chore: support static ips

config/services/nginx.nix

@@ -9,6 +9,8 @@ let
   ipOf = name: nodes.${globals.services.${name}.host}.config.wireguard.services.ipv4;
 in
 {
+  systemd.network.networks."10-static" = {
+  };
   wireguard.services = {
     client.via = "nucnix";
   };

globals.nix

@@ -49,6 +49,7 @@ in
       adguardhome = {
         domain = "adguardhome.${globals.domains.web}";
         host = "nucnix-adguardhome";
+        ip = 10;
       };
       forgejo = {
         domain = "forge.${globals.domains.web}";
@@ -84,7 +85,7 @@ in
       };
       apispotify = {
         domain = "apisptfy.${globals.domains.web}";
-        host = "elisabeth-apispotify";
+        host = "elisabeth-yourspotify";
       };
       kanidm = {
         domain = "auth.${globals.domains.web}";
@@ -118,6 +119,16 @@ in
         domain = "netbird.${globals.domains.web}";
         host = "elisabeth-netbird";
       };
+      nginx = {
+        domain = globals.domains.web;
+        host = "nucnix-nginx";
+        ip = 5;
+      };
+      samba = {
+        domain = "smb.${globals.domains.web}";
+        host = "elisabeth-samba";
+        ip = 12;
+      };
     };
   };
 }

hosts/nucnix/guests.nix

@@ -1,6 +1,7 @@
 {
   config,
   stateVersion,
+  globals,
   inputs,
   lib,
   minimal,
@@ -9,34 +10,55 @@
 {
   guests =
     let
-      mkGuest = guestName: _: {
+      mkGuest =
-        autostart = true;
+        guestName:
-        zfs."/state" = {
+        {
-          pool = "rpool";
+          vlans ? [ "services" ],
-          dataset = "local/guests/${guestName}";
+          ...
+        }:
+        {
+          autostart = true;
+          zfs."/state" = {
+            pool = "rpool";
+            dataset = "local/guests/${guestName}";
+          };
+          zfs."/persist" = {
+            pool = "rpool";
+            dataset = "safe/guests/${guestName}";
+          };
+          modules = [
+            ../../config/basic
+            ../../config/services/${guestName}.nix
+            {
+              node.secretsDir = config.node.secretsDir + "/${guestName}";
+              networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
+                lib.length config.guests.${guestName}.networking.links == 1
+              ) config.guests.${guestName}.networking.links;
+              systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
+                lib.listToAttrs (
+                  lib.flip map vlans (
+                    name:
+                    lib.nameValuePair "09-mv-${name}" {
+                      matchConfig.Name = "mv-${name}";
+                      DHCP = "no";
+                      address = [
+                        (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
+                      ];
+                      gateway = lib.net.cidr.hostCidr 1 globals.net.vlans.${name}.cidrv4;
+                    }
+                  )
+                )
+              );
+            }
+          ];
         };
-        zfs."/persist" = {
-          pool = "rpool";
-          dataset = "safe/guests/${guestName}";
-        };
-        modules = [
-          ../../config/basic
-          ../../config/services/${guestName}.nix
-          {
-            node.secretsDir = config.node.secretsDir + "/${guestName}";
-            networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
-              lib.length config.guests.${guestName}.networking.links == 1
-            ) config.guests.${guestName}.networking.links;
-          }
-        ];
-      };
 
       mkMicrovm = guestName: cfg: {
         ${guestName} = mkGuest guestName cfg // {
           backend = "microvm";
           microvm = {
             system = "x86_64-linux";
-            interfaces.lan = { };
+            interfaces.lan = lib.trace "This don't work yet" { };
             baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
           };
           extraSpecialArgs = {
@@ -50,22 +72,30 @@
       mkContainer =
         guestName:
         {
-          macvlans ? [ "lan-services" ],
+          vlans ? [ "services" ],
           ...
         }@cfg:
         {
-          ${guestName} = mkGuest guestName cfg // {
+          ${guestName} = lib.mkMerge [
-            backend = "container";
+            (mkGuest guestName cfg)
-            container.macvlans = macvlans;
+            {
-            extraSpecialArgs = {
+              backend = "container";
-              inherit (inputs.self) nodes globals;
+              container.macvlans = lib.flip map vlans (x: "lan-${x}:mv-${x}");
-              inherit (inputs.self.pkgs.x86_64-linux) lib;
+              extraSpecialArgs = {
-              inherit inputs minimal stateVersion;
+                inherit (inputs.self) nodes globals;
-            };
+                inherit (inputs.self.pkgs.x86_64-linux) lib;
-          };
+                inherit inputs minimal stateVersion;
+              };
+            }
+          ];
         };
     in
     { }
-    // mkContainer "adguardhome" { macvlans = [ "lan-services" ]; }
+    // mkContainer "adguardhome" {
-    // mkContainer "nginx" { macvlans = [ "lan-services" ]; };
+      vlans = [
+        "services"
+        "home"
+      ];
+    }
+    // mkContainer "nginx" { };
 }

modules/globals.nix

@@ -132,6 +132,11 @@ in
                     type = types.str;
                     description = "The node-name on which this service runs";
                   };
+                  ip = mkOption {
+                    type = types.nullOr (types.ints.between 5 49);
+                    default = null;
+                    description = "Optional IP in case this service runs needs a static ip. Shou";
+                  };
                 };
               }
             );