = true;
+    };
+  };
+
+  config = mkIf cfg.enable {
     services.tailscaleAutoconnect.enable = true;
-
     services.tailscale.package = pkgs.unstable.tailscale;
-
     environment.persistence."/persist".directories = [ "/var/lib/tailscale" ];
+  };
 }

common/impermanence.nix

@@ -1,7 +1,5 @@
 { pkgs, inputs, ... }:
 {
-  imports = [ inputs.impermanence.nixosModules.impermanence ];
-
   environment.persistence = {
     "/persist" = {
       directories = [ "/var/lib/nixos" ];

common/lxc-node.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+  ];
+
+  custom.tailscale.enable = false;
+  proxmoxLXC.manageNetwork = true;
+}

common/user-node.nix

@@ -1,13 +0,0 @@
-{ pkgs, inputs, ... }:
-{
-  imports = [
-    # not used for this profile but defines options used by the other imports
-    inputs.impermanence.nixosModules.impermanence
-    ./cifs-client.nix
-    ./consul.nix
-    ./docker.nix
-    ./glusterfs-client.nix
-    ./sshd.nix
-    ./user-ppetru.nix
-  ];
-}

flake.lock

@@ -261,6 +261,42 @@
         "type": "github"
       }
     },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1726966855,
+        "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1727053438,
+        "narHash": "sha256-t/+z1Tf7hSaStU1pBYkY7i0/GkG+YIPSmfeRrK8eYUw=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "e8c1cd886cc17e31e424f915efd32e84d8af0ce9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1726320982,
@@ -352,6 +388,7 @@
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "nix-index-database": "nix-index-database",
+        "nixos-generators": "nixos-generators",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nixvim": "nixvim",

flake.nix

@@ -17,6 +17,10 @@
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nixvim = {
       url = "github:nix-community/nixvim";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -38,6 +42,8 @@
       disko,
       home-manager,
       sops-nix,
+      nixos-generators,
+      impermanence,
       ...
     }@inputs:
     let
@@ -59,6 +65,7 @@
             )
             disko.nixosModules.disko
             sops-nix.nixosModules.sops
+            impermanence.nixosModules.impermanence
             home-manager.nixosModules.home-manager
             {
               home-manager = {
@@ -166,6 +173,21 @@
         };
       };
 
+      packages.x86_64-linux = {
+        kopia-lxc = nixos-generators.nixosGenerate {
+          system = "x86_64-linux";
+          format = "proxmox-lxc";
+          modules = [
+            sops-nix.nixosModules.sops
+            impermanence.nixosModules.impermanence
+            ./hosts/kopia-lxc
+          ];
+          specialArgs = {
+            inherit inputs self;
+          };
+        };
+      };
+
       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
 
       formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;

hosts/kopia-lxc/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ../../common/global
+    ../../common/lxc-node.nix
+  ];
+  networking.hostName = "kopia";
+}