add guest agent to live

2026-01-11 17:54:08 -05:00 · 2025-01-06 09:12:11 -05:00 · 2025-01-06 09:12:11 -05:00 · f8855a0f8b
commit f8855a0f8b
parent 211beb9951
3 changed files with 72 additions and 71 deletions
--- a/hosts/Parzival-Live/default.nix
+++ b/hosts/Parzival-Live/default.nix
@ -12,7 +12,7 @@

  nix.settings.auto-optimise-store = true;

-  virtualisation.qemu.guestAgent.enable = true;
+  services.qemuGuest.enable = true;

  nixpkgs.hostPlatform = "x86_64-linux";

--- a/modules/users/overseer/services.nix
+++ b/modules/users/overseer/services.nix
@ -7,86 +7,87 @@ in
    config,
    pkgs,
    ...
-  }: lib.mkIf config.user.overseer.enable {
-    # Some scafolding for secrets
-    sops = {
+  }:
+    lib.mkIf config.user.overseer.enable {
+      # Some scafolding for secrets
+      sops = {
        defaultSopsFile = inputs.nix-secrets.secrets.overseer;
        age.keyFile = "/var/lib/sops-nix/key.txt";
        age.generateKey = true;
-    };
-    
-    # Create the dirs we need
-    systemd.tmpfiles.rules = [
-      "d ${volumePath}"
-      "d ${volumePath}/vault/data 700 overseer overseer" # Vault says this needs to already exist upon boot
-      "d ${volumePath}/vault/snapshots 700 overseer overseer" # This is where we put snapshots for restic to backup
-
-      "d ${volumePath}/paperless/data 700 overseer overseer"
-      "d ${volumePath}/paperless/media 700 overseer overseer"
-
-      "d ${volumePath}/NPM/data 700 overseer overseer"
-      "d ${volumePath}/NPM/letsencrypt 700 overseer overseer"
-    ];
-
-    # Define some secrets to use in restic
-    sops.secrets."vault-backup/location" = {};
-    sops.secrets."vault-backup/pass" = {};
-    # (Arguably) Most Important Service - backups
-    services.restic.backups = {
-      vault = {
-        user = "root";
-        timerConfig = {
-          OnCalendar = "hourly";
-          Persistent = true;
-        };
-        paths = [
-          "${volumePath}/vault/snapshots"
-        ];
-        backupPrepareCommand = "${pkgs.vault}/bin/vault operator raft snapshot save ${volumePath}/vault/snapshots/backup.snap";
-        repositoryFile = config.sops.secrets."vault-backup/location".path;
-        passwordFile = config.sops.secrets."vault-backup/pass".path;
      };
-    };

-    # Vault Service
-    services.vault = {
+      # Create the dirs we need
+      systemd.tmpfiles.rules = [
+        "d ${volumePath}"
+        "d ${volumePath}/vault/data 700 overseer overseer" # Vault says this needs to already exist upon boot
+        "d ${volumePath}/vault/snapshots 700 overseer overseer" # This is where we put snapshots for restic to backup
+
+        "d ${volumePath}/paperless/data 700 overseer overseer"
+        "d ${volumePath}/paperless/media 700 overseer overseer"
+
+        "d ${volumePath}/NPM/data 700 overseer overseer"
+        "d ${volumePath}/NPM/letsencrypt 700 overseer overseer"
+      ];
+
+      # Define some secrets to use in restic
+      sops.secrets."vault-backup/location" = {};
+      sops.secrets."vault-backup/pass" = {};
+      # (Arguably) Most Important Service - backups
+      services.restic.backups = {
+        vault = {
+          user = "root";
+          timerConfig = {
+            OnCalendar = "hourly";
+            Persistent = true;
+          };
+          paths = [
+            "${volumePath}/vault/snapshots"
+          ];
+          backupPrepareCommand = "${pkgs.vault}/bin/vault operator raft snapshot save ${volumePath}/vault/snapshots/backup.snap";
+          repositoryFile = config.sops.secrets."vault-backup/location".path;
+          passwordFile = config.sops.secrets."vault-backup/pass".path;
+        };
+      };
+
+      # Vault Service
+      services.vault = {
        enable = true;
        package = pkgs.vault-bin;
        storageBackend = "raft";
        storagePath = "${volumePath}/vault/data";
        address = "127.0.0.1:8200";
        extraConfig = ''
-            ui = true
-            api_addr = "http://127.0.0.1:8200"
-            cluster_addr = "http://127.0.0.1:8201"
+          ui = true
+          api_addr = "http://127.0.0.1:8200"
+          cluster_addr = "http://127.0.0.1:8201"
        '';
-    };
+      };

-    # Paperless-ngx
-    #services.paperless = {
-    #    enable = true;
-    #    mediaDir = "${volumePath}/paperless/media";
-    #    dataDir = "${volumePath}/paperless/data";
-    #};
-
-    # OCI services
-    virtualisation.podman.enable = true;
-    virtualisation.oci-containers.backend = "podman";
-
-    virtualisation.oci-containers.containers = {
-      ## NGINX Proxy Manager
-      #NPM = {
-      #  image = "jc21/nginx-proxy-manager:latest";
-      #  autoStart = true;
-      #  ports = [
-      #    "80:80"
-      #    "443:443"
-      #    "81:81"
-      #  ];
-      #  volumes = [
-      #    "${volumePath}/NPM/data:/data"
-      #    "${volumePath}/NPM/letsencrypt:/etc/letsencrypt"
-      #  ];
+      # Paperless-ngx
+      #services.paperless = {
+      #    enable = true;
+      #    mediaDir = "${volumePath}/paperless/media";
+      #    dataDir = "${volumePath}/paperless/data";
      #};
-    };
-  }
+
+      # OCI services
+      virtualisation.podman.enable = true;
+      virtualisation.oci-containers.backend = "podman";
+
+      virtualisation.oci-containers.containers = {
+        ## NGINX Proxy Manager
+        #NPM = {
+        #  image = "jc21/nginx-proxy-manager:latest";
+        #  autoStart = true;
+        #  ports = [
+        #    "80:80"
+        #    "443:443"
+        #    "81:81"
+        #  ];
+        #  volumes = [
+        #    "${volumePath}/NPM/data:/data"
+        #    "${volumePath}/NPM/letsencrypt:/etc/letsencrypt"
+        #  ];
+        #};
+      };
+    }
--- a/modules/users/overseer/user.nix
+++ b/modules/users/overseer/user.nix
@ -8,7 +8,7 @@
    initialPassword = "changeme";
    extraGroups = ["wheel" "libvirtd"];
    openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCBmjkaAWNBQ6NwiK56miuv30pjheNTZfrULRfPRmed"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCBmjkaAWNBQ6NwiK56miuv30pjheNTZfrULRfPRmed"
    ];
  };
 }