rm duplicate deps

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

.forgejo/workflows/ci.yaml

@@ -1,4 +1,5 @@
 on:
+  workflow_dispatch: # allows manual triggering
   pull_request:
     types:
       - opened
@@ -39,6 +40,12 @@ jobs:
       - uses: actions/checkout@v4
       - run: nix-build -A tests.panel
 
+  check-proxmox-basic:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.proxmox-basic -L
+
   check-deployment-basic:
     runs-on: native
     steps:
@@ -57,6 +64,12 @@ jobs:
       - uses: actions/checkout@v4
       - run: nix build .#checks.x86_64-linux.deployment-panel -L
 
+  check-deployment-model:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-ssh -L
+
   check-deployment-model-ssh:
     runs-on: native
     steps:

deployment/check/common/data-model.nix

@@ -105,8 +105,7 @@ let
                 options.enable = lib.mkEnableOption "Hello in the shell";
               };
             implementation = cfg: {
-              input = cfg;
+              resources = lib.optionalAttrs cfg.enable {
-              output.resources = lib.optionalAttrs cfg.enable {
                 hello.login-shell.packages.hello = pkgs.hello;
               };
             };
@@ -139,42 +138,50 @@ let
               implementation =
                 {
                   required-resources,
-                  ...
+                  deployment-name,
                 }:
                 {
-                  input = required-resources;
+                  ssh-host = {
-                  output.ssh-host = {
                     nixos-configuration = mkNixosConfiguration environment required-resources;
+                    system = targetSystem;
                     ssh = {
                       username = "root";
                       host = nodeName;
                       key-file = null;
+                      inherit sshOpts;
                     };
+                    module = self;
+                    inherit args deployment-name;
+                    root-path = pathToRoot;
                   };
                 };
             };
             single-nixos-vm-nixops4 = environment: {
               resources."operator-environment".login-shell.username = "operator";
-              implementation = requests: {
+              implementation =
-                input = requests;
+                {
-                output.nixops4 =
+                  required-resources,
-                  { providers, ... }:
+                  ...
-                  {
+                }:
-                    providers = {
+                {
-                      inherit (inputs.nixops4.modules.nixops4Provider) local;
+                  nixops4 =
+                    { providers, ... }:
+                    {
+                      providers = {
+                        inherit (inputs.nixops4.modules.nixops4Provider) local;
+                      };
+                      resources.${nodeName} = {
+                        type = providers.local.exec;
+                        imports = [
+                          inputs.nixops4-nixos.modules.nixops4Resource.nixos
+                          ../common/targetResource.nix
+                        ];
+                        nixos.module = mkNixosConfiguration environment required-resources;
+                        _module.args = { inherit inputs sources; };
+                        inherit (deployment-config) nodeName pathToRoot pathFromRoot;
+                      };
                     };
-                    resources.${nodeName} = {
+                };
-                      type = providers.local.exec;
-                      imports = [
-                        inputs.nixops4-nixos.modules.nixops4Resource.nixos
-                        ../common/targetResource.nix
-                      ];
-                      nixos.module = mkNixosConfiguration environment requests;
-                      _module.args = { inherit inputs sources; };
-                      inherit (deployment-config) nodeName pathToRoot pathFromRoot;
-                    };
-                  };
-              };
             };
             single-nixos-vm-tf = environment: {
               resources."operator-environment".login-shell.username = "operator";
@@ -184,8 +191,7 @@ let
                   deployment-name,
                 }:
                 {
-                  input = required-resources;
+                  tf-host = {
-                  output.tf-host = {
                     nixos-configuration = mkNixosConfiguration environment required-resources;
                     system = targetSystem;
                     ssh = {

