wip: continue migration

2026-04-14 21:29:12 +02:00 · 2026-04-03 22:55:16 +02:00 · 2026-04-03 22:55:16 +02:00 · fa9bd32b0b
commit fa9bd32b0b
parent 7ce27d5d2f
129 changed files with 6252 additions and 106 deletions
--- a/hosds/nixos/x86_64-linux/hintbooth/guests/nginx/default.nix
+++ b/hosds/nixos/x86_64-linux/hintbooth/guests/nginx/default.nix
@ -0,0 +1,61 @@
+{ self, config, lib, minimal, globals, confLib, ... }:
+let
+  inherit (confLib.static) nginxAccessRules;
+in
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+    "${self}/modules/nixos/optional/microvm-guest-shares.nix"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = config.node.name;
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+      };
+    };
+  };
+
+  globals.general.homeWebProxy = config.node.name;
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 3072 * 1;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    nginx = true;
+  };
+
+  services.nginx = {
+    upstreams.fritzbox = {
+      servers.${globals.networks.home-lan.hosts.fritzbox.ipv4} = { };
+    };
+    virtualHosts.${globals.services.fritzbox.domain} = {
+      useACMEHost = globals.domains.main;
+      forceSSL = true;
+      acmeRoot = null;
+      locations."/" = {
+        proxyPass = "http://fritzbox";
+        proxyWebsockets = true;
+      };
+      extraConfig = ''
+        proxy_ssl_verify off;
+      '' + nginxAccessRules;
+    };
+  };
+
+}