From b4533a3deff3dc4be768b6f990a5966b4d79f233 Mon Sep 17 00:00:00 2001 From: Rachel Lambda Samuelsson Date: Fri, 24 May 2024 11:13:36 +0200 Subject: [PATCH] nice --- build-vm.sh | 2 +- flake.nix | 26 ++++++++++++++++++++++---- guests/gitea.nix | 28 ---------------------------- host.nix | 28 +++++++++++++++++++++------- services.nix | 14 -------------- services/gitea.nix | 27 +++++++++++++++++++++++++++ services/readme.md | 24 ++++++++++++++++++++++++ 7 files changed, 95 insertions(+), 54 deletions(-) delete mode 100644 guests/gitea.nix delete mode 100644 services.nix create mode 100644 services/gitea.nix create mode 100644 services/readme.md diff --git a/build-vm.sh b/build-vm.sh index e2e8279..158c240 100755 --- a/build-vm.sh +++ b/build-vm.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -nixos-rebuild build-vm --flake .#cafe +nixos-rebuild build-vm --flake .#cafe-virt rm -f nixos.qcow2 ./result/bin/run-*-vm rm -f nixos.qcow2 result diff --git a/flake.nix b/flake.nix index 7e29629..8c2579a 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,16 @@ nix.registry.nixpkgs.flake = nixpkgs; system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; }; + # 8888 on host is 80 on guest + virt-module = { + virtualisation.vmVariant = { + virtualisation.cores = 4; + virtualisation.memorySize = 4096; + virtualisation.forwardPorts = [ + { from = "host"; host.port = 8080; guest.port = 80; } + ]; + }; + }; keyboard-module = { console = { @@ -29,14 +39,22 @@ }; }; }; - in { - nixosConfigurations.cafe = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + state-version = "23.11"; modules = [ nix-config-module keyboard-module - ./host.nix + (import ./host.nix state-version { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + }) ]; + in { + nixosConfigurations.cafe = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + inherit modules; + }; + nixosConfigurations.cafe-virt = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = modules ++ [ virt-module ]; }; }; } diff --git a/guests/gitea.nix b/guests/gitea.nix deleted file mode 100644 index c9b5101..0000000 --- a/guests/gitea.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, ... }: -{ - - services.gitea = { - enable = true; - appName = "My awesome Gitea server"; # Give the site a name - database = { - type = "sqlite3"; - }; - settings.server = { - DOMAIN = "localhost"; - ROOT_URL = "http://localhost/"; - HTTP_PORT = 3001; - }; - }; - - # [CONTAINER] - boot.isContainer = true; - - # [NETWORK] - networking.hostName = "gitea"; - networking.useDHCP = false; - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 3001 ]; - networking.firewall.allowedUDPPorts = [ ]; - - system.stateVersion = "23.11"; -} diff --git a/host.nix b/host.nix index d0fe5a6..aad58e4 100644 --- a/host.nix +++ b/host.nix @@ -1,10 +1,13 @@ -{ pkgs, ... }: +state-version: { pkgs, ... }: let secrets = import ./secrets/secrets.nix; - services = import ./services.nix; + services = with builtins; + map (s: import (./services + "/${s}") { inherit pkgs; }) + (filter (s: ! isNull (match ".*\.nix" s)) + (attrNames (readDir ./services))); lib = import ./lib.nix; in -lib.foldMap ({ name, ip, config, ... }: +lib.foldMap ({ name, ip, config, ports, ... }: { containers.${name} = { autoStart = true; @@ -12,7 +15,17 @@ lib.foldMap ({ name, ip, config, ... }: privateNetwork = true; hostAddress = ip.host; localAddress = ip.local; - config = config; + config = config // { + boot.isContainer = true; + networking.hostName = "${name}"; + networking.useDHCP = false; + + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = ports.tcp; + networking.firewall.allowedUDPPorts = ports.udp; + + system.stateVersion = state-version; + }; }; } ) services @@ -25,11 +38,11 @@ lib.foldMap ({ name, ip, config, ... }: enable = true; recommendedProxySettings = true; virtualHosts = - lib.foldMap ({ ip, port, hosts, ... }: + lib.foldMap ({ ip, ports, hosts, ... }: lib.foldMap (host: { "${host}" = { - locations."/".proxyPass = "http://${ip.local}:${builtins.toString port}"; + locations."/".proxyPass = "http://${ip.local}:${builtins.toString ports.http}"; }; } ) hosts @@ -39,6 +52,7 @@ lib.foldMap ({ name, ip, config, ... }: # [NETWORK] networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedUDPPorts = [ ]; + networking.hostName = "cafe"; # VM test user users.users.admin.isNormalUser = true; @@ -47,6 +61,6 @@ lib.foldMap ({ name, ip, config, ... }: users.users.admin.group = "admin"; users.groups.admin = {}; - system.stateVersion = "23.11"; + system.stateVersion = state-version; } diff --git a/services.nix b/services.nix deleted file mode 100644 index 1e41e3b..0000000 --- a/services.nix +++ /dev/null @@ -1,14 +0,0 @@ -# List of attrsets defining -# name, ip.host, ip.local, config, hosts -[ - { - name = "gitea"; - ip = { - host = "10.10.0.1"; - local = "10.10.0.2"; - }; - config = ./guests/gitea.nix; - port = 3001; - hosts = [ "localhost" ]; - } -] diff --git a/services/gitea.nix b/services/gitea.nix new file mode 100644 index 0000000..3d7bb9b --- /dev/null +++ b/services/gitea.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: { + name = "gitea"; + ip = { + host = "10.10.0.1"; + local = "10.10.0.2"; + }; + config = { + services.gitea = { + enable = true; + appName = "My awesome Gitea server"; # Give the site a name + database = { + type = "sqlite3"; + }; + settings.server = { + DOMAIN = "localhost"; + ROOT_URL = "http://localhost/"; + HTTP_PORT = 3001; + }; + }; + }; + ports = { + tcp = [ 3001 ]; + udp = []; + http = 3001; + }; + hosts = [ "localhost" ]; +} diff --git a/services/readme.md b/services/readme.md new file mode 100644 index 0000000..2e0b426 --- /dev/null +++ b/services/readme.md @@ -0,0 +1,24 @@ +# Services + +TODO: volumes + +Contains files defining services. + +Services are of the form: +```nix +{ pkgs, ... }: { + name = "name"; + ip = { + host = "ip"; + local = "ip"; + }; + config = { ... }; + ports = { + tcp = [ 80 ]; + udp = [ 111 ]; + http = 80; + }; + hosts = [ "myservice.domain.mjau" ]; +} +``` +