nixos-servers/nixos/machines/default.nix

{
  jefke = {
    name = "jefke";
    hostName = "jefke.hyp";

    nixosModule.lab = {
      terraformDatabase.enable = true;

      storage = {
        osDisk = "/dev/sda";
        dataPartition = "/dev/nvme0n1p1";
      };

      ssh = {
        useCertificates = true;
        hostCert = builtins.readFile ./jefke_host_ed25519-cert.pub;
        userCert = builtins.readFile ./jefke_user_ed25519-cert.pub;
      };
    };
  };

  atlas = {
    name = "atlas";
    hostName = "atlas.hyp";

    nixosModule = { config, ... }:
      let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
      {
        lab = {
          networking = {
            # TODO: Ideally, we don't have to set this here.
            staticDMZIPv4Address = "${dmzServicesIPv4}/24";
            staticDMZIPv6Address = "${dmzServicesIPv6}/64";
            dmzServices.enable = true;
          };

          storage = {
            osDisk = "/dev/sda";
            dataPartition = "/dev/nvme0n1p1";
          };

          ssh = {
            useCertificates = true;
            hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
            userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
          };
        };
      };
  };

  lewis = {
    name = "lewis";
    hostName = "lewis.hyp";

    nixosModule = { pkgs, ... }: {
      lab = {
        dataHost.enable = true;

        storage = {
          osDisk = "/dev/sda";
          dataPartition = "/dev/nvme0n1p1";
        };

        ssh = {
          useCertificates = true;
          hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
          userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
        };
      };

      microvm.vms.my-microvm.config = {
        services.openssh.enable = true;
        networking.firewall.enable = false;

        users.users.root.openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
        ];

        programs.bash.interactiveShellInit = ''
          echo "Hello world from inside a virtual machine!" | ${pkgs.lolcat}/bin/lolcat
        '';

        microvm = {
          shares = [{
            source = "/nix/store";
            mountPoint = "/nix/.ro-store";
            tag = "ro-store";
            proto = "virtiofs";
          }];

          interfaces = [{
            type = "tap";
            id = "vm-my-microvm";
            mac = "48:2D:63:E1:C5:39";
          }];
        };
      };
    };
  };
}