{ atlas = { type = "physical"; nixosModule.lab = { storage = { osDisk = "/dev/sda"; dataPartition = "/dev/nvme0n1p1"; }; ssh = { useCertificates = true; hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt; userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt; }; }; }; jefke = { type = "physical"; nixosModule = { lab = { terraformDatabase.enable = true; storage = { osDisk = "/dev/sda"; dataPartition = "/dev/nvme0n1p1"; }; ssh = { useCertificates = true; hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt; userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt; }; }; }; }; lewis = { type = "physical"; nixosModule.lab = { backups.enable = true; data-sharing.enable = true; networking.dmz.allowConnectivity = true; storage = { osDisk = "/dev/sda"; dataPartition = "/dev/nvme0n1p1"; }; ssh = { useCertificates = true; hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt; userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt; }; }; }; # TODO: make leases persistent! hermes = { type = "virtual"; hypervisorName = "lewis"; nixosModule = { config, ... }: { lab = { networking.dmz.services.enable = true; vm = { # TODO: would be cool to create a check that a mac address is only ever assigned to one VM. id = 7; staticNetworking = true; staticIPv4 = config.lab.networking.dmz.ipv4.services; staticIPv6 = config.lab.networking.dmz.ipv6.services; }; }; microvm.shares = [{ source = "/var/lib/microvms/${config.networking.hostName}/shares/dnsmasq"; mountPoint = "/var/lib/dnsmasq"; tag = "dnsmasq"; proto = "virtiofs"; }]; }; }; maestro2 = { type = "virtual"; hypervisorName = "atlas"; nixosModule = { pkgs, lib, config, ... }: { lab.vm = { id = 1; staticNetworking = true; staticIPv4 = "192.168.30.42"; staticIPv6 = "2a0d:6e00:1a77:30::42"; }; microvm.shares = [{ source = "/var/lib/microvms/${config.networking.hostName}/shares/docker"; mountPoint = "/var/lib/docker"; tag = "docker"; proto = "virtiofs"; }]; networking = { nftables.enable = lib.mkForce false; firewall.enable = lib.mkForce false; }; virtualisation.docker = { enable = true; liveRestore = false; }; environment.systemPackages = with pkgs; [ (python311.withPackages (python-pkgs: [ python-pkgs.docker python-pkgs.requests python-pkgs.jsondiff python-pkgs.pyyaml ])) ]; }; }; bancomart2 = { type = "virtual"; hypervisorName = "jefke"; nixosModule = { pkgs, lib, config, ... }: { lab.vm.id = 2; microvm.shares = [{ source = "/var/lib/microvms/${config.networking.hostName}/shares/docker"; mountPoint = "/var/lib/docker"; tag = "docker"; proto = "virtiofs"; }]; networking = { nftables.enable = lib.mkForce false; firewall.enable = lib.mkForce false; }; virtualisation.docker = { enable = true; liveRestore = false; }; environment.systemPackages = with pkgs; [ (python311.withPackages (python-pkgs: [ python-pkgs.docker python-pkgs.requests python-pkgs.jsondiff python-pkgs.pyyaml ])) ]; }; }; vpay2 = { type = "virtual"; hypervisorName = "lewis"; nixosModule = { pkgs, lib, config, ... }: { lab.vm.id = 3; microvm.shares = [{ source = "/var/lib/microvms/${config.networking.hostName}/shares/docker"; mountPoint = "/var/lib/docker"; tag = "docker"; proto = "virtiofs"; }]; networking = { nftables.enable = lib.mkForce false; firewall.enable = lib.mkForce false; }; virtualisation.docker = { enable = true; liveRestore = false; }; environment.systemPackages = with pkgs; [ (python311.withPackages (python-pkgs: [ python-pkgs.docker python-pkgs.requests python-pkgs.jsondiff python-pkgs.pyyaml ])) ]; }; }; }