Migrate matemat into microvm

flake.nix

@@ -194,7 +194,7 @@
             nix copy --to ssh://$1 ${self}
 
             set -x
-            ssh $1 -- nix build -vL --no-link ${
+            ssh $1 -- nix build -L --no-link ${
               pkgs.lib.concatMapStringsSep " " (name:
                 "${self}#nixosConfigurations.${name}.config.system.build.toplevel"
               ) (builtins.attrNames self.nixosConfigurations)
@@ -253,7 +253,7 @@
               cd /var/lib/microvms/${name}
               chown root:kvm .
               chmod 0775 .
-              nix build \
+              nix build -L \
                 -o current \
                 ${self}#nixosConfigurations.${name}.config.microvm.declaredRunner
               echo '${selfRef}' > flake
@@ -437,7 +437,7 @@
 
         matemat = nixosSystem' {
           modules = [
-            ./config/lxc-container.nix
+            self.nixosModules.microvm
             ./hosts/containers/matemat
             yammat.nixosModule
             secrets.nixosModules.admins

hosts/containers/matemat/default.nix

@@ -1,42 +1,54 @@
 { zentralwerk, config, lib, pkgs, ... }:
+
 {
-  networking.hostName = "matemat";
+  c3d2 = {
-  networking.interfaces.eth0 = {
+    autoUpdate = true;
-    ipv4.addresses = [{
+    deployment = {
-      address = config.c3d2.hosts.matemat.ip4;
+      server = "server10";
-      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
+      mounts = [ "etc" "home" "var"];
-    }];
+      interfaces = [{
-    useDHCP = false;
+        net = "serv";
+        mac = "FA:2B:1B:DC:85:72";
+      }];
+    };
   };
-  networking.defaultGateway = "172.20.73.1";
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-  c3d2.autoUpdate = true;
+  networking = {
+    hostName = "matemat";
+    interfaces.ens3 = {
+      ipv4.addresses = [{
+        address = config.c3d2.hosts.matemat.ip4;
+        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
+      }];
+      useDHCP = false;
+    };
+    defaultGateway = "172.20.73.1";
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
 
-  services.yammat.enable = true;
+  services = {
-  # unbreak gtk+3
+    nginx = {
-  environment.noXlibs = false;
+      enable = true;
-
+      recommendedProxySettings = true;
-  services.nginx = {
+      virtualHosts."matemat.hq.c3d2.de" = {
-    enable = true;
+        default = true;
-    recommendedProxySettings = true;
+        forceSSL = true;
-    virtualHosts."matemat.hq.c3d2.de" = {
+        enableACME = true;
-      default = true;
+        locations."/" = {
-      forceSSL = true;
+          proxyPass = "http://localhost:3000";
-      enableACME = true;
+          extraConfig = ''
-      locations."/" = {
+            satisfy any;
-        proxyPass = "http://localhost:3000";
+            auth_basic secured;
-        extraConfig = ''
+            auth_basic_user_file ${pkgs.matemat-auth};
-          satisfy any;
+            allow 2a00:8180:2c00:200::/56;
-          auth_basic secured;
+            allow 172.22.99.0/24;
-          auth_basic_user_file ${pkgs.matemat-auth};
+            allow 172.20.72.0/21;
-          allow 2a00:8180:2c00:200::/56;
+            deny all;
-          allow 172.22.99.0/24;
+          '';
-          allow 172.20.72.0/21;
+        };
-          deny all;
-        '';
       };
     };
+    yammat.enable = true;
   };
 
   programs.msmtp = {