From 390cc301734e5fab5808f56e4192fa6cf5ec94f3 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 17 Jan 2024 21:28:15 +0100
Subject: [PATCH] copy microvm config

---
 flake.lock                           | 72 ++++++++++++++++++++++++++++
 flake.nix                            |  8 +++-
 nixos/machines/default.nix           | 49 +++++++++++++++----
 nixos/modules/networking/default.nix |  5 ++
 4 files changed, 124 insertions(+), 10 deletions(-)

diff --git a/flake.lock b/flake.lock
index d5b79c3..c98670d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -152,6 +152,24 @@
         "type": "github"
       }
     },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -196,6 +214,28 @@
         "type": "github"
       }
     },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1705263072,
+        "narHash": "sha256-DCqqaNWn9G81U+0Myyr36JrOKitcmS34oBWxqiHjabk=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "088ba565537eaef1041a87be5a44ca0daa4e1908",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1702272962,
@@ -251,10 +291,27 @@
         "disko": "disko",
         "dns": "dns",
         "kubenix": "kubenix",
+        "microvm": "microvm",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable"
       }
     },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1703273931,
+        "narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=",
+        "ref": "refs/heads/main",
+        "rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691",
+        "revCount": 597,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -284,6 +341,21 @@
         "type": "indirect"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "treefmt": {
       "inputs": {
         "nixpkgs": [
diff --git a/flake.nix b/flake.nix
index 62a54d1..0621b5f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,10 +24,15 @@
       url = "github:kirelagin/dns.nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
-    { self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, ... }:
+    { self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, microvm, ... }:
     let
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
@@ -72,6 +77,7 @@
         inherit system;
         specialArgs = { inherit kubenix dns; };
         modules = [
+          microvm.nixosModules.host
           machine.nixosModule
           disko.nixosModules.disko
           agenix.nixosModules.default
diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index b0264d0..558d110 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -52,18 +52,49 @@
     name = "lewis";
     hostName = "lewis.hyp";
 
-    nixosModule.lab = {
-      dataHost.enable = true;
+    nixosModule = { pkgs, ... }: {
+      lab = {
+        dataHost.enable = true;
 
-      storage = {
-        osDisk = "/dev/sda";
-        dataPartition = "/dev/nvme0n1p1";
+        storage = {
+          osDisk = "/dev/sda";
+          dataPartition = "/dev/nvme0n1p1";
+        };
+
+        ssh = {
+          useCertificates = true;
+          hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
+          userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
+        };
       };
 
-      ssh = {
-        useCertificates = true;
-        hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
-        userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
+      microvm.vms.my-microvm.config = {
+        services.openssh.enable = true;
+        networking.firewall.enable = false;
+
+        users.users.root.openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
+        ];
+
+        programs.bash.interactiveShellInit = ''
+          echo "Hello world from inside a virtual machine!" | ${pkgs.lolcat}/bin/lolcat
+        '';
+
+        microvm = {
+          shares = [{
+            source = "/nix/store";
+            mountPoint = "/nix/.ro-store";
+            tag = "ro-store";
+            proto = "virtiofs";
+          }];
+
+          interfaces = [{
+            type = "tap";
+            id = "vm-my-microvm";
+            mac = "48:2D:63:E1:C5:39";
+          }];
+        };
       };
     };
   };
diff --git a/nixos/modules/networking/default.nix b/nixos/modules/networking/default.nix
index eb5d409..de60475 100644
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@@ -153,6 +153,11 @@ in {
               ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
           };
         };
+
+        "40-vms" = {
+          matchConfig.Name = "vm-*";
+          networkConfig.Bridge = cfg.dmzBridgeName;
+        };
       };
     };
   };