hosts: server: microvm nat

2024-01-21 09:54:32 +01:00 · 2024-01-21 09:54:32 +01:00 · 4a876f27d3
commit 4a876f27d3
parent f4eb08097a
1 changed files with 48 additions and 6 deletions
--- a/modules/services/server/microvm.nix
+++ b/modules/services/server/microvm.nix
@ -1,8 +1,45 @@
-{ config, microvm, nixpkgs, user, agenix, impermanence, ... }:
+{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
+  systemd.network = {
+      enable = true;
+      netdevs."10-microvm".netdevConfig = {
+          Kind = "bridge";
+          Name = "microvm";
+      };
+      networks = {
+          "10-microvm" = {
+              matchConfig.Name = "microvm";
+              networkConfig = {
+                DHCP = "yes";
+                IPv6AcceptRA = true;
+              };
+              addresses = [ {
+                  addressConfig.Address = "10.0.0.1/24";
+              } {
+                  addressConfig.Address = "fd12:3456:789a::1/64";
+              } ];
+              ipv6Prefixes = [ {
+                  ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
+              } ];
+          };
+          "11-microvm" = {
+              matchConfig.Name = "vm-*";
+              networkConfig.Bridge = "microvm";
+          };
+      };
+  };
+  networking =  {
+      nat = {
+          enable = true;
+          enableIPv6 = true;
+          externalInterface = "ens18";
+          internalInterfaces = [ "microvm" ];
+      };
+  };
+
  microvm = {
    autostart = [
      name
@ -10,12 +47,14 @@ in
    vms = {
      ${name} = {

-        pkgs = import nixpkgs {
-          system = "x86_64-linux";
-          config.allowUnfree = true;
-        };
+        inherit pkgs;

        config = {
+          #pkgs = import nixpkgs {
+          #  system = "x86_64-linux";
+          #  config.allowUnfree = true;
+          #};
+
          imports = 
            [ agenix.nixosModules.default ] ++
            [ impermanence.nixosModules.impermanence ] ++
@ -43,6 +82,7 @@ in
              };
          };

+
          users.users.${user} = {                   # System User
            isNormalUser = true;
            extraGroups = [ "wheel" ];
@ -71,7 +111,7 @@ in
            };
          };

-          fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true;
+          fileSystems."/persist".neededForBoot = lib.mkForce true;

          environment.persistence."/persist" = {
              directories = [
@ -88,6 +128,8 @@ in
            hypervisor = "cloud-hypervisor";
            vcpu = 4;
            mem = 4096;
+            balloonMem = 4096;
+            #kernel = pkgs.linuxKernel.packages.linux_latest;
            interfaces = [
            {
              type = "macvtap";