deployment/check/data-model-ssh/nixosTest.nix

@@ -1,30 +1,23 @@
 {
   lib,
-  config,
   pkgs,
-  inputs,
   ...
 }:
 let
   inherit (import ./constants.nix) pathToRoot pathFromRoot;
   inherit (pkgs) system;
-  escapedJson = v: lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (lib.strings.toJSON v);
   deployment-config = {
     inherit pathToRoot pathFromRoot;
-    inherit (config) enableAcme;
-    acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
     nodeName = "ssh";
+    targetSystem = system;
+    sshOpts = [ ];
   };
-  inherit
+  deploy =
-    ((import ../common/data-model.nix {
+    (import ../common/data-model.nix {
-      inherit system inputs;
+      inherit system;
       config = deployment-config;
-    })."ssh-deployment".ssh-host.ssh
+      # opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
-    )
+    })."ssh-deployment".ssh-host.run;
-    host
-    username
-    key-file
-    ;
 in
 {
   _class = "nixosTest";
@@ -36,6 +29,10 @@ in
   sourceFileset = lib.fileset.unions [
     ../../data-model.nix
     ../../function.nix
+    ../../nixos.nix
+    ../../run/ssh-single-host/run.sh
+    ../../../npins/default.nix
+    ../../../npins/sources.json
     ../common/data-model.nix
     ../common/data-model-options.nix
     ./constants.nix
@@ -46,6 +43,7 @@ in
     {
       environment.systemPackages = with pkgs; [
         jq
+        deploy
       ];
 
       system.extraDependenciesFromModule =
@@ -63,46 +61,7 @@ in
 
     with subtest("Run the deployment"):
       deployer.succeed("""
-        set -euo pipefail
+        ${lib.getExe deploy}
-
-        # INSTANTIATE
-        command=(nix-instantiate --show-trace --expr '
-          let
-            system = "${pkgs.system}"; # FIXME: what system are we deploying to?
-          in
-          import ${pathToRoot}/deployment/nixos.nix {
-            inherit system;
-            configuration = (
-              import ${pathToRoot}/deployment/check/common/data-model.nix {
-                inherit system;
-                config = builtins.fromJSON "${escapedJson deployment-config}";
-              }
-            )."ssh-deployment".ssh-host.nixos-configuration;
-          }
-        ')
-        # DEPLOY
-        host="${lib.defaultTo "root" username}@${host}"
-        sshOpts=(
-          ${if key-file == null then "" else "-i ${key-file}"}
-          -o StrictHostKeyChecking=no
-          -o "ConnectTimeout=1"
-          -o "ServerAliveInterval=1"
-        )
-        # instantiate the config in /nix/store
-        "''${command[@]}" --show-trace -A out_path
-        # get the realized derivation to deploy
-        outPath=$(nix-store --realize "$("''${command[@]}" --show-trace --eval --strict --json | jq -r '.drv_path')")
-        # deploy the config by nix-copy-closure
-        NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
-        # switch the remote host to the config
-        output=$(ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
-        echo "output: $output"
-        if [[ $output != *"Timeout, server ssh not responding"* ]]; then
-          echo "non-timeout error: $output"
-          exit 1
-        else
-          exit 0
-        fi
       """)
       ssh.wait_for_unit("multi-user.target")
       ssh.succeed("su - operator -c hello 1>&2")

deployment/check/data-model-tf/nixosTest.nix

@@ -10,17 +10,14 @@ let
     inherit pathToRoot pathFromRoot;
     nodeName = "target";
     targetSystem = system;
-    sshOpts = [
+    sshOpts = [ ];
-      "ConnectTimeout=1"
-      "ServerAliveInterval=1"
-    ];
   };
-  deployment =
+  deploy =
     (import ../common/data-model.nix {
       inherit system;
       config = deployment-config;
       # opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
-    })."tf-deployment".tf-host;
+    })."tf-deployment".tf-host.run;
 in
 {
   _class = "nixosTest";
@@ -39,6 +36,7 @@ in
       environment.systemPackages = with pkgs; [
         (pkgs.callPackage ../../run/tf-single-host/tf.nix { })
         jq
+        deploy
       ];
 
