{ flake, ... }: let inherit (flake.config.people) user0; inherit (flake.config.services) instances; serviceCfg = instances.website; in { websiteVM = { user, ip, mac, ssh, userMac, package, }: { microvm.vms."${serviceCfg.name}" = { autostart = true; config = { system.stateVersion = "25.05"; networking.firewall.allowedTCPPorts = [ 22 80 ]; services.openssh = { enable = true; settings.PasswordAuthentication = false; }; environment.etc."website".source = package; users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; systemd = { network = { enable = true; networks."10-enp" = { matchConfig.Name = "enp0s3"; addresses = [ { Address = "${ip}/24"; } ]; gateway = [ "192.168.50.1" ]; }; }; }; services.caddy = { enable = true; virtualHosts.":80".extraConfig = '' root * /etc/website file_server try_files {path} /index.html ''; }; microvm = { vcpu = 1; mem = 512; hypervisor = "qemu"; interfaces = [ { type = "tap"; id = "vm-ws-${user}"; mac = mac; } { type = "user"; id = "vmuser-web"; mac = userMac; } ]; forwardPorts = [ { from = "host"; host.port = ssh; guest.port = 22; } ]; shares = [ { source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; } ]; }; }; }; }; }