Trying to get nginx-ingress to bind to my host ports

I have recently deployed a kubernetes cluster on my bare-metal. I host several domains, and want to use the nginx-ingress plugin to map requests to appropriate services. I installed the ingress plugin as shown here: NGINX Docs | Installation with Manifests.

I chose to deploy it as a daemon set. Only one of my machines has a static IP right now. DNS records point at this machine. I want nginx to simply reverse proxy to the containers in my cluster based on the virtual host.

I set up a virtualserver mapping. I have all the controllers running as a daemonset on the appropriate node. The only issue is that absolutely no port is bound. It seems that the daemonset hostPort mapping is simply not propagated. I can curl the container directly using the IP address from kubectl describe pod. I can’t reach it from my public ip, or the localhost loopback adapter.

I’ve also tried adding hostNetwork. No luck.

Here is the daemonset config (ip=static is the node selector for my one machine with static IP):

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-ingress
  namespace: http-nginx-ingress
spec:
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
     #annotations:
       #prometheus.io/scrape: "true"
       #prometheus.io/port: "9113"
    spec:
      hostNetwork: true
      nodeSelector:
        ip: static
      serviceAccountName: nginx-ingress
      containers:
      - image: nginx/nginx-ingress:edge
        imagePullPolicy: Always
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        - name: readiness-port
          containerPort: 8081
       #- name: prometheus
         #containerPort: 9113
        readinessProbe:
         httpGet:
           path: /nginx-ready
           port: readiness-port
         periodSeconds: 1
        securityContext:
          allowPrivilegeEscalation: true
          runAsUser: 101 #nginx
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        args:
          - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
         #- -v=3 # Enables extensive logging. Useful for troubleshooting.
         #- -report-ingress-status
         #- -external-service=nginx-ingress
         #- -enable-prometheus-metrics
         #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration

Cluster information:

Kubernetes version: 1.19
Cloud being used: bare-metal
Installation method: via nixpkgs
Host OS: NixOS
CNI and version: flannel 0.12
CRI and version: docker