Working NixOS Container (systemd-nspawn) w/ Nginx

Using https://nixos.wiki/wiki/NixOS_Containers and https://nixos.wiki/wiki/Nginx I can now get to the default Nginx web page from another host on my network.
2026-03-27 09:27:44 -04:00 · 2024-04-02 23:12:27 -04:00 · 2024-04-02 23:12:27 -04:00 · 48f74e7c6a
commit 48f74e7c6a
parent 710a5c5c16
2 changed files with 34 additions and 17 deletions
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@ -2,7 +2,6 @@
  imports = [
    ./hardware-configuration.nix
    ./audiobookshelf.nix
-    #microvm.nixosModules.host
    #../microvms/nginx-proxy
  ];

@ -21,6 +20,36 @@
    };
  };

+  containers.nginx-proxy = {
+    autoStart = true;
+    privateNetwork = true;
+    hostBridge = "br1-23";
+    localAddress = "192.168.23.21/24";
+    config = { config, pkgs, lib, ... }: {
+      system.stateVersion = "23.11";
+      services.nginx = {
+        enable = true;
+        virtualHosts.default.listen = [{
+          port = 80;
+          addr = "0.0.0.0";
+        }];
+      };
+
+      networking = {
+        firewall = {
+          enable = true;
+          allowedTCPPorts = [ 80 ];
+        };
+        defaultGateway = "192.168.23.1";
+        # Use systemd-resolved inside the container
+        # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+        useHostResolvConf = lib.mkForce false;
+      };
+
+      services.resolved.enable = true;
+    };
+  };
+
  environment.systemPackages = with pkgs; [
    intel-gpu-tools
    jellyfin
@ -42,10 +71,6 @@
    ];
  };

-  #microvm.autostart = [
-    #"nginx-proxy"
-  #];
-
  networking = {
    # Open ports in the firewall.
    firewall.allowedTCPPorts = [ 22 80 ];
@ -55,6 +80,7 @@

    hostId = "c5826b45"; # head -c4 /dev/urandom | od -A none -t x4

+    useDHCP = false;
    networkmanager.enable = true;
    vlans = {
      vlan23 = { id = 23; interface = "eno1"; };
@ -62,19 +88,10 @@
    bridges = {
      br1-23 = { interfaces = [ "vlan23" ]; };
    };
-    useDHCP = false;
    interfaces = {
-      eno1.ipv4.addresses = [{
-        address = "192.168.20.190";
-        prefixLength = 24;
-      }];
-      #br1-23.ipv4.addresses = [{
-        #address = "192.168.23.21";
-        #prefixLength = 24;
-      #}];
+      eno1.useDHCP = true;
+      br1-23.useDHCP = false;
    };
-    defaultGateway = "192.168.20.1";
-    nameservers = [ "192.168.20.1" ];
  };

  # Hardware Transcoding for Jellyfin