diff --git a/flake.lock b/flake.lock index 4bfd185..b9edaee 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1711006105, - "narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=", + "lastModified": 1710906792, + "narHash": "sha256-kFzpfZcInLhBFWHy452NlvFuzNr0BDEkz3w9Sgg2ypo=", "owner": "nix-community", "repo": "disko", - "rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6", + "rev": "e9875b969086a53dff5ec4677575ad3156fc875d", "type": "github" }, "original": { @@ -96,24 +96,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, "locked": { "lastModified": 1687709756, "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", @@ -138,11 +120,11 @@ "sqlite3pp": "sqlite3pp" }, "locked": { - "lastModified": 1711144337, - "narHash": "sha256-7nExp0SsiOcKvn+12W1Vp56F5mxmFiPZqctf5JWLB7w=", + "lastModified": 1710948909, + "narHash": "sha256-kESddzTIzBUGToPgBcM2kFiKt1Njyo2wYwPb8GqAhIM=", "owner": "flox", "repo": "flox", - "rev": "aaaac2e75eb84a3e3838d31b8db4d01ab834e852", + "rev": "21e1a2929eeadfb6e128d6f991f82ae029bf7e07", "type": "github" }, "original": { @@ -213,11 +195,11 @@ ] }, "locked": { - "lastModified": 1710888565, - "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", "type": "github" }, "original": { @@ -227,28 +209,6 @@ "type": "github" } }, - "microvm": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "spectrum": "spectrum" - }, - "locked": { - "lastModified": 1711159783, - "narHash": "sha256-nwl2Cygq7NrV9QcebJE/T/vXv7w+zLERD7ygHz0F5g8=", - "owner": "astro", - "repo": "microvm.nix", - "rev": "d31f7c7d3194c51372134832a3a2a256773c161a", - "type": "github" - }, - "original": { - "owner": "astro", - "repo": "microvm.nix", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -305,7 +265,7 @@ "nix-homebrew": { "inputs": { "brew-src": "brew-src", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nix-darwin": "nix-darwin_2", "nixpkgs": "nixpkgs_3" }, @@ -389,11 +349,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1711106783, - "narHash": "sha256-PDwAcHahc6hEimyrgGmFdft75gmLrJOZ0txX7lFqq+I=", + "lastModified": 1710889954, + "narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a3ed7406349a9335cb4c2a71369b697cecd9d351", + "rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b", "type": "github" }, "original": { @@ -434,11 +394,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1711156376, - "narHash": "sha256-gZDInkcCv3lmo578cIOyWpJ7mNgVcI6v2aodMF87oSo=", + "lastModified": 1710951922, + "narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b94075d5e741439f255799453be7ead01930caf0", + "rev": "f091af045dff8347d66d186a62d42aceff159456", "type": "github" }, "original": { @@ -479,7 +439,6 @@ "flox-flake": "flox-flake", "genebean-omp-themes": "genebean-omp-themes", "home-manager": "home-manager", - "microvm": "microvm", "nix-darwin": "nix-darwin", "nix-flatpak": "nix-flatpak", "nix-homebrew": "nix-homebrew", @@ -509,22 +468,6 @@ "type": "github" } }, - "spectrum": { - "flake": false, - "locked": { - "lastModified": 1708358594, - "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", - "ref": "refs/heads/main", - "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", - "revCount": 614, - "type": "git", - "url": "https://spectrum-os.org/git/spectrum" - }, - "original": { - "type": "git", - "url": "https://spectrum-os.org/git/spectrum" - } - }, "sqlite3pp": { "inputs": { "nixpkgs": [ @@ -575,21 +518,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d8618f8..ac86e3e 100644 --- a/flake.nix +++ b/flake.nix @@ -48,13 +48,8 @@ flake = false; }; - microvm = { - url = "github:astro/microvm.