patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity
nix-config/hosts/elisabeth/guests.nix
Patrick 12fd79a9c8
fix: desktopnix deploy 
fix: immich firewall rules
2024-12-24 14:54:17 +01:00

142 lines
4.5 KiB
Nix
Raw Blame History

{
config,
globals,
stateVersion,
inputs,
lib,
minimal,
...
}:
{
guests =
let
mkGuest =
guestName:
{
enablePanzer ? false,
enableRenaultFT ? false,
enableBunker ? false,
enableSharedPaperless ? false,
vlans ? [ "services" ],
...
}:
{
autostart = true;
zfs."/state" = {
pool = "rpool";
dataset = "local/guests/${guestName}";
};
zfs."/persist" = {
pool = "rpool";
dataset = "safe/guests/${guestName}";
};
zfs."/panzer" = lib.mkIf enablePanzer {
pool = "panzer";
dataset = "safe/guests/${guestName}";
};
zfs."/renaultft" = lib.mkIf enableRenaultFT {
pool = "renaultft";
dataset = "safe/guests/${guestName}";
};
# kinda not necesarry should be removed on next reimaging
zfs."/bunker" = lib.mkIf enableBunker {
pool = "panzer";
dataset = "bunker/guests/${guestName}";
};
zfs."/paperless" = lib.mkIf enableSharedPaperless {
pool = "panzer";
dataset = "bunker/shared/paperless";
};
modules = [
../../config/basic
../../config/services/${guestName}.nix
{
node.secretsDir = config.node.secretsDir + "/${guestName}";
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
lib.length config.guests.${guestName}.networking.links == 1
) config.guests.${guestName}.networking.links;
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
lib.listToAttrs (
lib.flip map vlans (
name:
lib.nameValuePair "10-mv-${name}" {
matchConfig.Name = "mv-${name}";
DHCP = lib.mkForce "no";
address = [
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
];
gateway = [
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
];
}
)
)
);
}
];
};
mkMicrovm = guestName: cfg: {
${guestName} = mkGuest guestName cfg // {
backend = "microvm";
microvm = {
system = "x86_64-linux";
interfaces.lan-services = { };
baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
};
extraSpecialArgs = {
inherit (inputs.self) nodes globals;
inherit (inputs.self.pkgs.x86_64-linux) lib;
inherit inputs minimal stateVersion;
};
};
};
mkContainer =
guestName:
{
vlans ? [ "services" ],
...
}@cfg:
{
${guestName} = mkGuest guestName cfg // {
backend = "container";
container.macvlans = lib.flip map vlans (x: "lan-${x}:mv-${x}");
extraSpecialArgs = {
inherit (inputs.self) nodes globals;
inherit (inputs.self.pkgs.x86_64-linux) lib;
inherit inputs minimal stateVersion;
};
};
};
in
{ }
// mkContainer "oauth2-proxy" { }
// mkContainer "vaultwarden" { }
// mkContainer "ddclient" { }
// mkContainer "ollama" { }
// mkContainer "murmur" { }
// mkContainer "homebox" { }
// mkContainer "invidious" { }
// mkContainer "ttrss" { }
// mkContainer "firefly" { }
// mkContainer "yourspotify" { }
// mkContainer "netbird" { }
// mkContainer "blog" { }
// mkContainer "kanidm" { }
// mkContainer "nextcloud" { enablePanzer = true; }
// mkContainer "paperless" { enableSharedPaperless = true; }
// mkContainer "forgejo" { enablePanzer = true; }
// mkMicrovm "immich" { enablePanzer = true; }
// mkContainer "samba" {
enablePanzer = true;
enableRenaultFT = true;
enableBunker = true;
enableSharedPaperless = true;
vlans = [ "home" ];
};
}
Reference in a new issue View git blame Copy permalink