From 39f5cad75db108c7121d54ec256ce9b10897a845 Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Tue, 8 Oct 2024 13:58:49 +0200
Subject: [PATCH] feat(krz01): Proxmox

---
 machines/krz01/_configuration.nix                   | 4 +++-
 machines/krz01/{proxmox.nix => proxmox/default.nix} | 7 ++++++-
 npins/sources.json                                  | 6 +++---
 3 files changed, 12 insertions(+), 5 deletions(-)
 rename machines/krz01/{proxmox.nix => proxmox/default.nix} (61%)

diff --git a/machines/krz01/_configuration.nix b/machines/krz01/_configuration.nix
index fc1dcf6..8a1b401 100644
--- a/machines/krz01/_configuration.nix
+++ b/machines/krz01/_configuration.nix
@@ -7,7 +7,7 @@ lib.extra.mkConfig {
 
   enabledServices = [
     # INFO: This list needs to stay sorted alphabetically
-    # "proxmox"
+    "proxmox"
   ];
 
   extraConfig = {
@@ -20,6 +20,8 @@ lib.extra.mkConfig {
     };
 
     services.netbird.enable = true;
+
+    users.users.root.hashedPassword = "$y$j9T$KOEV4hLDGyc4q1q8Rj2tE1$7mhZx4bNojsFfXlU2q5B.sRCD.6S1vhu6x2VSGJ79L2";
   };
 
   root = ./.;
diff --git a/machines/krz01/proxmox.nix b/machines/krz01/proxmox/default.nix
similarity index 61%
rename from machines/krz01/proxmox.nix
rename to machines/krz01/proxmox/default.nix
index 47c17b7..2f501e1 100644
--- a/machines/krz01/proxmox.nix
+++ b/machines/krz01/proxmox/default.nix
@@ -1,4 +1,4 @@
-{ sources, ... }:
+{ sources, lib, ... }:
 let
   proxmox-nixos = import sources.proxmox-nixos;
 in
@@ -6,4 +6,9 @@ in
   imports = [ proxmox-nixos.nixosModules.proxmox-ve ];
   services.proxmox-ve.enable = true;
   nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ];
+  networking.firewall = {
+    trustedInterfaces = [ "wt0" ];
+    allowedTCPPorts = lib.mkForce [ 22 ];
+  };
+
 }
diff --git a/npins/sources.json b/npins/sources.json
index 9db7806..7efe5be 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -276,9 +276,9 @@
         "repo": "proxmox-nixos"
       },
       "branch": "main",
-      "revision": "53f9cd6ad81f1bf36b257470d82e77e0629578c8",
-      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/53f9cd6ad81f1bf36b257470d82e77e0629578c8.tar.gz",
-      "hash": "1nirb5k029bphflifks1kc1qdmvdw88x492dfy9ma4yldsiqrgyi"
+      "revision": "7869ffc2e0db36f314fb60f1ab0087b760700b00",
+      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/7869ffc2e0db36f314fb60f1ab0087b760700b00.tar.gz",
+      "hash": "0cam36s3ar366y41rvihjqghkdjl9a1n1wzym8p2mkar1r9x7haj"
     },
     "signal-irc-bridge": {
       "type": "Git",