microvm initial try definition

microvm first running version

microvm first running version

flake.nix

@@ -14,6 +14,8 @@
       nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
       nixpkgs-stable.url = "github:NixOS/nIxpkgs/nixos-23.05";
       nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+      microvm.url = "github:astro/microvm.nix";
+      microvm.inputs.nixpkgs.follows = "nixpkgs";
 
       home-manager = {                                                      # User Package Management
         url = "github:nix-community/home-manager";
@@ -35,7 +37,7 @@
       };
     };
 
-  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, agenix, jovian-nixos, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
+  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, agenix, jovian-nixos, microvm, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
     let                                                                     # Variables that can be used in the config files
       user = "kabbone";
       location = "$HOME/.setup";
@@ -44,7 +46,7 @@
       nixosConfigurations = (                                               # NixOS configurations
         import ./hosts {                                                    # Imports ./hosts/default.nix
           inherit (nixpkgs) lib;
-          inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos;   # Also inherit home-manager so it does not need to be defined here.
+          inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos microvm;   # Also inherit home-manager so it does not need to be defined here.
           nix.allowedUsers = [ "@wheel" ];
           security.sudo.execWheelOnly = true;
         }

hosts/default.nix

@@ -11,7 +11,7 @@
 #            └─ ./home.nix 
 #
 
-{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, agenix, jovian-nixos, ... }:
+{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, agenix, jovian-nixos, microvm, ... }:
 
 let
   system = "x86_64-linux";                                  # System architecture
@@ -28,10 +28,11 @@ in
 {
   desktop = lib.nixosSystem {                                # Desktop profile
     inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs user location nixos-hardware nur agenix microvm nixpkgs; };
     modules = [
       agenix.nixosModules.default
       nur.nixosModules.nur
+      microvm.nixosModules.host
       ./desktop
       ./configuration_desktop.nix
       ../modules/hardware/remoteBuilder.nix

hosts/desktop/default.nix

@@ -17,7 +17,7 @@
 #           └─ default.nix
 #
 
-{ config, pkgs, user, ... }:
+{ config, nixpkgs, pkgs, user, ... }:
 
 {
   imports =                                                         # For now, if applying to other system, swap files
@@ -25,6 +25,7 @@
     #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
     [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
     (import ../../modules/desktop/virtualisation) ++   # Docker
+    [(import ./microvm.nix)] ++
     (import ../../modules/hardware);                                # Hardware devices
 
   boot = {                                  # Boot options

hosts/desktop/microvm.nix

@@ -0,0 +1,72 @@
+{ microvm, nixpkgs, ... }:
+let
+  name = "gitea";
+in
+{
+  microvm = {
+#    autostart = [
+#      "gitea-runnervm"
+#    ];
+    vms = {
+      ${name} = {
+        pkgs = import nixpkgs {
+          system = "x86_64-linux";
+          config.allowUnfree = true;
+        };
+
+        config = {
+          networking = {
+            hostName = "${name}-runner";
+            firewall = {
+              enable = true;
+                #allowedUDPPorts = [ 53 67 ];
+                #allowedTCPPorts = [ 53 80 443 9443 ];
+            };
+          };
+          users.users."kabbone" = {                   # System User
+            isNormalUser = true;
+            extraGroups = [ "wheel" ];
+            uid = 2000;
+            openssh.authorizedKeys.keys = [
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
+            ];
+          };
+          services = {
+            openssh = {
+              enable = true;
+              settings.PasswordAuthentication = false;
+            };
+          };
+
+          microvm = {
+            hypervisor = "cloud-hypervisor";
+            vcpu = 4;
+            mem = 4096;
+            interfaces = [
+            {
+              type = "macvtap";
+              id = "${name}-tap";
+              mac = "02:00:00:00:00:01";
+              macvtap = {
+                  link = "enp34s0";
+                  mode = "bridge";
+              };
+            } ];
+             shares = [{
+              source = "/nix/store";
+              mountPoint = "/nix/.ro-store";
+              tag = "ro-store";
+              proto = "virtiofs";
+            }];
+            #writableStoreOverlay = "/nix/.rw-store";
+            #storeOnDisk = true;
+          };
+        system.stateVersion = "23.05";
+        };
+      };
+    };
+  };
+}