Add Incus to the server services, put Kitty on its own router for an extra public IP

hosts/kitty/default.nix

@@ -5,6 +5,8 @@
     ./disko
     ./filesystems
     ./hardware
+    ./network
+    ./services
   ];
 
   system = {
@@ -16,8 +18,4 @@
   };
 
   deployment.targetHost = "53f:dc2d:80c9:3ca2:4b15:ef4d:38a0:c868";
-
-  networking.hostId = "8745e22e";
-
-  services.nfs.server.enable = true;
 }

hosts/kitty/network/default.nix

@@ -0,0 +1,14 @@
+{ ... }:
+{
+  networking = {
+    interfaces."eno1".ipv4.addresses = [{
+      address = "11.2.0.1";
+      prefixLength = 8;
+    }];
+    defaultGateway = {
+      address = "11.1.0.1";
+      interface = "eno1";
+    };
+    hostId = "8745e22e";
+  };
+}

hosts/kitty/services/default.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  services = {
+    nfs.server.enable = true;
+    nginx.enable = true;
+  };
+
+  virtualisation.incus.enable = true;
+}

hosts/midas/network/default.nix

@@ -2,11 +2,11 @@
 {
   networking = {
     interfaces."enp0s31f6".ipv4.addresses = [{
-      address = "10.2.0.1";
+      address = "11.2.0.1";
       prefixLength = 8;
     }];
     defaultGateway = {
-      address = "10.1.0.1";
+      address = "11.1.0.1";
       interface = "enp0s31f6";
     };
     hostId = "38ba3f57";

modules/system/services/server/default.nix

@@ -4,6 +4,7 @@
     ./cfdyndns
     ./forgejo
     ./icecast
+    ./incus
     ./jellyfin
     ./mailserver
     ./mastodon

modules/system/services/server/incus/default.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+{
+  config = lib.mkIf config.virtualisation.incus.enable {
+    networking.firewall.interfaces.incusbr0 = let
+      ports = [
+        53
+        67
+      ];
+    in {
+      allowedTCPPorts = ports;
+      allowedUDPPorts = ports;
+    };
+
+    environment.persistence."/persist".directories = [ "/var/lib/incus" ];
+  };
+}

modules/system/users/main/default.nix

@@ -36,6 +36,7 @@
       "libvirtd"
       "qemu-libvirtd"
 
+      "incus-admin"
       "minecraft"
       "nfsShare"
       "nginx"