       # needed only when building from deployer
@@ -57,7 +55,7 @@ in
 
     with subtest("ssh: Run the deployment"):
       deployer.succeed("""
-        ${deployment.run}
+        ${lib.getExe deploy}
       """)
       target.wait_for_unit("multi-user.target")
       target.succeed("su - operator -c hello 1>&2")

deployment/check/proxmox/default.nix

@@ -0,0 +1,37 @@
+{
+  runNixOSTest,
+  sources,
+  system,
+}:
+
+let
+  pkgs = import sources.nixpkgs-stable {
+    inherit system;
+    overlays = [ overlay ];
+  };
+  overlay = _: _: {
+    inherit
+      (import "${sources.proxmox-nixos}/pkgs" {
+        craneLib = pkgs.callPackage "${sources.crane}/lib" { };
+        # breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
+        # which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
+        inherit pkgs;
+        # not so picky about version for our purposes
+        pkgs-unstable = pkgs;
+      })
+      proxmox-ve
+      pve-ha-manager
+      ;
+  };
+in
+runNixOSTest {
+  node.specialArgs = {
+    inherit
+      sources
+      pkgs
+      ;
+  };
+  imports = [
+    ./proxmoxTest.nix
+  ];
+}

deployment/check/proxmox/proxmoxTest.nix

@@ -0,0 +1,87 @@
+# https://github.com/SaumonNet/proxmox-nixos/blob/main/tests/vm.nix
+{
+  pkgs,
+  ...
+}:
+
+let
+  # tracking non-tarball downloads seems unsupported still in npins:
+  # https://github.com/andir/npins/issues/163
+  minimalIso = pkgs.fetchurl {
+    url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso";
+    hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8=";
+  };
+in
+{
+  name = "proxmox-basic";
+
+  nodes.mypve =
+    { sources, ... }:
+    {
+      imports = [
+        "${sources.proxmox-nixos}/modules/proxmox-ve"
+      ];
+      services.proxmox-ve = {
+        enable = true;
+        ipAddress = "192.168.1.1";
+        vms = {
+          myvm1 = {
+            vmid = 100;
+            memory = 1024;
+            cores = 1;
+            sockets = 1;
+            kvm = true;
+            scsi = [ { file = "local:16"; } ];
+            cdrom = "local:iso/minimal.iso";
+          };
+        };
+      };
+      virtualisation = {
+        additionalPaths = [ minimalIso ];
+        diskSize = 4096;
+        memorySize = 2048;
+      };
+    };
+
+  testScript = ''
+    machine.start()
+    machine.wait_for_unit("pveproxy.service")
+    assert "running" in machine.succeed("pveproxy status")
+
+    # Copy Iso
+    machine.succeed("mkdir -p /var/lib/vz/template/iso/")
+    machine.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
+
+    # Declarative VM creation
+    machine.wait_for_unit("multi-user.target")
+    machine.succeed("qm stop 100 --timeout 0")
+
+    # Seabios VM creation
+    machine.succeed(
+      "qm create 101 --kvm 0 --bios seabios -cdrom local:iso/minimal.iso",
+      "qm start 101",
+      "qm stop 101 --timeout 0"
+    )
+
+    # Legacy ovmf vm creation
+    machine.succeed(
+      "qm create 102 --kvm 0 --bios ovmf -cdrom local:iso/minimal.iso",
+      "qm start 102",
+      "qm stop 102 --timeout 0"
+    )
+
+    # UEFI ovmf vm creation
+    machine.succeed(
+      "qm create 103 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m -cdrom local:iso/minimal.iso",
+      "qm start 103",
+      "qm stop 103 --timeout 0"
+    )
+
+    # UEFI ovmf vm creation with secure boot
+    machine.succeed(
+      "qm create 104 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m,pre-enrolled-keys=1 -cdrom local:iso/minimal.iso",
+      "qm start 104",
+      "qm stop 104 --timeout 0"
+    )
+  '';
+}

