nice

2024-05-24 11:13:36 +02:00 · 2024-05-24 11:13:36 +02:00 · b4533a3def
commit b4533a3def
parent edba60c4ec
7 changed files with 95 additions and 54 deletions
--- a/build-vm.sh
+++ b/build-vm.sh
@ -1,5 +1,5 @@
 #!/bin/sh -e
-nixos-rebuild build-vm --flake .#cafe
+nixos-rebuild build-vm --flake .#cafe-virt
 rm -f nixos.qcow2
 ./result/bin/run-*-vm
 rm -f nixos.qcow2 result
--- a/flake.nix
+++ b/flake.nix
@ -12,6 +12,16 @@
          nix.registry.nixpkgs.flake = nixpkgs;
          system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
        };
+        # 8888 on host is 80 on guest
+        virt-module = {
+          virtualisation.vmVariant = {
+            virtualisation.cores = 4;
+            virtualisation.memorySize = 4096;
+            virtualisation.forwardPorts = [
+              { from = "host"; host.port = 8080; guest.port = 80; }
+            ];
+          };
+        };
        keyboard-module =
        {
          console = {
@ -29,14 +39,22 @@
            };
          };
        };
-    in {
-      nixosConfigurations.cafe = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
+        state-version = "23.11";
        modules = [
          nix-config-module
          keyboard-module
-          ./host.nix
+          (import ./host.nix state-version {
+            pkgs = nixpkgs.legacyPackages.x86_64-linux;
+          })
        ];
+    in {
+      nixosConfigurations.cafe = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        inherit modules;
+      };
+      nixosConfigurations.cafe-virt = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = modules ++ [ virt-module ];
      };
    };
 }
--- a/guests/gitea.nix
+++ b/guests/gitea.nix
@ -1,28 +0,0 @@
-{ config, pkgs, ... }:
-{
-
-  services.gitea = {
-    enable = true;
-    appName = "My awesome Gitea server"; # Give the site a name
-    database = {
-      type = "sqlite3";
-    };
-    settings.server = {
-      DOMAIN = "localhost";
-      ROOT_URL = "http://localhost/";
-      HTTP_PORT = 3001;
-    };
-  };
-
-  # [CONTAINER]
-  boot.isContainer = true;
-  
-  # [NETWORK]
-  networking.hostName = "gitea";
-  networking.useDHCP = false;
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 3001 ];
-  networking.firewall.allowedUDPPorts = [ ];
-
-  system.stateVersion = "23.11";
-}
--- a/host.nix
+++ b/host.nix
@ -1,10 +1,13 @@
-{ pkgs, ... }:
+state-version: { pkgs, ... }:
 let secrets = import ./secrets/secrets.nix;
-    services = import ./services.nix;
+    services = with builtins;
+      map (s: import (./services + "/${s}") { inherit pkgs; })
+          (filter (s: ! isNull (match ".*\.nix" s)) 
+                  (attrNames (readDir ./services)));
    lib = import ./lib.nix;
 in

-lib.foldMap ({ name, ip, config, ... }: 
+lib.foldMap ({ name, ip, config, ports, ... }: 
 {
  containers.${name} = {
    autoStart = true;
@ -12,7 +15,17 @@ lib.foldMap ({ name, ip, config, ... }:
    privateNetwork = true;
    hostAddress = ip.host;
    localAddress = ip.local;
-    config = config;
+    config = config // {
+      boot.isContainer = true;
+      networking.hostName = "${name}";
+      networking.useDHCP = false;
+
+      networking.firewall.enable = true;
+      networking.firewall.allowedTCPPorts = ports.tcp;
+      networking.firewall.allowedUDPPorts = ports.udp;
+
+      system.stateVersion = state-version;
+    };
  };
 }
 ) services
@ -25,11 +38,11 @@ lib.foldMap ({ name, ip, config, ... }:
    enable = true;
    recommendedProxySettings = true;
    virtualHosts =
-      lib.foldMap ({ ip, port, hosts, ... }: 
+      lib.foldMap ({ ip, ports, hosts, ... }: 
        lib.foldMap (host: 
        {
          "${host}" = {
-            locations."/".proxyPass = "http://${ip.local}:${builtins.toString port}";
+            locations."/".proxyPass = "http://${ip.local}:${builtins.toString ports.http}";
          };
        }
        ) hosts
@ -39,6 +52,7 @@ lib.foldMap ({ name, ip, config, ... }:
  # [NETWORK]
  networking.firewall.allowedTCPPorts = [ 80 ];
  networking.firewall.allowedUDPPorts = [ ];
+  networking.hostName = "cafe";

  # VM test user
  users.users.admin.isNormalUser = true;
@ -47,6 +61,6 @@ lib.foldMap ({ name, ip, config, ... }:
  users.users.admin.group = "admin";
  users.groups.admin = {};

-  system.stateVersion = "23.11";
+  system.stateVersion = state-version;

 }
--- a/services.nix
+++ b/services.nix
@ -1,14 +0,0 @@
-# List of attrsets defining
-# name, ip.host, ip.local, config, hosts
-[
-  {
-    name = "gitea";
-    ip = {
-      host = "10.10.0.1";
-      local = "10.10.0.2";
-    };
-    config = ./guests/gitea.nix;
-    port = 3001;
-    hosts = [ "localhost" ];
-  }
-]
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -0,0 +1,27 @@
+{ pkgs, ... }: {
+  name = "gitea";
+  ip = {
+    host = "10.10.0.1";
+    local = "10.10.0.2";
+  };
+  config = {
+    services.gitea = {
+      enable = true;
+      appName = "My awesome Gitea server"; # Give the site a name
+      database = {
+        type = "sqlite3";
+      };
+      settings.server = {
+        DOMAIN = "localhost";
+        ROOT_URL = "http://localhost/";
+        HTTP_PORT = 3001;
+      };
+    };
+  };
+  ports = {
+    tcp = [ 3001 ];
+    udp = [];
+    http = 3001;
+  };
+  hosts = [ "localhost" ];
+}
--- a/services/readme.md
+++ b/services/readme.md
@ -0,0 +1,24 @@
+# Services
+
+TODO: volumes
+
+Contains files defining services.
+
+Services are of the form:
+```nix
+{ pkgs, ... }: {
+  name = "name";
+  ip = {
+    host = "ip";
+    local = "ip";
+  };
+  config = { ... };
+  ports = {
+    tcp = [ 80 ];
+    udp = [ 111 ];
+    http = 80;
+  };
+  hosts = [ "myservice.domain.mjau" ];
+}
+```
+