finally, this shit works in a vm

2025-03-04 21:34:39 +01:00 · 2025-03-04 21:34:39 +01:00 · e74377e6c4
parent 209e5f2a8f
commit e74377e6c4
7 changed files with 101 additions and 38 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -11,6 +11,7 @@
    ./services/sonarr.nix
    ./services/misc.nix
    ./modules/microvm.nix
    ./modules/git.nix
    ./modules/nix-settings.nix
    ./modules/zfs.nix
@ -31,6 +32,9 @@
  programs.zsh = {
    enable = true;
    enableGlobalCompInit = true;
    shellAliases = {
      "nrb" = "sudo nixos-rebuild switch --flake /etc/nixos";
    };
  };
  programs.ssh.startAgent = true;
--- a/disko.nix
+++ b/disko.nix
@ -64,7 +64,11 @@
    zpool = {
      zroot = {
        type = "zpool";
-        rootFsOptions.mountpoint = "none";
+        rootFsOptions = {
          mountpoint = "none";
          acltype = "posixacl";
          xattr = "sa";
        };
        datasets = {
          root = {
--- a/modules/microvm.nix
+++ b/modules/microvm.nix
@ -3,36 +3,35 @@
  lib,
  ...
 }: let
-  attrSets = lib.lists.imap1 (i: v: {
+  attrSet = lib.lists.imap1 (i: v: {
    name = v;
    index = i;
  }) (builtins.attrNames config.microvm.vms);
 in {
-  config.microvm.hyprvisor = "cloud-hyprvisor";
+  config.systemd.network.networks = builtins.listToAttrs (builtins.map ({
-
+      name,
-  systemd.network.networks = builtins.listToAttrs attrSet ({
+      index,
-    name,
+    }: {
-    index,
+      name = "30-vm${toString index}";
-  }: {
+      value = {
-    name = "30-vm${name}";
+        matchConfig.Name = "vm${toString index}";
-    value = {
+        address = [
-      matchConfig.Name = "vm${name}";
+          "10.0.0.0/32"
-      address = [
+        ];
-        "10.0.0.0/32"
+        routes = [
-      ];
+          {
-      routes = [
+            Destination = "10.0.0.${toString index}/32";
-        {
+          }
-          Destination = "10.0.0.${toString index}/32";
+        ];
-        }
+        networkConfig = {IPv4Forwarding = true;};
-      ];
+      };
-      networkConfig = {IPv4Forwarding = true;};
+    })
-    };
+    attrSet);
  });
  # NAT (make vms accessible in host)
-  networking.nat = {
+  config.networking.nat = {
    enable = true;
-    internalIps = ["10.0.0.0/24"];
+    internalIPs = ["10.0.0.0/24"];
    externalInterface = "enp2s0";
  };
 }
--- a/modules/users.nix
+++ b/modules/users.nix
@ -17,6 +17,7 @@
      "networkmanager"
      "audio"
      "wheel"
      "jellyfin"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@ -1,12 +1,17 @@
-{pkgs, ...}: let
+{
  lib,
  pkgs,
  config,
  ...
 }: let
  host = "127.0.0.1";
  port = 8096;
 in {
  # Enable VAAPI
-  nixpkgs.config.packageOverrides = pkgs: {
+  config.nixpkgs.config.packageOverrides = pkgs: {
    vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
  };
-  hardware.graphics = {
+  config.hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver
@ -17,8 +22,15 @@ in {
    ];
  };
  # Create folder for media
  config.system.activationScripts."jellyfinMediaFolder" = lib.stringAfter ["var"] ''
    mkdir -p /media
    chmod -R 775 /media
    chown -R jellyfin:jellyfin /media
  '';
  # Enable Jellyfin
-  services.jellyfin = {
+  config.services.jellyfin = {
    enable = true;
    openFirewall = false; # We want jellyfin behind a reverse proxy
  };
@ -31,7 +43,7 @@ in {
  #   '';
  # };
-  services.nginx.
+  config.services.nginx.
    virtualHosts."media.spoodythe.one" = {
    addSSL = true;
    enableACME = true;
@ -41,6 +53,6 @@ in {
  };
  # Open port 80 and 443 for reverse proxy
-  networking.firewall.allowedTCPPorts = [80 443];
+  config.networking.firewall.allowedTCPPorts = [80 443];
-  networking.firewall.allowedUDPPorts = [80 443];
+  config.networking.firewall.allowedUDPPorts = [80 443];
 }
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -5,6 +5,13 @@
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."_" = {
      default = true;
      locations."/" = {
        return = 404;
      };
    };
  };
  security.acme.acceptTerms = true;
--- a/services/sonarr.nix
+++ b/services/sonarr.nix
@ -1,17 +1,23 @@
-{lib, ...}: let
+{
  pkgs,
  lib,
  ...
 }: let
  host = "127.0.0.1";
  port = 8989;
  vm-index = 1;
  vm-mac = "00:00:00:00:00:01";
  vm-name = "sonarr";
 in {
-  config.microvm.autostart = ["sonarr"];
+  config.microvm.autostart = [vm-name];
-  config.system.activationScripts.makeSonarrDir = lib.stringAfter ["var"] ''
+  config.system.activationScripts."make${vm-name}DataDir" = lib.stringAfter ["var"] ''
-    mkdir -p /var/lib/sonarr
+    mkdir -p /var/lib/${vm-name}
-    chmod -R microvm /var/lib/sonarr
+    chmod -R 777 /var/lib/${vm-name}
    chown -R microvm /var/lib/${vm-name}
  '';
-  config.microvm.vms."sonarr" = {
+  config.microvm.vms.${vm-name} = {
    config = {
      system.stateVersion = "24.11";
      # Storage share configuration
@ -23,12 +29,23 @@ in {
        }
        {
          tag = "data-dir";
-          source = "/var/lib/sonarr";
+          source = "/var/lib/${vm-name}";
          mountPoint = "/var/lib/sonarr";
          proto = "virtiofs";
        }
      ];
      # Allow the service to use the share
      system.activationScripts."chownDataDir" = lib.stringAfter ["var"] ''
        mkdir -p /var/lib/sonarr
        chmod -R 770 /var/lib/sonarr
        chown -R sonarr:sonarr /var/lib/sonarr
      '';
 		systemd.services.sonarr.serviceConfig.ExecStartPre = "/run/current-system/sw/bin/sleep 5";
      microvm.hypervisor = "qemu";
      # VM Networking
      microvm.interfaces = [
        {
@ -65,6 +82,13 @@ in {
        };
      };
      networking.useDHCP = false;
      networking.nameservers = [
        "10.0.101.1"
        "8.8.8.8"
        "8.8.4.4"
      ];
      # Service
      services.sonarr = {
        enable = true;
@ -75,6 +99,18 @@ in {
      users.users."root" = {
        password = "1234";
      };
      environment.systemPackages = [pkgs.dig];
      services.openssh = {
        enable = true;
        settings = {
          PermitRootLogin = "yes";
          AllowUsers = null;
          PasswordAuthentication = true;
          KbdInteractiveAuthentication = true;
        };
      };
    };
  };
 }