deployment/data-model-test.nix

@@ -98,9 +98,9 @@ in
                     {
                       options.enable = lib.mkEnableOption "Hello in the shell";
                     };
-                  implementation = cfg: {
+                  implementation =
-                    input = cfg;
+                    cfg: {
-                    output.resources = lib.optionalAttrs cfg.enable {
+                    resources = lib.optionalAttrs cfg.enable {
                       hello.login-shell.packages.hello = pkgs.hello;
                     };
                   };
@@ -110,8 +110,7 @@ in
                 {
                   resources."operator-environment".login-shell.username = "operator";
                   implementation = requests: {
-                    input = requests;
+                    nixops4 = (
-                    output.nixops4 =
                       { providers, ... }:
                       {
                         providers = {
@@ -134,7 +133,8 @@ in
                               };
                             };
                         };
-                      };
+                      }
+                    );
                   };
                 };
             };

deployment/data-model.nix

@@ -20,7 +20,7 @@ let
     ;
   toBash =
     v:
-    lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
+    lib.replaceStrings [ "\"" ] [ "\\\"" ] (
       if lib.isPath v || builtins.isNull v then
         toString v
       else if lib.isString v then
@@ -29,7 +29,7 @@ let
         lib.strings.toJSON v
     );
 
-  functionType = import ./function.nix;
+  functionType = submodule ./function.nix;
   application-resources = submodule {
     options.resources = mkOption {
       # TODO: maybe transpose, and group the resources by type instead
@@ -87,12 +87,73 @@ let
   deployment-type = attrTag {
     ssh-host = mkOption {
       description = "A deployment by SSH to update a single existing NixOS host.";
-      type = submodule {
+      type = submodule (ssh-host: {
         options = {
+          system = mkOption {
+            description = "The architecture of the system to deploy to.";
+            type = types.str;
+          };
           inherit nixos-configuration;
           ssh = host-ssh;
+          module = mkOption {
+            description = "The module to call to obtain the NixOS configuration from.";
+            type = types.str;
+          };
+          args = mkOption {
+            description = "The arguments with which to call the module to obtain the NixOS configuration.";
+            type = types.attrs;
+          };
+          deployment-name = mkOption {
+            description = "The name of the deployment for which to obtain the NixOS configuration.";
+            type = types.str;
+          };
+          root-path = mkOption {
+            description = "The path to the root of the repository.";
+            type = types.path;
+          };
+          run = mkOption {
+            type = types.package;
+            # error: The option `ssh-deployment.ssh-host.run' is read-only, but it's set multiple times.
+            # readOnly = true;
+            default =
+              let
+                inherit (ssh-host.config)
+                  system
+                  ssh
+                  module
+                  args
+                  deployment-name
+                  root-path
+                  ;
+                inherit (ssh)
+                  host
+                  username
+                  key-file
+                  sshOpts
+                  ;
+                environment = {
+                  key_file = key-file;
+                  deployment_name = deployment-name;
+                  root_path = root-path;
+                  ssh_opts = sshOpts;
+                  inherit
+                    system
+                    host
+                    username
+                    module
+                    args
+                    ;
+                  deployment_type = "ssh-host";
+                };
+              in
+              pkgs.writeShellScriptBin "deploy-ssh.sh" ''
+                env ${
+                  toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") environment)
+                } bash ./deployment/run/ssh-single-host/run.sh
+              '';
+          };
         };
-      };
+      });
     };
     nixops4 = mkOption {
       description = "A NixOps4 NixOS deployment. For an example, see https://github.com/nixops4/nixops4-nixos/blob/main/example/deployment.nix.";
@@ -125,7 +186,7 @@ let
             type = types.path;
           };
           run = mkOption {
-            type = types.str;
+            type = types.package;
             # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
             # readOnly = true;
             default =
@@ -160,7 +221,7 @@ let
                 };
                 tf-env = pkgs.callPackage ./run/tf-single-host/tf-env.nix { };
               in
-              ''
