From befea2e1b3fd8663cf69da4132098a97bbb000ae Mon Sep 17 00:00:00 2001 From: Faris Date: Sun, 1 Mar 2026 21:57:10 +0000 Subject: [PATCH] bluh --- config/common.nix | 1 - home/podman.nix | 50 +++++++++++++-------------------------- hosts/server/hardware.nix | 37 ++++++++++------------------- hosts/server/settings.nix | 25 ++++++++++++++++++-- 4 files changed, 52 insertions(+), 61 deletions(-) diff --git a/config/common.nix b/config/common.nix index 336be8f..7f7d83f 100644 --- a/config/common.nix +++ b/config/common.nix @@ -12,7 +12,6 @@ { # Bootloader #boot.loader.limine.enable = true; - boot.loader.grub.enable = false; #boot.loader.systemd-boot.enable = true; #boot.loader.limine.secureBoot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/home/podman.nix b/home/podman.nix index a72e1d2..f1fd5a5 100644 --- a/home/podman.nix +++ b/home/podman.nix @@ -6,6 +6,14 @@ }: { + services.podman.networks = { + vlan50 = { + driver = "macvlan"; + gateway = "192.168.50.1"; + subnet = "192.168.50.0/24"; + extraPodmanArgs= [ "--opt parent=ens18" ]; + }; + }; services.podman.enable = true; services.podman.autoUpdate.enable = true; services.podman.autoUpdate.onCalendar = "*-*-* 00:00"; @@ -81,7 +89,7 @@ image = "docker.io/caddy"; autoStart = true; autoUpdate = "registry"; - network = "bridge"; + network = "vlan50_web"; environmentFile = [ "/pool/services/secrets/default" ]; @@ -322,8 +330,8 @@ image = "docker.io/hugomods/hugo:latest"; autoStart = true; autoUpdate = "registry"; - network = "bridge"; - exec = "server -D"; + network = "vlan50_web"; + exec = "server -s /src/mektem.com -D"; environmentFile = [ "/pool/services/secrets/default" ]; @@ -699,18 +707,21 @@ image = "docker.io/nginx:latest"; autoStart = true; autoUpdate = "registry"; - network = "bridge"; + network = "vlan50"; environmentFile = [ "/pool/services/secrets/default" "/pool/services/secrets/nginx" ]; volumes = [ "/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" - "/pool/services/podman/nginx/html:/usr/share/nginx/html" + "/pool/services/podman/hugo/src/mektem.com/public:/usr/share/nginx/html" ]; ports = [ "888:80" ]; + extraPodmanArgs = [ + "--privileged" + ]; extraConfig = { Service = { TimeoutStartSec = 900; @@ -722,7 +733,7 @@ image = "ghcr.io/techarohq/anubis:latest"; autoStart = true; autoUpdate = "registry"; - network = "bridge"; + network = "vlan50_web"; environmentFile = [ "/pool/services/secrets/default" "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK???? @@ -1329,33 +1340,6 @@ }; }; - wireguard = { - image = "lscr.io/linuxserver/wireguard:latest"; - autoStart = true; - autoUpdate = "registry"; - network = "bridge"; - addCapabilities = [ - "NET_RAW" - "NET_ADMIN" - "SYS_MODULE" - ]; - environmentFile = [ - "/pool/services/secrets/default" - "/pool/services/secrets/wireguard" - ]; - volumes = [ - "/pool/services/podman/wireguard:/config" - #"/lib/modules:/lib/modules" - ]; - ports = [ - "51820:51820/udp" - ]; - extraConfig = { - Service = { - TimeoutStartSec = 900; - }; - }; - }; zigbee2mqtt = { image = "docker.io/koenkk/zigbee2mqtt"; diff --git a/hosts/server/hardware.nix b/hosts/server/hardware.nix index 133ddfd..59c716a 100644 --- a/hosts/server/hardware.nix +++ b/hosts/server/hardware.nix @@ -1,39 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: +{ config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ahci" - "virtio_pci" - "sr_mod" - "virtio_blk" - ]; + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "mpt3sas" "xhci_pci" "sd_mod" "sr_mod" "virtio_blk" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/b2f2c042-9011-455a-bc30-fbe632ffa293"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/54d867b3-a9cf-42cd-bc1a-56fbd758ecc4"; + fsType = "ext4"; + }; - swapDevices = [ - { device = "/dev/disk/by-uuid/29b09fa3-40a4-4ba9-bfcd-34e50d5aa2d5"; } - ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/b5e77330-ad8c-4c5b-99fc-aedfb6e0b145"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix index 734eb88..ed6d230 100644 --- a/hosts/server/settings.nix +++ b/hosts/server/settings.nix @@ -11,13 +11,31 @@ age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; - boot.loader.limine.biosDevice = "/dev/vda"; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.useOSProber = true; + + #boot.loader.limine.biosDevice = "/dev/vda"; #boot.loader.efi.efiSysMountPoint = "/boot"; networking = { + vlans = { + vlan50 = { + id = 50; + interface = "ens18"; + }; + }; hostName = "nixos-server"; hostId = "bbe3b289"; firewall.enable = false; + interfaces.vlan50 = { + ipv4.addresses = [ + { + address = "192.168.50.30"; + prefixLength = 24; + } + ]; + }; interfaces.ens18 = { ipv4.addresses = [ { @@ -115,7 +133,7 @@ boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; boot.zfs.extraPools = [ "pool" ]; - environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path; + #environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path; services.zfs.autoScrub = { enable = true; @@ -183,5 +201,8 @@ ]; }; + + + system.stateVersion = "24.11"; }