genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Setting up nginx via microvm

Browse source
This commit is contained in:
Gene Liverman 2024-03-28 18:20:08 -04:00
parent 0da944b2d6
commit a7dfb93f42
5 changed files with 170 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

104
flake.lock generated
View file

@ -45,11 +45,11 @@
]
},
"locked": {
"lastModified": 1710906792,
"narHash": "sha256-kFzpfZcInLhBFWHy452NlvFuzNr0BDEkz3w9Sgg2ypo=",
"lastModified": 1711006105,
"narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=",
"owner": "nix-community",
"repo": "disko",
"rev": "e9875b969086a53dff5ec4677575ad3156fc875d",
"rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6",
"type": "github"
},
"original": {
@ -96,6 +96,24 @@
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
@ -120,11 +138,11 @@
"sqlite3pp": "sqlite3pp"
},
"locked": {
"lastModified": 1710948909,
"narHash": "sha256-kESddzTIzBUGToPgBcM2kFiKt1Njyo2wYwPb8GqAhIM=",
"lastModified": 1711144337,
"narHash": "sha256-7nExp0SsiOcKvn+12W1Vp56F5mxmFiPZqctf5JWLB7w=",
"owner": "flox",
"repo": "flox",
"rev": "21e1a2929eeadfb6e128d6f991f82ae029bf7e07",
"rev": "aaaac2e75eb84a3e3838d31b8db4d01ab834e852",
"type": "github"
},
"original": {
@ -195,11 +213,11 @@
]
},
"locked": {
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"lastModified": 1710888565,
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"type": "github"
},
"original": {
@ -209,6 +227,28 @@
"type": "github"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1711159783,
"narHash": "sha256-nwl2Cygq7NrV9QcebJE/T/vXv7w+zLERD7ygHz0F5g8=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "d31f7c7d3194c51372134832a3a2a256773c161a",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -265,7 +305,7 @@
"nix-homebrew": {
"inputs": {
"brew-src": "brew-src",
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nix-darwin": "nix-darwin_2",
"nixpkgs": "nixpkgs_3"
},
@ -349,11 +389,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1710889954,
"narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=",
"lastModified": 1711106783,
"narHash": "sha256-PDwAcHahc6hEimyrgGmFdft75gmLrJOZ0txX7lFqq+I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b",
"rev": "a3ed7406349a9335cb4c2a71369b697cecd9d351",
"type": "github"
},
"original": {
@ -394,11 +434,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1710951922,
"narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=",
"lastModified": 1711156376,
"narHash": "sha256-gZDInkcCv3lmo578cIOyWpJ7mNgVcI6v2aodMF87oSo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f091af045dff8347d66d186a62d42aceff159456",
"rev": "b94075d5e741439f255799453be7ead01930caf0",
"type": "github"
},
"original": {
@ -439,6 +479,7 @@
"flox-flake": "flox-flake",
"genebean-omp-themes": "genebean-omp-themes",
"home-manager": "home-manager",
"microvm": "microvm",
"nix-darwin": "nix-darwin",
"nix-flatpak": "nix-flatpak",
"nix-homebrew": "nix-homebrew",
@ -468,6 +509,22 @@
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1708358594,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 614,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"sqlite3pp": {
"inputs": {
"nixpkgs": [
@ -518,6 +575,21 @@
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

26
flake.nix
View file

@ -48,8 +48,13 @@
flake = false;
};
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; # end inputs
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, genebean-omp-themes, ... }: let
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, microvm, genebean-omp-themes, ... }: let
# creates a macOS system config
darwinHostConfig = system: hostname: username: nix-darwin.lib.darwinSystem {
@ -127,6 +132,22 @@
];
}; # end nixosSystem
nixosMicrovmConfig = system: hostname: username: nixpkgs.lib.nixosSystem {
inherit system;
modules = [
microvm.nixosModules.microvm
{
networking.hostName = "${hostname}";
users.users.${username} = {
initialHashedPassword = "$6$FH6xo/OzM9mIAXqx$GTqSEDahPGyxLiDOEY77uxaApdd3xJKOkvddV6X4wplTCxsbuoyXwuOuQjMODS7dhfRs.HwL3VQgUjmok3QM60";
isNormalUser = true;
};
}
./modules/hosts/nixos/microvms/${hostname} # host specific stuff
];
}; # end nixosMicrovmConfig
linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { inherit genebean-omp-themes hostname username;
pkgs = import nixpkgs {
@ -167,6 +188,9 @@
hetznix01 = nixosHostConfig "aarch64-linux" "hetznix01" "gene";
nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene";
rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene";
# VMs
nginx-proxy = nixosMicrovmConfig "x86_64-linux" "nginx-proxy" "gene";
};
homeConfigurations = {

27
modules/hosts/nixos/microvms/nginx-proxy/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: {
microvm = {
hypervisor = "qemu";
socket = "control.socket";
vcpu = 1;
volumes = [
{
#image = "/persist/microvm/${config.networking.hostName}-var.img";
image = "/tmp/${config.networking.hostName}-var.img";
mountPoint = "/var";
size = 1024;
}
];
shares = [
{
# use "virtiofs" for MicroVMs that are started by systemd
proto = "9p";
tag = "ro-store";
# a host's /nix/store will be picked up so that no
# squashfs/erofs will be built for it.
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
};
}

25
modules/hosts/nixos/nixnuc/default.nix
View file

@ -1,5 +1,6 @@
{ inputs, config, hostname, pkgs, sops-nix, username, ... }: {
{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: {
imports = [
microvm.nixosModules.host
./hardware-configuration.nix
./audiobookshelf.nix
];
@ -40,6 +41,10 @@
];
};
microvm.autostart = [
#"nginx-proxy"
];
networking = {
# Open ports in the firewall.
firewall.allowedTCPPorts = [ 22 80 ];
@ -50,6 +55,24 @@
hostId = "c5826b45"; # head -c4 /dev/urandom | od -A none -t x4
networkmanager.enable = true;
enableIPv6 = true;
useDHCP = true;
vlans = {
vlan23 = { id = 23; interface = "eno1-23"; };
};
bridges = {
br1-23 = { interfaces = [ "vlan23" ]; };
};
interfaces = {
eno1.ipv4.addresses = [{
address = "192.168.20.190";
prefixLength = 24;
}];
br1-23.ipv4.addresses = [{
address = "192.168.23.21";
prefixLength = 24;
}];
};
};
# Hardware Transcoding for Jellyfin

8
modules/system/common/all-nixos.nix
View file

@ -41,10 +41,14 @@
"flakes"
"nix-command"
];
extra-trusted-public-keys = [
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
];
extra-trusted-substituters = [
substituters = [
"https://cache.nixos.org"
];
trusted-substituters = [
"https://cache.flox.dev"
];
trusted-users = [ "${username}" ];