+              pkgs.writeShellScriptBin "deploy-ssh.sh" ''
                 env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                 tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
               '';
@@ -199,6 +260,7 @@ in
                         type = types.optionType;
                       };
                       # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `application-resources -> resource-type`
+                      # and then also rename this to be consistent with the application's resource mapping
                       options.apply = mkOption {
                         description = "Apply the policy to a request";
                         type = functionTo policy.config.resource-type;
@@ -232,18 +294,19 @@ in
             };
             resources = mkOption {
               description = "Compute resources required by an application";
-              type = functionTo application.config.config-mapping.output-type;
+              type = application.config.config-mapping.function-type;
               readOnly = true;
-              default = input: (application.config.implementation input).output;
+              default = application.config.config-mapping.apply;
             };
-            # TODO(@fricklerhandwerk): this needs a better name, it's just the type
+            # TODO(@fricklerhandwerk): this needs a better name
             config-mapping = mkOption {
               description = "Function type for the mapping from application configuration to required resources";
-              type = submodule functionType;
+              type = functionType;
               readOnly = true;
               default = {
                 input-type = submodule application.config.module;
                 output-type = application-resources;
+                implementation = application.config.implementation;
               };
             };
           };
@@ -275,7 +338,7 @@ in
             };
             resource-mapping = mkOption {
               description = "Function type for the mapping from resources to a deployment";
-              type = submodule functionType;
+              type = functionType;
               readOnly = true;
               default = {
                 input-type = submodule {
@@ -289,6 +352,37 @@ in
                   };
                 };
                 output-type = deployment-type;
+                implementation = environment.config.implementation;
+              };
+            };
+            config-mapping = mkOption {
+              description = "Mapping from a configuration to a deployment";
+              type = functionType;
+              readOnly = true;
+              default = {
+                input-type = submodule {
+                  options = {
+                    deployment-name = mkOption {
+                      type = types.str;
+                    };
+                    configuration = mkOption {
+                      type = config.configuration;
+                    };
+                  };
+                };
+                output-type = deployment-type;
+                implementation =
+                  {
+                    deployment-name,
+                    configuration,
+                  }:
+                  # TODO: check cfg.enable.true
+                  let
+                    required-resources = lib.mapAttrs (
+                      name: application-settings: config.applications.${name}.resources application-settings
+                    ) configuration.applications;
+                  in
+                  environment.config.resource-mapping.apply { inherit required-resources deployment-name; };
               };
             };
             # TODO(@fricklerhandwerk): maybe this should be a separate thing such as `fediversity-setup`,
@@ -296,21 +390,9 @@ in
             # then the deployments can simply be the result of the function application baked into this module.
             deployment = mkOption {
               description = "Generate a deployment from a configuration, by applying an environment's resource policies to the applications' resource mappings";
-              type = functionTo (environment.config.resource-mapping.output-type);
+              type = environment.config.config-mapping.function-type;
               readOnly = true;
-              default =
+              default = environment.config.config-mapping.apply;
-                {
-                  deployment-name,
-                  configuration,
-                }:
-                # TODO: check cfg.enable.true
-                let
-                  required-resources = lib.mapAttrs (
-                    name: application-settings: config.applications.${name}.resources application-settings
-                  ) configuration.applications;
-                in
-                (environment.config.implementation { inherit required-resources deployment-name; }).output;
-
             };
           };
         })

