test: setting up opencloud and microvms

2025-12-06 13:07:13 -06:00 · 2025-12-04 23:24:00 -06:00 · 2025-12-04 23:24:00 -06:00 · b5929e0834
commit b5929e0834
parent 0ed3bb9b64
8 changed files with 79 additions and 35 deletions
--- a/modules/config/instances/config/caddy.nix
+++ b/modules/config/instances/config/caddy.nix
@ -16,7 +16,7 @@ in
  ports = {
    port0 = 80;
    port1 = 443;
-    port2 = 8443;
-    port3 = 8445; # Opencloud
+    port2 = 8080;
+    port3 = 8443;
  };
 }
--- a/modules/config/instances/config/firefly-iii.nix
+++ b/modules/config/instances/config/firefly-iii.nix
@ -32,7 +32,7 @@ in
  ];
  subdomain = subdomain;
  ports = {
-    port0 = 8080;
+    port0 = 8084;
    port1 = 8081;
  };
  interface = {
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -45,7 +45,7 @@ in
      imports = builtins.attrValues {
        inherit (modules)
          acme
-          caddy
+          caddy0
          comfyui
          firefly-iii
          forgejo
@ -71,7 +71,7 @@ in
      imports = builtins.attrValues {
        inherit (modules)
          acme
-          caddy
+          caddy1
          impermanence
          microvm
          opencloud0
--- a/modules/nixos/services/caddy/caddy0/default.nix
+++ b/modules/nixos/services/caddy/caddy0/default.nix
@ -0,0 +1,33 @@
+{ flake, ... }:
+let
+  inherit (flake.config.services) instances;
+  inherit (flake.config.machines.devices) eris;
+  opencloud = instances.opencloud0;
+  service = instances.caddy;
+in
+{
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "${opencloud.domains.url0}" = {
+        extraConfig = ''
+          reverse_proxy ${eris.ip.address0}:${builtins.toString service.ports.port1} {
+            transport http {
+              tls
+              tls_insecure_skip_verify
+            }
+          }
+        '';
+      };
+    };
+  };
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0
+        service.ports.port1
+      ];
+    };
+  };
+}
--- a/modules/nixos/services/caddy/caddy1/default.nix
+++ b/modules/nixos/services/caddy/caddy1/default.nix
@ -0,0 +1,20 @@
+{ flake, ... }:
+let
+  inherit (flake.config.services) instances;
+
+  service = instances.caddy;
+in
+{
+  services.caddy = {
+    enable = true;
+  };
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0
+        service.ports.port1
+      ];
+    };
+  };
+}
--- a/modules/nixos/services/caddy/default.nix
+++ b/modules/nixos/services/caddy/default.nix
@ -1,20 +1,11 @@
-{ flake, ... }:
 let
-  inherit (flake.config.services) instances;
-
-  service = instances.caddy;
+  importList =
+    let
+      content = builtins.readDir ./.;
+      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
+    in
+    map (name: ./. + "/${name}") dirContent;
 in
 {
-  services.caddy = {
-    enable = true;
-  };
-
-  networking = {
-    firewall = {
-      allowedTCPPorts = [
-        service.ports.port0
-        service.ports.port1
-      ];
-    };
-  };
+  imports = importList;
 }
--- a/systems/ceres/config/networking.nix
+++ b/systems/ceres/config/networking.nix
@ -18,10 +18,11 @@ in
        Kind = "bridge";
      };
    };
+
    networks = {
      "20-lan" = {
        matchConfig.Name = [
-          "enp3s0"
+          "enp10s0"
          "vm-*"
        ];
        networkConfig = {
@ -31,7 +32,7 @@ in
      "30-br-vms" = {
        matchConfig.Name = "br-vms";
        networkConfig = {
-          Address = "192.168.50.245/24";
+          Address = "192.168.50.240/24";
          Gateway = "192.168.50.1";
          DNS = [ "192.168.50.1" ];
        };
@ -39,6 +40,7 @@ in
      };
    };
  };
+
  networking = {
    hostName = ceres.name;
    networkmanager.enable = false;
--- a/systems/eris/config/networking.nix
+++ b/systems/eris/config/networking.nix
@ -1,5 +1,4 @@
 {
-  lib,
  flake,
  ...
 }:
@ -7,9 +6,7 @@ let
  inherit (flake.config.machines.devices) eris;
 in
 {
-
  microvm.host.enable = true;
-
  systemd.network = {
    enable = true;
    netdevs."10-br-vms" = {
@ -18,13 +15,15 @@ in
        Kind = "bridge";
      };
    };
-
    networks = {
-      "20-lan" = {
-        matchConfig.Name = [
-          "enp10s0"
-          "vm-*"
-        ];
+      "20-enp3s0" = {
+        matchConfig.Name = "enp3s0";
+        networkConfig = {
+          Bridge = "br-vms";
+        };
+      };
+      "20-vm" = {
+        matchConfig.Name = "vm-*";
        networkConfig = {
          Bridge = "br-vms";
        };
@ -40,12 +39,11 @@ in
      };
    };
  };
-
  networking = {
    hostName = eris.name;
-    networkmanager.enable = true;
+    networkmanager.enable = false;
    nftables.enable = true;
-    useDHCP = lib.mkDefault true;
+    useDHCP = false;
    firewall = {
      enable = true;
      allowedTCPPorts = [