wip

2026-05-19 22:09:36 +02:00
parent 3f57b606a0
commit af36497035
7 changed files with 155 additions and 67 deletions
--- a/modules/server/containers/builder.nix
+++ b/modules/server/containers/builder.nix
@@ -1,47 +1,74 @@
 { config, lib, pkgs, serverCfg }:
 let 
-  builder =
-  { image ? null, imageStream ? null, imageFile ? null
-  , secret ? null
-  , subdomain ? null, subpath?null, port ? 0
-  , extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ]
-  , overrides ? { }
-  }:
-  let 
-    routerName = if subpath != null 
-                 then "${subdomain}-${lib.strings.sanitizeDerivationName subpath}" 
-                 else subdomain;
-    base = {
-    image = if imageStream != null then "${imageStream.imageName}:${imageStream.imageTag}" 
-            else if imageFile != null then "${imageFile.imageName}:${imageFile.imageTag}" else image;
-    imageStream = imageStream;
-    imageFile = imageFile;
+  contBuilder =
+    { image ? null, imageStream ? null, imageFile ? null
+    , secret ? null
+    , subdomain ? null, subpath?null, port ? null
+    , extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ]
+    , overrides ? { }
+    }:
+    let 
+      routerName = if subpath != null 
+                  then "${subdomain}-${lib.strings.sanitizeDerivationName subpath}" 
+                  else subdomain;
+      base = {
+      image = if imageStream != null then "${imageStream.imageName}:${imageStream.imageTag}" 
+              else if imageFile != null then "${imageFile.imageName}:${imageFile.imageTag}" else image;
+      imageStream = imageStream;
+      imageFile = imageFile;

-    environmentFiles = if secret!=null then [ config.sops.secrets."${lib.toUpper secret}".path ] else [];
-    environment = {
-      TZ = config.time.timeZone;
-    } // extraEnv;
+      environmentFiles = if secret!=null then [ config.sops.secrets."${lib.toUpper secret}".path ] else [];
+      environment = {
+        TZ = config.time.timeZone;
+      } // extraEnv;

-    labels = (if subdomain!=null then ({
-      "traefik.enable" = "true";
-      "traefik.http.routers.${routerName}.entrypoints" = "web-secure";
-      "traefik.http.routers.${routerName}.rule" = if subpath != null 
-        then "Host(`${subdomain}.${serverCfg.domain}`) && PathPrefix(`/${subpath}`)"
-        else "Host(`${subdomain}.${serverCfg.domain}`)";
-      "traefik.http.routers.${routerName}.tls" = "true";
-    } // lib.optionalAttrs (port!=null) {
-      "traefik.http.services.${routerName}.loadbalancer.server.port" = toString port;
-    }) else {
-      "traefik.enable" = "false";
-    }) // extraLabels;
+      labels = (if subdomain!=null then ({
+        "traefik.enable" = "true";
+        "traefik.http.routers.${routerName}.entrypoints" = "web-secure";
+        "traefik.http.routers.${routerName}.rule" = if subpath != null 
+          then "Host(`${subdomain}.${serverCfg.domain}`) && PathPrefix(`/${subpath}`)"
+          else "Host(`${subdomain}.${serverCfg.domain}`)";
+        "traefik.http.routers.${routerName}.tls" = "true";
+      } // lib.optionalAttrs (port!=null) {
+        "traefik.http.services.${routerName}.loadbalancer.server.port" = toString port;
+      }) else {
+        "traefik.enable" = "false";
+      }) // extraLabels;

-    extraOptions = extraOptions ++ [
-      "--add-host=host.containers.internal:host-gateway"
-    ];
-  };
-  in lib.recursiveUpdate base overrides;
+      extraOptions = [
+        "--add-host=host.containers.internal:host-gateway"
+      ] ++ extraOptions;
+    };
+    in lib.recursiveUpdate base overrides;
+  vmBuilder = { name, vm }: (import "${pkgs.path}/nixos/lib/eval-config.nix" {
+      system = "x86_64-linux";
+      modules = [ vm.cfg
+        ({ config, lib, modulesPath, ... }: {
+        imports = [
+          "${modulesPath}/profiles/qemu-guest.nix"
+          "${modulesPath}/virtualisation/qemu-vm.nix"
+        ];
+        networking.hostName = name;
+        networking.useDHCP = true; 
+        networking.firewall.enable = false;
+        services.qemuGuest.enable = true;
+        system.stateVersion = "25.11"; 
+        virtualisation = {
+          memorySize = vm.memory or 2048;
+          cores = vm.cores or 2;
+          forwardPorts = let
+            parsePortString = port: {
+              from = "host";
+              host.port = port;
+              guest.port = port;
+            };
+          in if (vm ? portForward && vm.portForward != null) then map parsePortString vm.portForward else [];
+        };})
+      ];
+    }.config.system.build.vm);
 in {
-  mkContainer = builder;
+  mkContainer = contBuilder;
+  mkVm = vmBuilder;
  mkData = { name, dir, vars?{} }: pkgs.runCommand name vars ''
    mkdir -p $out
    cp -r ${./data + "/${dir}"}/. $out/
@@ -52,4 +79,7 @@ in {
    done
  '';
  host = "host.containers.internal"; 
+  hostIp =  if (config.virtualisation.podman.defaultNetwork.settings ? subnets) 
+    then (builtins.elemAt config.virtualisation.podman.defaultNetwork.settings.subnets 0).gateway
+    else "10.88.0.1"; 
 }