From 4a876f27d33ad81fce89f4faa83b9df18cd9f136 Mon Sep 17 00:00:00 2001
From: Kabbone <tobias@opel-online.de>
Date: Sun, 21 Jan 2024 09:54:32 +0100
Subject: [PATCH] hosts: server: microvm nat

---
 modules/services/server/microvm.nix | 54 +++++++++++++++++++++++++----
 1 file changed, 48 insertions(+), 6 deletions(-)

diff --git a/modules/services/server/microvm.nix b/modules/services/server/microvm.nix
index 353c37e..4201194 100644
--- a/modules/services/server/microvm.nix
+++ b/modules/services/server/microvm.nix
@@ -1,8 +1,45 @@
-{ config, microvm, nixpkgs, user, agenix, impermanence, ... }:
+{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
   name = "gitea-runner";
 in
 {
+  systemd.network = {
+      enable = true;
+      netdevs."10-microvm".netdevConfig = {
+          Kind = "bridge";
+          Name = "microvm";
+      };
+      networks = {
+          "10-microvm" = {
+              matchConfig.Name = "microvm";
+              networkConfig = {
+                DHCP = "yes";
+                IPv6AcceptRA = true;
+              };
+              addresses = [ {
+                  addressConfig.Address = "10.0.0.1/24";
+              } {
+                  addressConfig.Address = "fd12:3456:789a::1/64";
+              } ];
+              ipv6Prefixes = [ {
+                  ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
+              } ];
+          };
+          "11-microvm" = {
+              matchConfig.Name = "vm-*";
+              networkConfig.Bridge = "microvm";
+          };
+      };
+  };
+  networking =  {
+      nat = {
+          enable = true;
+          enableIPv6 = true;
+          externalInterface = "ens18";
+          internalInterfaces = [ "microvm" ];
+      };
+  };
+
   microvm = {
     autostart = [
       name
@@ -10,12 +47,14 @@ in
     vms = {
       ${name} = {
 
-        pkgs = import nixpkgs {
-          system = "x86_64-linux";
-          config.allowUnfree = true;
-        };
+        inherit pkgs;
 
         config = {
+          #pkgs = import nixpkgs {
+          #  system = "x86_64-linux";
+          #  config.allowUnfree = true;
+          #};
+
           imports = 
             [ agenix.nixosModules.default ] ++
             [ impermanence.nixosModules.impermanence ] ++
@@ -43,6 +82,7 @@ in
               };
           };
 
+
           users.users.${user} = {                   # System User
             isNormalUser = true;
             extraGroups = [ "wheel" ];
@@ -71,7 +111,7 @@ in
             };
           };
 
-          fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true;
+          fileSystems."/persist".neededForBoot = lib.mkForce true;
 
           environment.persistence."/persist" = {
               directories = [
@@ -88,6 +128,8 @@ in
             hypervisor = "cloud-hypervisor";
             vcpu = 4;
             mem = 4096;
+            balloonMem = 4096;
+            #kernel = pkgs.linuxKernel.packages.linux_latest;
             interfaces = [
             {
               type = "macvtap";