bluh

2026-03-01 21:57:10 +00:00 · 2026-03-01 21:57:10 +00:00 · befea2e1b3
commit befea2e1b3
parent 3f989673ba
4 changed files with 52 additions and 61 deletions
--- a/config/common.nix
+++ b/config/common.nix
@ -12,7 +12,6 @@
 {
  # Bootloader
  #boot.loader.limine.enable = true;
-  boot.loader.grub.enable = false;
  #boot.loader.systemd-boot.enable = true;
  #boot.loader.limine.secureBoot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
--- a/home/podman.nix
+++ b/home/podman.nix
@ -6,6 +6,14 @@
 }:

 {
+  services.podman.networks = {
+    vlan50 = {
+      driver = "macvlan";
+      gateway = "192.168.50.1";
+      subnet = "192.168.50.0/24";
+      extraPodmanArgs= [ "--opt parent=ens18" ];
+      };
+  };
  services.podman.enable = true;
  services.podman.autoUpdate.enable = true;
  services.podman.autoUpdate.onCalendar = "*-*-* 00:00";
@ -81,7 +89,7 @@
      image = "docker.io/caddy";
      autoStart = true;
      autoUpdate = "registry";
-      network = "bridge";
+      network = "vlan50_web";
      environmentFile = [
        "/pool/services/secrets/default"
      ];
@ -322,8 +330,8 @@
      image = "docker.io/hugomods/hugo:latest";
      autoStart = true;
      autoUpdate = "registry";
-      network = "bridge";
-      exec = "server -D";
+      network = "vlan50_web";
+      exec = "server -s /src/mektem.com -D";
      environmentFile = [
        "/pool/services/secrets/default"
      ];
@ -699,18 +707,21 @@
      image = "docker.io/nginx:latest";
      autoStart = true;
      autoUpdate = "registry";
-      network = "bridge";
+      network = "vlan50";
      environmentFile = [
        "/pool/services/secrets/default"
        "/pool/services/secrets/nginx"
      ];
      volumes = [
        "/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
-        "/pool/services/podman/nginx/html:/usr/share/nginx/html"
+        "/pool/services/podman/hugo/src/mektem.com/public:/usr/share/nginx/html"
      ];
      ports = [
        "888:80"
      ];
+      extraPodmanArgs = [
+        "--privileged"
+      ];
      extraConfig = {
        Service = {
          TimeoutStartSec = 900;
@ -722,7 +733,7 @@
      image = "ghcr.io/techarohq/anubis:latest";
      autoStart = true;
      autoUpdate = "registry";
-      network = "bridge";
+      network = "vlan50_web";
      environmentFile = [
        "/pool/services/secrets/default"
        "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK????
@ -1329,33 +1340,6 @@
      };
    };

-    wireguard = {
-      image = "lscr.io/linuxserver/wireguard:latest";
-      autoStart = true;
-      autoUpdate = "registry";
-      network = "bridge";
-      addCapabilities = [
-        "NET_RAW"
-        "NET_ADMIN"
-        "SYS_MODULE"
-      ];
-      environmentFile = [
-        "/pool/services/secrets/default"
-        "/pool/services/secrets/wireguard"
-      ];
-      volumes = [
-        "/pool/services/podman/wireguard:/config"
-        #"/lib/modules:/lib/modules"
-      ];
-      ports = [
-        "51820:51820/udp"
-      ];
-      extraConfig = {
-        Service = {
-          TimeoutStartSec = 900;
-        };
-      };
-    };

    zigbee2mqtt = {
      image = "docker.io/koenkk/zigbee2mqtt";
--- a/hosts/server/hardware.nix
+++ b/hosts/server/hardware.nix
@ -1,39 +1,26 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];

-  boot.initrd.availableKernelModules = [
-    "uhci_hcd"
-    "ehci_pci"
-    "ahci"
-    "virtio_pci"
-    "sr_mod"
-    "virtio_blk"
-  ];
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "mpt3sas" "xhci_pci" "sd_mod" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/b2f2c042-9011-455a-bc30-fbe632ffa293";
-    fsType = "ext4";
-  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/54d867b3-a9cf-42cd-bc1a-56fbd758ecc4";
+      fsType = "ext4";
+    };

-  swapDevices = [
-    { device = "/dev/disk/by-uuid/29b09fa3-40a4-4ba9-bfcd-34e50d5aa2d5"; }
-  ];
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/b5e77330-ad8c-4c5b-99fc-aedfb6e0b145"; }
+    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/hosts/server/settings.nix
+++ b/hosts/server/settings.nix
@ -11,13 +11,31 @@

  age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];

-  boot.loader.limine.biosDevice = "/dev/vda";
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.useOSProber = true;
+
+  #boot.loader.limine.biosDevice = "/dev/vda";
  #boot.loader.efi.efiSysMountPoint = "/boot";

  networking = {
+    vlans = {
+      vlan50 = {
+        id = 50;
+        interface = "ens18";
+      };
+    };
    hostName = "nixos-server";
    hostId = "bbe3b289";
    firewall.enable = false;
+    interfaces.vlan50 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.50.30";
+          prefixLength = 24;
+        }
+      ];
+    };
    interfaces.ens18 = {
      ipv4.addresses = [
        {
@ -115,7 +133,7 @@
  boot.supportedFilesystems = [ "zfs" ];
  boot.zfs.forceImportRoot = false;
  boot.zfs.extraPools = [ "pool" ];
-  environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
+  #environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
  
  services.zfs.autoScrub = {
    enable = true;
@ -183,5 +201,8 @@
    ];
  };

+
+
+
  system.stateVersion = "24.11";
 }