copy microvm config

2024-01-17 21:28:15 +01:00 · 2024-01-17 21:28:15 +01:00 · 390cc30173
commit 390cc30173
parent dc2fe94c28
4 changed files with 124 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -152,6 +152,24 @@
        "type": "github"
      }
    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -196,6 +214,28 @@
        "type": "github"
      }
    },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1705263072,
+        "narHash": "sha256-DCqqaNWn9G81U+0Myyr36JrOKitcmS34oBWxqiHjabk=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "088ba565537eaef1041a87be5a44ca0daa4e1908",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1702272962,
@ -251,10 +291,27 @@
        "disko": "disko",
        "dns": "dns",
        "kubenix": "kubenix",
+        "microvm": "microvm",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable"
      }
    },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1703273931,
+        "narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=",
+        "ref": "refs/heads/main",
+        "rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691",
+        "revCount": 597,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -284,6 +341,21 @@
        "type": "indirect"
      }
    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "treefmt": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@ -24,10 +24,15 @@
      url = "github:kirelagin/dns.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs =
-    { self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, ... }:
+    { self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, microvm, ... }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
@ -72,6 +77,7 @@
        inherit system;
        specialArgs = { inherit kubenix dns; };
        modules = [
+          microvm.nixosModules.host
          machine.nixosModule
          disko.nixosModules.disko
          agenix.nixosModules.default
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@ -52,18 +52,49 @@
    name = "lewis";
    hostName = "lewis.hyp";

-    nixosModule.lab = {
-      dataHost.enable = true;
+    nixosModule = { pkgs, ... }: {
+      lab = {
+        dataHost.enable = true;

-      storage = {
-        osDisk = "/dev/sda";
-        dataPartition = "/dev/nvme0n1p1";
+        storage = {
+          osDisk = "/dev/sda";
+          dataPartition = "/dev/nvme0n1p1";
+        };
+
+        ssh = {
+          useCertificates = true;
+          hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
+          userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
+        };
      };

-      ssh = {
-        useCertificates = true;
-        hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
-        userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
+      microvm.vms.my-microvm.config = {
+        services.openssh.enable = true;
+        networking.firewall.enable = false;
+
+        users.users.root.openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
+        ];
+
+        programs.bash.interactiveShellInit = ''
+          echo "Hello world from inside a virtual machine!" | ${pkgs.lolcat}/bin/lolcat
+        '';
+
+        microvm = {
+          shares = [{
+            source = "/nix/store";
+            mountPoint = "/nix/.ro-store";
+            tag = "ro-store";
+            proto = "virtiofs";
+          }];
+
+          interfaces = [{
+            type = "tap";
+            id = "vm-my-microvm";
+            mac = "48:2D:63:E1:C5:39";
+          }];
+        };
      };
    };
  };
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@ -153,6 +153,11 @@ in {
              ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
          };
        };
+
+        "40-vms" = {
+          matchConfig.Name = "vm-*";
+          networkConfig.Bridge = cfg.dmzBridgeName;
+        };
      };
    };
  };