home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

copy microvm config

Browse source
This commit is contained in:
Pim Kunis 2024-01-17 21:28:15 +01:00
parent dc2fe94c28
commit 390cc30173
4 changed files with 124 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
flake.lock
View file

@ -152,6 +152,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -196,6 +214,28 @@
"type": "github" "type": "github"
} }
}, },
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1705263072,
"narHash": "sha256-DCqqaNWn9G81U+0Myyr36JrOKitcmS34oBWxqiHjabk=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "088ba565537eaef1041a87be5a44ca0daa4e1908",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1702272962, "lastModified": 1702272962,
@ -251,10 +291,27 @@
"disko": "disko", "disko": "disko",
"dns": "dns", "dns": "dns",
"kubenix": "kubenix", "kubenix": "kubenix",
"microvm": "microvm",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1703273931,
"narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=",
"ref": "refs/heads/main",
"rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691",
"revCount": 597,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -284,6 +341,21 @@
"type": "indirect" "type": "indirect"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt": { "treefmt": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

8
flake.nix
View file

@ -24,10 +24,15 @@
url = "github:kirelagin/dns.nix"; url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
{ self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, ... }: { self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, microvm, ... }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
@ -72,6 +77,7 @@
inherit system; inherit system;
specialArgs = { inherit kubenix dns; }; specialArgs = { inherit kubenix dns; };
modules = [ modules = [
microvm.nixosModules.host
machine.nixosModule machine.nixosModule
disko.nixosModules.disko disko.nixosModules.disko
agenix.nixosModules.default agenix.nixosModules.default

49
nixos/machines/default.nix
View file

@ -52,18 +52,49 @@
name = "lewis"; name = "lewis";
hostName = "lewis.hyp"; hostName = "lewis.hyp";
nixosModule.lab = { nixosModule = { pkgs, ... }: {
dataHost.enable = true; lab = {
dataHost.enable = true;
storage = { storage = {
osDisk = "/dev/sda"; osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1"; dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
};
}; };
ssh = { microvm.vms.my-microvm.config = {
useCertificates = true; services.openssh.enable = true;
hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub; networking.firewall.enable = false;
userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
];
programs.bash.interactiveShellInit = ''
echo "Hello world from inside a virtual machine!" | ${pkgs.lolcat}/bin/lolcat
'';
microvm = {
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}];
interfaces = [{
type = "tap";
id = "vm-my-microvm";
mac = "48:2D:63:E1:C5:39";
}];
};
}; };
}; };
}; };

5
nixos/modules/networking/default.nix
View file

@ -153,6 +153,11 @@ in {
++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address; ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
}; };
}; };
"40-vms" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = cfg.dmzBridgeName;
};
}; };
}; };
}; };