rachel/nixos-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nice

Browse Source
This commit is contained in:
Rachel Lambda Samuelsson 2024-05-24 11:13:36 +02:00
parent edba60c4ec
commit b4533a3def
7 changed files with 95 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build-vm.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh -e #!/bin/sh -e
nixos-rebuild build-vm --flake .#cafe nixos-rebuild build-vm --flake .#cafe-virt
rm -f nixos.qcow2 rm -f nixos.qcow2
./result/bin/run-*-vm ./result/bin/run-*-vm
rm -f nixos.qcow2 result rm -f nixos.qcow2 result

26
flake.nix
View File

@ -12,6 +12,16 @@
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
}; };
# 8888 on host is 80 on guest
virt-module = {
virtualisation.vmVariant = {
virtualisation.cores = 4;
virtualisation.memorySize = 4096;
virtualisation.forwardPorts = [
{ from = "host"; host.port = 8080; guest.port = 80; }
];
};
};
keyboard-module = keyboard-module =
{ {
console = { console = {
@ -29,14 +39,22 @@
}; };
}; };
}; };
in { state-version = "23.11";
nixosConfigurations.cafe = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ modules = [
nix-config-module nix-config-module
keyboard-module keyboard-module
./host.nix (import ./host.nix state-version {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
})
]; ];
in {
nixosConfigurations.cafe = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
inherit modules;
};
nixosConfigurations.cafe-virt = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = modules ++ [ virt-module ];
}; };
}; };
} }

28
guests/gitea.nix
View File

@ -1,28 +0,0 @@
{ config, pkgs, ... }:
{
services.gitea = {
enable = true;
appName = "My awesome Gitea server"; # Give the site a name
database = {
type = "sqlite3";
};
settings.server = {
DOMAIN = "localhost";
ROOT_URL = "http://localhost/";
HTTP_PORT = 3001;
};
};
# [CONTAINER]
boot.isContainer = true;
# [NETWORK]
networking.hostName = "gitea";
networking.useDHCP = false;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 3001 ];
networking.firewall.allowedUDPPorts = [ ];
system.stateVersion = "23.11";
}

28
host.nix
View File

@ -1,10 +1,13 @@
{ pkgs, ... }: state-version: { pkgs, ... }:
let secrets = import ./secrets/secrets.nix; let secrets = import ./secrets/secrets.nix;
services = import ./services.nix; services = with builtins;
map (s: import (./services + "/${s}") { inherit pkgs; })
(filter (s: ! isNull (match ".*\.nix" s))
(attrNames (readDir ./services)));
lib = import ./lib.nix; lib = import ./lib.nix;
in in
lib.foldMap ({ name, ip, config, ... }: lib.foldMap ({ name, ip, config, ports, ... }:
{ {
containers.${name} = { containers.${name} = {
autoStart = true; autoStart = true;
@ -12,7 +15,17 @@ lib.foldMap ({ name, ip, config, ... }:
privateNetwork = true; privateNetwork = true;
hostAddress = ip.host; hostAddress = ip.host;
localAddress = ip.local; localAddress = ip.local;
config = config; config = config // {
boot.isContainer = true;
networking.hostName = "${name}";
networking.useDHCP = false;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = ports.tcp;
networking.firewall.allowedUDPPorts = ports.udp;
system.stateVersion = state-version;
};
}; };
} }
) services ) services
@ -25,11 +38,11 @@ lib.foldMap ({ name, ip, config, ... }:
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = virtualHosts =
lib.foldMap ({ ip, port, hosts, ... }: lib.foldMap ({ ip, ports, hosts, ... }:
lib.foldMap (host: lib.foldMap (host:
{ {
"${host}" = { "${host}" = {
locations."/".proxyPass = "http://${ip.local}:${builtins.toString port}"; locations."/".proxyPass = "http://${ip.local}:${builtins.toString ports.http}";
}; };
} }
) hosts ) hosts
@ -39,6 +52,7 @@ lib.foldMap ({ name, ip, config, ... }:
# [NETWORK] # [NETWORK]
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowedUDPPorts = [ ]; networking.firewall.allowedUDPPorts = [ ];
networking.hostName = "cafe";
# VM test user # VM test user
users.users.admin.isNormalUser = true; users.users.admin.isNormalUser = true;
@ -47,6 +61,6 @@ lib.foldMap ({ name, ip, config, ... }:
users.users.admin.group = "admin"; users.users.admin.group = "admin";
users.groups.admin = {}; users.groups.admin = {};
system.stateVersion = "23.11"; system.stateVersion = state-version;
} }

14
services.nix
View File

@ -1,14 +0,0 @@
# List of attrsets defining
# name, ip.host, ip.local, config, hosts
[
{
name = "gitea";
ip = {
host = "10.10.0.1";
local = "10.10.0.2";
};
config = ./guests/gitea.nix;
port = 3001;
hosts = [ "localhost" ];
}
]

27
services/gitea.nix Normal file
View File

@ -0,0 +1,27 @@
{ pkgs, ... }: {
name = "gitea";
ip = {
host = "10.10.0.1";
local = "10.10.0.2";
};
config = {
services.gitea = {
enable = true;
appName = "My awesome Gitea server"; # Give the site a name
database = {
type = "sqlite3";
};
settings.server = {
DOMAIN = "localhost";
ROOT_URL = "http://localhost/";
HTTP_PORT = 3001;
};
};
};
ports = {
tcp = [ 3001 ];
udp = [];
http = 3001;
};
hosts = [ "localhost" ];
}

24
services/readme.md Normal file
View File

@ -0,0 +1,24 @@
# Services
TODO: volumes
Contains files defining services.
Services are of the form:
```nix
{ pkgs, ... }: {
name = "name";
ip = {
host = "ip";
local = "ip";
};
config = { ... };
ports = {
tcp = [ 80 ];
udp = [ 111 ];
http = 80;
};
hosts = [ "myservice.domain.mjau" ];
}
```