feat: vm setup

nixos/common/users.nix

@@ -5,4 +5,6 @@
     openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" ];
   };
   security.sudo.wheelNeedsPassword = false;
+
+  users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" ];
 }

nixos/proxmox/setup-vm.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
+tmp_dir=$(mktemp -d)
+
+function cleanup() {
+  trap - SIGINT SIGTERM ERR EXIT
+
+  echo "Cleaning Up"
+
+  rm -rf "${tmp_dir}"
+}
+trap cleanup SIGINT SIGTERM ERR EXIT
+
+function main() {
+  if [ ! -e "./flake.nix" ]; then
+    echo "Run this from within the homelab directory"
+  fi
+
+  # Get Machine Name: 
+  MACHINE_NAME=$(gum input --prompt="Machine Name: >")
+  MACHINE_IP=$(gum input --prompt="Machne IP: >")
+
+  echo "Connecting to ${MACHINE_IP} and setting up as ${MACHINE_NAME}"
+  #
+  # Check if its ISO (check hostname == nixos)
+  # Generate Host Public / Private Key Pair
+  install -d -m755 "${tmp_dir}/etc/ssh" 
+  KEY_PATH="${tmp_dir}/etc/ssh/ssh_host_ed25519_key"
+  ssh-keygen -t ed25519 -C "yadunut@${MACHINE_NAME}" -f "${KEY_PATH}" -N ""
+
+
+  echo "Created SSH Keys: $(cat "${KEY_PATH}".pub)"
+
+  chmod 600 "${KEY_PATH}"
+
+  # Append public key to the secrets file and rekey agenix
+  pushd "./nixos/secrets"
+  LINE="  ${MACHINE_NAME} = \"$(cat "${KEY_PATH}".pub)\";"
+  echo "appending to file ${PWD}./keys.nix"
+  sed -i -e "\$i${LINE}" "./keys.nix"
+  agenix --rekey  
+  popd
+  echo "${tmp_dir}"
+  echo "Run the command: nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs root@${MACHINE_IP}"
+  read -n 1
+  # Deploy the systems!
+  # nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
+}
+
+main "$@"

nixos/secrets/keys.nix

@@ -0,0 +1,4 @@
+{
+yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG";
+yadunut-mbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlXV+TevruoYChk2XbqG5+yqEklRJvOx7YdTGFfXY/f yadunut@yadunut-mbp";
+} # DO NOT ADD ANY NEW LINES AFTER THIS. IT WILL BREAK THE ".#setup-vm" flake

nixos/secrets/secrets.nix

@@ -0,0 +1,6 @@
+let 
+  keys = import ./keys.nix;
+in
+{
+  "tailscale.age".publicKeys = builtins.attrValues keys;
+}

nixos/secrets/tailscale.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 Gc/MTQ eEnmvEpsfgPpmcu+GRYoVHUgfHsA2D0B3jwsK8lGk1o
+RsTBrqVJN5xFib4jaXVsx7kY0LIvOaAwqAutPMIxwuY
+-> ssh-ed25519 0ckKSg 3yTh4DWOEnNwdEIeQ6usGCZovw/MLKUp5DveBGBFcCg
+aTGN26qwcUvD67cypoDAuNhD1E07Qtq/H0Nz2als0RM
+--- /kBG7hO54VFMXz5z4WwI3gwgeYA0+pAXauxIKoK9Mb4
+<EFBFBD>0<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><15>1v<31><76>1P<31><06>M-<2D><><EFBFBD>"<22><14>[<5B>Lz<4C><7A><EFBFBD><11><><EFBFBD>=<3D>1	|+<2B>[l<><6C>?<3F><><EFBFBD> T<>&p<><70><EFBFBD>/7L#<23>
+<EFBFBD><EFBFBD><15><><EFBFBD><EFBFBD><EFBFBD>

nixos/server/configuration.nix

@@ -0,0 +1,32 @@
+{ config, meta, pkgs, ... }:
+{
+  imports = [../common/users.nix];
+  nix = {
+    settings.experimental-features = ["nix-command" "flakes"];
+  };
+
+  networking.hostName = meta.hostname;
+
+  age.secrets.tailscale.file = ../secrets/tailscale.age;
+
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.age.secrets.tailscale.path;
+    extraUpFlags = [ "--login-server" "http://ts.yadunut.com:444" ];
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  services.openssh.enable = true;
+  services.qemuGuest.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+    neovim
+    wget
+    k3s
+  ];
+
+  system.stateVersion = "24.11";
+}

nixos/server/disko-config.nix

@@ -0,0 +1,33 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "500M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+
+        };
+      };
+    };
+  };
+}

nixos/server/hardware-configuration.nix

@@ -0,0 +1,23 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}