Setting up nginx via microvm

2026-03-27 09:27:44 -04:00 · 2024-03-28 18:20:08 -04:00 · 2024-03-28 18:20:08 -04:00 · a7dfb93f42
commit a7dfb93f42
parent 0da944b2d6
5 changed files with 170 additions and 20 deletions
--- a/modules/hosts/nixos/microvms/nginx-proxy/default.nix
+++ b/modules/hosts/nixos/microvms/nginx-proxy/default.nix
@ -0,0 +1,27 @@
+{ inputs, config, hostname, microvm, pkgs, sops-nix, username,  ... }: {
+  microvm = {
+    hypervisor = "qemu";
+    socket = "control.socket";
+    vcpu = 1;
+    volumes = [
+      {
+        #image = "/persist/microvm/${config.networking.hostName}-var.img";
+        image = "/tmp/${config.networking.hostName}-var.img";
+        mountPoint = "/var";
+        size = 1024;
+      }
+    ];
+    shares = [
+      {
+        # use "virtiofs" for MicroVMs that are started by systemd
+        proto = "9p";
+        tag = "ro-store";
+        # a host's /nix/store will be picked up so that no
+        # squashfs/erofs will be built for it.
+        source = "/nix/store";
+        mountPoint = "/nix/.ro-store";
+      }
+    ];
+  };
+}
+
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@ -1,5 +1,6 @@
-{ inputs, config, hostname, pkgs, sops-nix, username,  ... }: {
+{ inputs, config, hostname, microvm, pkgs, sops-nix, username,  ... }: {
  imports = [
+    microvm.nixosModules.host
    ./hardware-configuration.nix
    ./audiobookshelf.nix
  ];
@ -40,6 +41,10 @@
    ];
  };

+  microvm.autostart = [
+    #"nginx-proxy"
+  ];
+
  networking = {
    # Open ports in the firewall.
    firewall.allowedTCPPorts = [ 22 80 ];
@ -50,6 +55,24 @@
    hostId = "c5826b45"; # head -c4 /dev/urandom | od -A none -t x4

    networkmanager.enable = true;
+    enableIPv6 = true;
+    useDHCP = true;
+    vlans = {
+      vlan23 = { id = 23; interface = "eno1-23"; };
+    };
+    bridges = {
+      br1-23 = { interfaces = [ "vlan23" ]; };
+    };
+    interfaces = {
+      eno1.ipv4.addresses = [{
+        address = "192.168.20.190";
+        prefixLength = 24;
+      }];
+      br1-23.ipv4.addresses = [{
+        address = "192.168.23.21";
+        prefixLength = 24;
+      }];
+    };
  };

  # Hardware Transcoding for Jellyfin
--- a/modules/system/common/all-nixos.nix
+++ b/modules/system/common/all-nixos.nix
@ -41,10 +41,14 @@
      "flakes"
      "nix-command"
    ];
-    extra-trusted-public-keys = [
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
    ];
-    extra-trusted-substituters = [
+    substituters = [
+      "https://cache.nixos.org"
+    ];
+    trusted-substituters = [
      "https://cache.flox.dev"
    ];
    trusted-users = [ "${username}" ];