dirty

2026-04-10 02:54:39 -07:00 · 2025-06-04 01:36:38 -07:00 · 2025-06-04 01:36:38 -07:00 · 9ef114d6a6
commit 9ef114d6a6
parent cd17d1e05c
3 changed files with 89 additions and 4 deletions
--- a/modules/vms/home-assistant.nix
+++ b/modules/vms/home-assistant.nix
@ -0,0 +1,21 @@
+# ./modules/vms/home-assistant.nix
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  options.services.homeAssistantVM = {
+    enable = mkEnableOption "Home Assistant VM specific configurations";
+  };
+  config = mkIf config.services.homeAssistantVM.enable {
+    networking.firewall.allowedTCPPorts = [
+      8123 # Home Assistant Web UI default port
+    ];
+
+    environment.systemPackages = with pkgs; [
+      wget # For downloading the Home Assistant OS image
+      xz   # For decompressing the Home Assistant OS image
+    ];
+  };
+}
+
--- a/modules/vms/incus-base.nix
+++ b/modules/vms/incus-base.nix
@ -0,0 +1,50 @@
+{ lib, ... }:
+
+with lib;
+
+let
+  storagePoolSource = "/var/lib/incus/storage-pools/default";
+  defaultDiskSize = "50GiB";
+  hostBridgeName = "br0"; # This must match the bridge name created in homelab.nix
+in
+{
+  config = { 
+    virtualisation.incus.preseed = {
+      profiles = [
+        {
+          name = "default";
+          config = {
+            "boot.autostart" = "true"; # VMs using this profile will auto-start
+          };
+          devices = {
+            eth0 = {
+              name = "eth0";
+              nictype = "bridged";        # Use 'bridged' nictype
+              parent = hostBridgeName;    # Connect to the host-managed bridge 'br0'
+              type = "nic";
+            };
+            root = {
+              path = "/";
+              pool = "default";         # Use the default storage pool
+              size = defaultDiskSize;
+              type = "disk";
+            };
+          };
+        }
+      ];
+
+      storage_pools = [
+        {
+          name = "default";
+          driver = "dir";   # Use directory-backed storage
+          config = {
+            source = storagePoolSource;
+          };
+        }
+      ];
+    };
+    # If using NixOS firewall & VMs have DHCP issues (unlikely with host bridge but possible):
+    # consider adding to homelab.nix: networking.firewall.trustedInterfaces = [ "br0" ];
+  };
+}
+
--- a/nixos/homelab.nix
+++ b/nixos/homelab.nix
@ -7,9 +7,9 @@
   ../modules/media/qbittorrent.nix
   ../modules/media/arr-suite.nix
 #  ../modules/home-assistant.nix
-#   ../modules/home-assistant-vm.nix
-   # Import any shared modules from your ./modules directory if applicable
-    # e.g., (../modules/common-settings.nix)
+   ../modules/home-assistant-vm.nix
+   ../modules/vms/incus-base.nix   
+
  ];
  arrSuite.enable = true;
 #  nixpkgs.config.allowUnfree = true;
@ -55,6 +55,18 @@
  networking.firewall.allowedUDPPorts = [
  53   # AdGuard Home DNS over UDP
 ];
+
+#bridge settings for vms
+
+  networking.bridges.br0.interfaces = [ "enp41s0" ];
+  networking.interfaces.enp41s0 = { # Replace "enp41s0"
+    useDHCP = false; 
+  };
+
+  networking.interfaces.br0 = {
+    useDHCP = true; # br0 will get an IP from your LAN router (e.g., 192.168.0.1)
+  };
+
 # Allow SSH
  networking.firewall.trustedInterfaces = [ "tailscale0" ]; # <--- ADDED for Tailscale access
  # SSH Server configuration
@ -76,7 +88,7 @@
 users.users.death916 = {
    isNormalUser = true;
    shell = pkgs.bash;
-    extraGroups = [ "wheel" "media_services" "nextcloud" "docker" "qbittorent"]; # For sudo access
+    extraGroups = [ "wheel" "media_services" "nextcloud" "docker" "qbittorent" "incus-admin"]; # For sudo access
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCte9KjJUSn4xBPEKCk9QER6+jF+C0uBatVl27zIamYsryyHdFrmqK2DAg7OhqTHqzjxID6sp6d57MsJqOUAtwXbUDMLffqBSerUxfTm+1SPDrhL0GSvo0QVjMLVseOEq8d2qXgW1R7dIk412VbO5e9SAump5aJOHI/SzT6VLoUczalmqrjnDacWQMeLu/TSOZHcfrhjYSg+b1xbc1vHp6C4obOb8JIj/anAieT/1P36MhlNW79ow6PWenLemBYeeezFrKtESF1oMc8jmcxogzgLamlqhKYAHlKhOuBF6u0nRneI5IPDbbMF5zwEv5szCEKj8XZJVYUk8uUg7ARyppjcA7yAXuaNKBNxa7tfjqWrDWOACn97ufE5FFJt0XH5JzkXcDh96K8ZSZaWxMRu2s+GlIu/1F415xtVfe1d79HYkWke/ewaQ4NqgOt8f7wRvyzabpQZDzkaXO0UoK65O2HyUur33XWCEmV+1pB6BrS8pD+1I4Tvbnc+rOgtHTTRfKqezKqZmaErEOxClBwvWjvn0PzhGSoClTGXPjhl239/sH0JGY09dTBh8GtAVbfv+jFO6nm6aR7O/OwSaohY3uOdRo8XyxJr4XyGAaBNRdm6BUJRnB4W51J49IQBZzIe2NUkNMHeUT4jkxFpfhkujnSFw2ZnOLkERpwkltAlbwuLw== tavn1992@gmail.com" # <<-- REPLACE THIS WITH YOUR SSH PUBLIC KEY for death916
      # Add more keys if needed
@ -234,6 +246,8 @@ users.users.death916 = {

  users.groups.adguardhome = {};
  
+  services.homeAssistantVM.enable = true;
+

  # Sudo access for the wheel group (which death916 is part of)
  security.sudo.wheelNeedsPassword = true; # Or false if you prefer passwordless sudo for wheel