change nixos -> nix
This commit is contained in:
parent
e80a3d65ac
commit
79669b27f8
50 changed files with 5 additions and 5 deletions
94
nix/virtual/default.nix
Normal file
94
nix/virtual/default.nix
Normal file
|
|
@ -0,0 +1,94 @@
|
|||
{ pkgs, lib, config, hypervisorConfig, ... }: {
|
||||
imports = [ ./docker_swarm.nix ];
|
||||
|
||||
options.lab.vm = {
|
||||
# TODO: make global.
|
||||
baseMACAddress = lib.mkOption {
|
||||
default = "BA:DB:EE:F0:00:00";
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Base MAC address for VMs in the DMZ.
|
||||
'';
|
||||
};
|
||||
|
||||
id = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = ''
|
||||
Unique identifier of this VM from wich the MAC address is derived.
|
||||
'';
|
||||
};
|
||||
|
||||
shares = lib.mkOption {
|
||||
default = [ ];
|
||||
description = ''
|
||||
Directories mounted on the VM using VirtioFS.
|
||||
'';
|
||||
type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The name of the directory share.
|
||||
'';
|
||||
};
|
||||
|
||||
mountPoint = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The mount point of the directory share inside the virtual machine.
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
system.stateVersion = hypervisorConfig.system.stateVersion;
|
||||
|
||||
lab.vm.shares = [{
|
||||
name = "host_keys";
|
||||
mountPoint = "/etc/ssh/host_keys";
|
||||
}];
|
||||
|
||||
services.openssh =
|
||||
let
|
||||
hostKeyPath = "/etc/ssh/host_keys/ssh_host_ed25519_key";
|
||||
in
|
||||
{
|
||||
hostKeys = [{
|
||||
path = hostKeyPath;
|
||||
type = "ed25519";
|
||||
}];
|
||||
|
||||
extraConfig = ''
|
||||
HostKey ${hostKeyPath}
|
||||
'';
|
||||
};
|
||||
|
||||
microvm = {
|
||||
# TODO: make this dependent on the host CPU
|
||||
vcpu = 4;
|
||||
|
||||
shares = [{
|
||||
source = "/nix/store";
|
||||
mountPoint = "/nix/.ro-store";
|
||||
tag = "ro-store";
|
||||
proto = "virtiofs";
|
||||
}] ++ map
|
||||
(share: {
|
||||
source = "/var/lib/microvms/${config.networking.hostName}/shares/${share.name}";
|
||||
mountPoint = share.mountPoint;
|
||||
tag = share.name;
|
||||
proto = "virtiofs";
|
||||
})
|
||||
config.lab.vm.shares;
|
||||
|
||||
interfaces = [{
|
||||
type = "tap";
|
||||
id = "vm-${config.networking.hostName}";
|
||||
mac = pkgs.lib.net.mac.add config.lab.vm.id config.lab.vm.baseMACAddress;
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
39
nix/virtual/docker_swarm.nix
Normal file
39
nix/virtual/docker_swarm.nix
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, lib, config, machine, ... }:
|
||||
let
|
||||
cfg = config.lab.dockerSwarm;
|
||||
in
|
||||
{
|
||||
options.lab.dockerSwarm.enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Whether to enable Docker Swarm on this host.
|
||||
'';
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
lab.vm.shares = lib.mkIf machine.isVirtual [{
|
||||
name = "docker";
|
||||
mountPoint = "/var/lib/docker";
|
||||
}];
|
||||
|
||||
networking = {
|
||||
nftables.enable = lib.mkForce false;
|
||||
firewall.enable = lib.mkForce false;
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
liveRestore = false;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.python311.withPackages (python-pkgs: with python-pkgs; [
|
||||
docker
|
||||
requests
|
||||
jsondiff
|
||||
pyyaml
|
||||
]))
|
||||
];
|
||||
};
|
||||
}
|
||||
Reference in a new issue