From c4dc2c17d591999bfc9b47c11a9c9e74eed7a05d Mon Sep 17 00:00:00 2001 From: Kabbone Date: Fri, 6 Oct 2023 21:54:08 +0200 Subject: [PATCH] microvm initial try definition microvm first running version microvm first running version --- flake.nix | 6 ++-- hosts/default.nix | 5 +-- hosts/desktop/default.nix | 3 +- hosts/desktop/microvm.nix | 72 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 hosts/desktop/microvm.nix diff --git a/flake.nix b/flake.nix index f16ee23..9edfb91 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-stable.url = "github:NixOS/nIxpkgs/nixos-23.05"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + microvm.url = "github:astro/microvm.nix"; + microvm.inputs.nixpkgs.follows = "nixpkgs"; home-manager = { # User Package Management url = "github:nix-community/home-manager"; @@ -35,7 +37,7 @@ }; }; - outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, agenix, jovian-nixos, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. + outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, agenix, jovian-nixos, microvm, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. let # Variables that can be used in the config files user = "kabbone"; location = "$HOME/.setup"; @@ -44,7 +46,7 @@ nixosConfigurations = ( # NixOS configurations import ./hosts { # Imports ./hosts/default.nix inherit (nixpkgs) lib; - inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos; # Also inherit home-manager so it does not need to be defined here. + inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos microvm; # Also inherit home-manager so it does not need to be defined here. nix.allowedUsers = [ "@wheel" ]; security.sudo.execWheelOnly = true; } diff --git a/hosts/default.nix b/hosts/default.nix index 99b0ad2..98aba30 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -11,7 +11,7 @@ # └─ ./home.nix # -{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, agenix, jovian-nixos, ... }: +{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, agenix, jovian-nixos, microvm, ... }: let system = "x86_64-linux"; # System architecture @@ -28,10 +28,11 @@ in { desktop = lib.nixosSystem { # Desktop profile inherit system; - specialArgs = { inherit inputs user location nixos-hardware nur agenix; }; + specialArgs = { inherit inputs user location nixos-hardware nur agenix microvm nixpkgs; }; modules = [ agenix.nixosModules.default nur.nixosModules.nur + microvm.nixosModules.host ./desktop ./configuration_desktop.nix ../modules/hardware/remoteBuilder.nix diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index 7f92a2e..a05a43f 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -17,7 +17,7 @@ # └─ default.nix # -{ config, pkgs, user, ... }: +{ config, nixpkgs, pkgs, user, ... }: { imports = # For now, if applying to other system, swap files @@ -25,6 +25,7 @@ #[(import ../../modules/desktop/hyprland/default.nix)] ++ # Window Manager [(import ../../modules/desktop/sway/default.nix)] ++ # Window Manager (import ../../modules/desktop/virtualisation) ++ # Docker + [(import ./microvm.nix)] ++ (import ../../modules/hardware); # Hardware devices boot = { # Boot options diff --git a/hosts/desktop/microvm.nix b/hosts/desktop/microvm.nix new file mode 100644 index 0000000..0df01d6 --- /dev/null +++ b/hosts/desktop/microvm.nix @@ -0,0 +1,72 @@ +{ microvm, nixpkgs, ... }: +let + name = "gitea"; +in +{ + microvm = { +# autostart = [ +# "gitea-runnervm" +# ]; + vms = { + ${name} = { + pkgs = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + + config = { + networking = { + hostName = "${name}-runner"; + firewall = { + enable = true; + #allowedUDPPorts = [ 53 67 ]; + #allowedTCPPorts = [ 53 80 443 9443 ]; + }; + }; + users.users."kabbone" = { # System User + isNormalUser = true; + extraGroups = [ "wheel" ]; + uid = 2000; + openssh.authorizedKeys.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de" + ]; + }; + services = { + openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + }; + + microvm = { + hypervisor = "cloud-hypervisor"; + vcpu = 4; + mem = 4096; + interfaces = [ + { + type = "macvtap"; + id = "${name}-tap"; + mac = "02:00:00:00:00:01"; + macvtap = { + link = "enp34s0"; + mode = "bridge"; + }; + } ]; + shares = [{ + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + }]; + #writableStoreOverlay = "/nix/.rw-store"; + #storeOnDisk = true; + }; + system.stateVersion = "23.05"; + }; + }; + }; + }; +}