bluh

config/common.nix

@@ -12,7 +12,6 @@
 {
   # Bootloader
   #boot.loader.limine.enable = true;
-  boot.loader.grub.enable = false;
   #boot.loader.systemd-boot.enable = true;
   #boot.loader.limine.secureBoot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

home/podman.nix

@@ -6,6 +6,14 @@
 }:
 
 {
+  services.podman.networks = {
+    vlan50 = {
+      driver = "macvlan";
+      gateway = "192.168.50.1";
+      subnet = "192.168.50.0/24";
+      extraPodmanArgs= [ "--opt parent=ens18" ];
+      };
+  };
   services.podman.enable = true;
   services.podman.autoUpdate.enable = true;
   services.podman.autoUpdate.onCalendar = "*-*-* 00:00";
@@ -81,7 +89,7 @@
       image = "docker.io/caddy";
       autoStart = true;
       autoUpdate = "registry";
-      network = "bridge";
+      network = "vlan50_web";
       environmentFile = [
         "/pool/services/secrets/default"
       ];
@@ -322,8 +330,8 @@
       image = "docker.io/hugomods/hugo:latest";
       autoStart = true;
       autoUpdate = "registry";
-      network = "bridge";
-      exec = "server -D";
+      network = "vlan50_web";
+      exec = "server -s /src/mektem.com -D";
       environmentFile = [
         "/pool/services/secrets/default"
       ];
@@ -699,18 +707,21 @@
       image = "docker.io/nginx:latest";
       autoStart = true;
       autoUpdate = "registry";
-      network = "bridge";
+      network = "vlan50";
       environmentFile = [
         "/pool/services/secrets/default"
         "/pool/services/secrets/nginx"
       ];
       volumes = [
         "/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
-        "/pool/services/podman/nginx/html:/usr/share/nginx/html"
+        "/pool/services/podman/hugo/src/mektem.com/public:/usr/share/nginx/html"
       ];
       ports = [
         "888:80"
       ];
+      extraPodmanArgs = [
+        "--privileged"
+      ];
       extraConfig = {
         Service = {
           TimeoutStartSec = 900;
@@ -722,7 +733,7 @@
       image = "ghcr.io/techarohq/anubis:latest";
       autoStart = true;
       autoUpdate = "registry";
-      network = "bridge";
+      network = "vlan50_web";
       environmentFile = [
         "/pool/services/secrets/default"
         "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK????
@@ -1329,33 +1340,6 @@
       };
     };
 
-    wireguard = {
-      image = "lscr.io/linuxserver/wireguard:latest";
-      autoStart = true;
-      autoUpdate = "registry";
-      network = "bridge";
-      addCapabilities = [
-        "NET_RAW"
-        "NET_ADMIN"
-        "SYS_MODULE"
-      ];
-      environmentFile = [
-        "/pool/services/secrets/default"
-        "/pool/services/secrets/wireguard"
-      ];
-      volumes = [
-        "/pool/services/podman/wireguard:/config"
-        #"/lib/modules:/lib/modules"
-      ];
-      ports = [
-        "51820:51820/udp"
-      ];
-      extraConfig = {
-        Service = {
-          TimeoutStartSec = 900;
-        };
-      };
-    };
 
     zigbee2mqtt = {
       image = "docker.io/koenkk/zigbee2mqtt";

hosts/server/hardware.nix

@@ -1,39 +1,26 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
 
-  boot.initrd.availableKernelModules = [
-    "uhci_hcd"
-    "ehci_pci"
-    "ahci"
-    "virtio_pci"
-    "sr_mod"
-    "virtio_blk"
-  ];
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "mpt3sas" "xhci_pci" "sd_mod" "sr_mod" "virtio_blk" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/b2f2c042-9011-455a-bc30-fbe632ffa293";
-    fsType = "ext4";
-  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/54d867b3-a9cf-42cd-bc1a-56fbd758ecc4";
+      fsType = "ext4";
+    };
 
-  swapDevices = [
-    { device = "/dev/disk/by-uuid/29b09fa3-40a4-4ba9-bfcd-34e50d5aa2d5"; }
-  ];
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/b5e77330-ad8c-4c5b-99fc-aedfb6e0b145"; }
+    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

hosts/server/settings.nix

@@ -11,13 +11,31 @@
 
   age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
 
-  boot.loader.limine.biosDevice = "/dev/vda";
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.useOSProber = true;
+
+  #boot.loader.limine.biosDevice = "/dev/vda";
   #boot.loader.efi.efiSysMountPoint = "/boot";
 
   networking = {
+    vlans = {
+      vlan50 = {
+        id = 50;
+        interface = "ens18";
+      };
+    };
     hostName = "nixos-server";
     hostId = "bbe3b289";
     firewall.enable = false;
+    interfaces.vlan50 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.50.30";
+          prefixLength = 24;
+        }
+      ];
+    };
     interfaces.ens18 = {
       ipv4.addresses = [
         {
@@ -115,7 +133,7 @@
   boot.supportedFilesystems = [ "zfs" ];
   boot.zfs.forceImportRoot = false;
   boot.zfs.extraPools = [ "pool" ];
-  environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
+  #environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
   
   services.zfs.autoScrub = {
     enable = true;
@@ -183,5 +201,8 @@
     ];
   };
 
+
+
+
   system.stateVersion = "24.11";
 }