sys: final merge of dmz, hv into sys

1 files changed, 31 insertions, 16 deletions

diff --git a/sys/nspawn.nix b/sys/nspawn/dmz.nix
index cd6dbb0..080b32d 100644
--- a/sys/nspawn.nix
+++ b/sys/nspawn/dmz.nix
@@ -1,6 +1,7 @@
 { lib, config, flakes, pkgs, ... }:
 with lib; let
-  cfg = config.local;
+  cfg = config.local.nspawn.dmz;
+  inherit (config.local) mailHost;
 in
 {
   options.local.nspawn.dmz = with types; {
@@ -41,10 +42,10 @@ in
   # NixOS evidentemente no usa la segunda ruta por ser FHS, así que la duct tape
   # final es 'mkdir rootfs/usr/lib && touch rootfs/usr/lib/os-release'.
 
-  config = mkIf cfg.nspawn.dmz.enable {
+  config = mkIf cfg.enable {
     local = {
       mailHost = {
-        mdaListen = cfg.nspawn.dmz.hostAddr;
+        mdaListen = cfg.hostAddr;
         saslPort = 11000;
         lmtpPort = 11001;
       };
@@ -55,21 +56,35 @@ in
             containerModule = { ... }: {
               #TODO: urgente: bloquear puertos de dovecot a non-postfix con iptables
               config = {
-                boot.isContainer = true;
+                local = {
+                  preset.dmz = {
+                    enable = true;
+                    container = true;
+                  };
+
+                  mta = {
+                    mdaAddr = mailHost.mdaListen;
+                    inherit (mailHost) saslPort lmtpPort;
+                  };
+                };
 
-                local.mta = {
-                  mdaAddr = cfg.mailHost.mdaListen;
-                  inherit (cfg.mailHost) saslPort lmtpPort;
+                nixpkgs = {
+                  pkgs = mkDefault pkgs;
+                  localSystem = mkDefault pkgs.stdenv.hostPlatform;
                 };
               };
             };
           in
-          pkgs.nixos [
-            ../dmz
-            containerModule
-            flakes.nixpkgs.nixosModules.notDetected
-            flakes.impermanence.nixosModule
-          ];
+          # Tomado de la definición de pkgs.nixos junto con definición de nixpkgs.{pkgs,localSystem} arriba
+          import "${flakes.nixpkgs}/nixos/lib/eval-config.nix" {
+            modules = [
+              ../.
+              containerModule
+            ];
+
+            system = null;
+            specialArgs = { inherit flakes; };
+          };
 
         net = "10.34.3.0";
         netBits = 28;
@@ -85,7 +100,7 @@ in
           # idmap porque algunos hacks en nixpkgs (postfix-setup.service)
           # asumen que la store es de root
           "/nix/store:/nix/store:idmap"
-          "${cfg.nspawn.dmz.system.toplevel}/init:/sbin/init"
+          "${cfg.system.config.system.build.toplevel}/init:/sbin/init"
         ];
 
         networkConfig.Port = [
@@ -104,7 +119,7 @@ in
         };
 
         networkConfig = {
-          Address = "${cfg.nspawn.dmz.hostAddr}/${toString cfg.nspawn.dmz.netBits}";
+          Address = "${cfg.hostAddr}/${toString cfg.netBits}";
           LinkLocalAddressing = "yes";
           DHCPServer = "yes";
           IPMasquerade = "both";
@@ -137,7 +152,7 @@ in
       allowedTCPPorts = [ 25 80 443 ];
 
       interfaces.ve-dmz = {
-        allowedTCPPorts = [ cfg.mailHost.saslPort cfg.mailHost.lmtpPort ];
+        allowedTCPPorts = [ mailHost.saslPort mailHost.lmtpPort ];
         allowedUDPPorts = [ 67 ]; # DHCP
       };
     };