diff --git a/machines/krz01/_configuration.nix b/machines/krz01/_configuration.nix index 21a6f59..336de44 100644 --- a/machines/krz01/_configuration.nix +++ b/machines/krz01/_configuration.nix @@ -72,7 +72,7 @@ lib.extra.mkConfig { }; }; - networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ]; + networking.firewall.trustedInterfaces = [ "wt0" ]; }; root = ./.; diff --git a/machines/krz01/proxmox/default.nix b/machines/krz01/proxmox/default.nix index 2f501e1..650163f 100644 --- a/machines/krz01/proxmox/default.nix +++ b/machines/krz01/proxmox/default.nix @@ -1,14 +1,12 @@ -{ sources, lib, ... }: +{ sources, ... }: let proxmox-nixos = import sources.proxmox-nixos; in { imports = [ proxmox-nixos.nixosModules.proxmox-ve ]; - services.proxmox-ve.enable = true; - nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ]; - networking.firewall = { - trustedInterfaces = [ "wt0" ]; - allowedTCPPorts = lib.mkForce [ 22 ]; + services.proxmox-ve = { + enable = true; + openFirewall = false; }; - + nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ]; } diff --git a/npins/sources.json b/npins/sources.json index d689747..00d5169 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -268,9 +268,9 @@ "repo": "proxmox-nixos" }, "branch": "main", - "revision": "7869ffc2e0db36f314fb60f1ab0087b760700b00", - "url": "https://github.com/SaumonNet/proxmox-nixos/archive/7869ffc2e0db36f314fb60f1ab0087b760700b00.tar.gz", - "hash": "0cam36s3ar366y41rvihjqghkdjl9a1n1wzym8p2mkar1r9x7haj" + "revision": "950e4cccac0f942076e8558f7f9f4d496cabfb18", + "url": "https://github.com/SaumonNet/proxmox-nixos/archive/950e4cccac0f942076e8558f7f9f4d496cabfb18.tar.gz", + "hash": "0bhqw42ydc0jfkfqw64xsg518a1pbxnvpqw92nna7lm8mzpxm6d4" }, "signal-irc-bridge": { "type": "Git", diff --git a/patches/05-pmnos-correctness-build-directory.patch b/patches/05-pmnos-correctness-build-directory.patch deleted file mode 100644 index 0a57672..0000000 --- a/patches/05-pmnos-correctness-build-directory.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 4d6e57d2d577cc105c9e0cd397408e9e3ce85cd0 Mon Sep 17 00:00:00 2001 -From: Raito Bezarius -Date: Tue, 8 Oct 2024 16:33:14 +0200 -Subject: [PATCH] fix(packaging): correctness of the build top directory - -It was using /build which is an implementation detail and not -guaranteed. - -Signed-off-by: Raito Bezarius ---- - pkgs/pve-container/default.nix | 6 +++--- - pkgs/pve-rs/default.nix | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/pkgs/pve-container/default.nix b/pkgs/pve-container/default.nix -index 445c271..5633c0f 100644 ---- a/pkgs/pve-container/default.nix -+++ b/pkgs/pve-container/default.nix -@@ -30,7 +30,7 @@ perl536.pkgs.toPerlModule ( - postPatch = '' - sed -i Makefile \ - -e "s/pct.1 pct.conf.5 pct.bash-completion pct.zsh-completion //" \ -- -e "s,/usr/share/lxc,/build/lxc," \ -+ -e "s,/usr/share/lxc,$NIX_BUILD_TOP/lxc," \ - -e "/pve-doc-generator/d" \ - -e "/PVE_GENERATING_DOCS/d" \ - -e "/SERVICEDIR/d" \ -@@ -45,8 +45,8 @@ perl536.pkgs.toPerlModule ( - dontPatchShebangs = true; - - postConfigure = '' -- cp -r ${lxc}/share/lxc /build -- chmod -R +w /build/lxc -+ cp -r ${lxc}/share/lxc $NIX_BUILD_TOP/ -+ chmod -R +w $NIX_BUILD_TOP/lxc - ''; - - makeFlags = [ -diff --git a/pkgs/pve-rs/default.nix b/pkgs/pve-rs/default.nix -index c024287..881beab 100644 ---- a/pkgs/pve-rs/default.nix -+++ b/pkgs/pve-rs/default.nix -@@ -57,7 +57,7 @@ perl536.pkgs.toPerlModule ( - ]; - - makeFlags = [ -- "BUILDIR=/build" -+ "BUILDIR=$NIX_BUILD_TOP" - "BUILD_MODE=release" - "DESTDIR=$(out)" - "GITVERSION:=${src.rev}" --- -2.46.0 - diff --git a/patches/default.nix b/patches/default.nix index 6b7137d..304d783 100644 --- a/patches/default.nix +++ b/patches/default.nix @@ -45,11 +45,4 @@ in hash = "sha256-SgHhW9HCkDQsxT3eG4P9q68c43e3sbDHRY9qs7oSt8o="; } ]; - - "proxmox-nixos" = [ - { - _type = "static"; - path = ./05-pmnos-correctness-build-directory.patch; - } - ]; }