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; # end inputs - outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, microvm, genebean-omp-themes, ... }: let + outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, genebean-omp-themes, ... }: let # creates a macOS system config darwinHostConfig = system: hostname: username: nix-darwin.lib.darwinSystem { @@ -112,7 +107,6 @@ }; modules = [ disko.nixosModules.disko - #microvm.nixosModules.host home-manager.nixosModules.home-manager { home-manager = { @@ -133,22 +127,6 @@ ]; }; # end nixosSystem - nixosMicrovmConfig = system: hostname: username: nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - microvm.nixosModules.microvm - { - networking.hostName = "${hostname}"; - users.users.${username} = { - initialHashedPassword = "$6$FH6xo/OzM9mIAXqx$GTqSEDahPGyxLiDOEY77uxaApdd3xJKOkvddV6X4wplTCxsbuoyXwuOuQjMODS7dhfRs.HwL3VQgUjmok3QM60"; - isNormalUser = true; - }; - } - ./modules/hosts/nixos/microvms/${hostname} # host specific stuff - ]; - - }; # end nixosMicrovmConfig - linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration { extraSpecialArgs = { inherit genebean-omp-themes hostname username; pkgs = import nixpkgs { @@ -189,9 +167,6 @@ hetznix01 = nixosHostConfig "aarch64-linux" "hetznix01" "gene"; nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene"; rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene"; - - # VMs - nginx-proxy = nixosMicrovmConfig "x86_64-linux" "nginx-proxy" "gene"; }; homeConfigurations = { diff --git a/modules/hosts/nixos/containers/nginx-proxy.nix b/modules/hosts/nixos/containers/nginx-proxy.nix new file mode 100644 index 0000000..a46ba8f --- /dev/null +++ b/modules/hosts/nixos/containers/nginx-proxy.nix @@ -0,0 +1,31 @@ +{ ... }: { + containers.nginx-proxy = { + autoStart = true; + privateNetwork = true; + hostBridge = "br1-23"; + localAddress = "192.168.23.21/24"; + config = { config, pkgs, lib, ... }: { + system.stateVersion = "23.11"; + services.nginx = { + enable = true; + virtualHosts.default.listen = [{ + port = 80; + addr = "0.0.0.0"; + }]; + }; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + defaultGateway = "192.168.23.1"; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + }; + }; +} diff --git a/modules/hosts/nixos/microvms/nginx-proxy/default.nix b/modules/hosts/nixos/microvms/nginx-proxy/default.nix deleted file mode 100644 index afb04a8..0000000 --- a/modules/hosts/nixos/microvms/nginx-proxy/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: { - microvm = { - hypervisor = "qemu"; - socket = "control.socket"; - vcpu = 1; - volumes = [ - { - #image = "/persist/microvm/${config.networking.hostName}-var.img"; - image = "/tmp/${config.networking.hostName}-var.img"; - mountPoint = "/var"; - size = 1024; - } - ]; - shares = [ - { - # use "virtiofs" for MicroVMs that are started by systemd - proto = "9p"; - tag = "ro-store"; - # a host's /nix/store will be picked up so that no - # squashfs/erofs will be built for it. - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - } - ]; - interfaces = [{ - type = "tap"; - id = "vm-nginx-proxy"; - mac = "02:00:00:00:00:01"; - }]; - }; -} - diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index f1429b4..a11c263 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -1,8 +1,8 @@ -{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: { +{ inputs, config, hostname, pkgs, sops-nix, username, ... }: { imports = [ ./hardware-configuration.nix ./audiobookshelf.nix - #../microvms/nginx-proxy + ../containers/nginx-proxy.nix ]; system.stateVersion = "23.11"; @@ -20,36 +20,6 @@ }; }; - containers.nginx-proxy = { - autoStart = true; - privateNetwork = true; - hostBridge = "br1-23"; - localAddress = "192.168.23.21/24"; - config = { config, pkgs, lib, ... }: { - system.stateVersion = "23.11"; - services.nginx = { - enable = true; - virtualHosts.default.listen = [{ - port = 80; - addr = "0.0.0.0"; - }]; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ 80 ]; - }; - defaultGateway = "192.168.23.1"; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - }; - }; - environment.systemPackages = with pkgs; [ intel-gpu-tools jellyfin