deployment/flake-part.nix

@@ -4,9 +4,14 @@
   _class = "flake";
 
   perSystem =
-    { pkgs, ... }:
+    { pkgs, system, ... }:
     {
       checks = {
+        proxmox-basic = import ./check/proxmox {
+          inherit (pkgs.testers) runNixOSTest;
+          inherit sources system;
+        };
+
         deployment-basic = import ./check/basic {
           inherit (pkgs.testers) runNixOSTest;
           inherit inputs sources;
@@ -33,7 +38,7 @@
         };
 
         deployment-model-tf = import ./check/data-model-tf {
-          inherit (pkgs.testers) runNixOSTest;
+         inherit (pkgs.testers) runNixOSTest;
           inherit inputs sources;
         };
       };

deployment/function.nix

@@ -19,6 +19,11 @@ in
       type = optionType;
     };
     function-type = mkOption {
+      type = optionType;
+      readOnly = true;
+      default = functionTo config.output-type;
+    };
+    wrapper-type = mkOption {
       type = optionType;
       readOnly = true;
       default = functionTo (submodule {
@@ -32,5 +37,22 @@ in
         };
       });
     };
+    implementation = mkOption {
+      type = config.function-type;
+      default = _: { };
+    };
+    wrapper = mkOption {
+      type = config.wrapper-type;
+      readOnly = true;
+      default = input: fn: {
+        inherit input;
+        output = config.implementation fn.config.input;
+      };
+    };
+    apply = mkOption {
+      type = config.function-type;
+      readOnly = true;
+      default = input: (config.wrapper input).output;
+    };
   };
 }

deployment/run/ssh-single-host/run.sh

@@ -39,7 +39,7 @@ NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$destination" "$outPath" --gz
 # shellcheck disable=SC2029
 ssh "${sshOpts[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
 # shellcheck disable=SC2029
-output=$(ssh "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
+output=$(ssh -o "ConnectTimeout=1" -o "ServerAliveInterval=1" "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
 echo "output: $output"
 if [[ $output != *"Timeout, server $host not responding"* ]]; then
   echo "non-timeout error: $output"

flake.nix

@@ -6,7 +6,13 @@
 
   outputs =
     inputs:
-    import ./mkFlake.nix inputs (
+    {
+      nixConfig = {
+        extra-trusted-substituters = "https://cache.saumon.network/proxmox-nixos";
+        extra-trusted-public-keys = "proxmox-nixos:D9RYSWpQQC/msZUWphOY2I5RLH5Dd6yQcaHIuug7dWM=";
+      };
+    }
+    // import ./mkFlake.nix inputs (
       { inputs, sources, ... }:
       {
         imports = [

nixmoxer.conf

@@ -0,0 +1,4 @@
+host=192.168.51.81
+verify_ssl=0
+user=kiara@ProcoliX
+password=

npins/sources.json

@@ -25,6 +25,22 @@
       "url": null,
       "hash": "1w2gsy6qwxa5abkv8clb435237iifndcxq0s79wihqw11a5yb938"
     },
+    "crane": {
+      "type": "GitRelease",
+      "repository": {
+        "type": "GitHub",
+        "owner": "ipetkov",
+        "repo": "crane"
+      },
+      "pre_releases": false,
+      "version_upper_bound": null,
+      "release_prefix": null,
+      "submodules": false,
+      "version": "v0.20.3",
+      "revision": "8468a0c46f81d806fd643ffe389fa80328b21cf4",
+      "url": "https://api.github.com/repos/ipetkov/crane/tarball/v0.20.3",
+      "hash": "0zw4275c3a6572w6vjmn850yddw6n3qagwfcq6ns247cx72fdfx0"
+    },
     "disko": {
       "type": "GitRelease",
       "repository": {
@@ -150,6 +166,32 @@
       "revision": "f33a4d26226c05d501b9d4d3e5e60a3a59991921",
       "url": "https://github.com/nixos/nixpkgs/archive/f33a4d26226c05d501b9d4d3e5e60a3a59991921.tar.gz",
       "hash": "1b6dm1sn0bdpcsmxna0zzspjaixa2dald08005fry5jrbjvwafdj"
+    },
+    "nixpkgs-stable": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "nixos",
+        "repo": "nixpkgs"
+      },
+      "branch": "nixos-25.05",
+      "submodules": false,
+      "revision": "a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4",
+      "url": "https://github.com/nixos/nixpkgs/archive/a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4.tar.gz",
+      "hash": "0d7lp30wyy5647gpm8rnihvdcpmgmfr9c5yg4fhl31lsg8mlbg16"
+    },
+    "proxmox-nixos": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "SaumonNet",
+        "repo": "proxmox-nixos"
+      },
+      "branch": "main",
+      "submodules": false,
+      "revision": "48f39fbe2e8f90f9ac160dd4b6929f3ac06d8223",
+      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/48f39fbe2e8f90f9ac160dd4b6929f3ac06d8223.tar.gz",
+      "hash": "0606qcs8x1jwckd1ivf52rqdmi3lkn66iiqh6ghd4kqx0g2bw3nv"
     }
   },
   "version": 5