From f45e3371a468850e3b27ebc83da722a6d12ffe08 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Sat, 18 Jun 2022 02:42:41 +0200
Subject: [PATCH] c3d2-web: microvmify, fix

---
 flake.nix                             |  2 +-
 hosts/containers/c3d2-web/default.nix | 26 ++++++++++++++------------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/flake.nix b/flake.nix
index 397f6f19..822b8075 100644
--- a/flake.nix
+++ b/flake.nix
@@ -579,7 +579,7 @@
         c3d2-web = nixosSystem' {
           modules = [
             { _module.args = { inherit nixpkgs; }; }
-            ./config/lxc-container.nix
+            self.nixosModules.microvm
             ./hosts/containers/c3d2-web
             { nixpkgs.overlays = [ secrets.overlays.c3d2-web ]; }
           ];
diff --git a/hosts/containers/c3d2-web/default.nix b/hosts/containers/c3d2-web/default.nix
index d43ccb31..3050e821 100644
--- a/hosts/containers/c3d2-web/default.nix
+++ b/hosts/containers/c3d2-web/default.nix
@@ -5,15 +5,13 @@ let
   deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
 in
 {
+  c3d2.deployment = {
+    server = "server10";
+    mounts = [ "etc" "home" "var"];
+  };
   boot.tmpOnTmpfs = true;
   # Network setup
   networking.hostName = "c3d2-web";
-  networking.useNetworkd = true;
-  networking.interfaces.eth0.ipv4.addresses = [{
-    address = config.c3d2.hosts."${config.networking.hostName}".ip4;
-    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
-  }];
-  networking.defaultGateway = "172.20.73.1";
   networking.firewall.allowedTCPPorts = [
     # http/https
     80 443
@@ -161,11 +159,14 @@ in
       # Build at least once
       touch ${config.users.users.c3d2-web.home}/deploy-pending
 
-      TEMP=$(mktemp -d)
-      cd $TEMP
-
-      git clone --depth=1 https://gitea.c3d2.de/c3d2/c3d2-web.git
-      cd c3d2-web
+      if [ ! -d c3d2-web ]; then
+        git clone --depth=1 https://gitea.c3d2.de/c3d2/c3d2-web.git
+        cd c3d2-web
+      else
+        cd c3d2-web
+        git fetch origin
+        git reset --hard origin/master
+      fi
 
       # Loop in case the webhook was called while we were building
       while [ -e ${config.users.users.c3d2-web.home}/deploy-pending ]; do
@@ -230,7 +231,8 @@ in
       Group = config.users.users.c3d2-web.group;
       PrivateTmp = true;
       ProtectSystem = "full";
-      ReadWritePaths = webroot;
+      WorkingDirectory = config.users.users.c3d2-web.home;
+      ReadWritePaths = [ webroot config.users.users.c3d2-web.home ];
     };
   };