Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: dmz: make microvm host persistant

Browse Source
This commit is contained in:
Kabbone
2024-01-20 12:02:32 +01:00
parent e2f0c80e31
commit fc026c4157
24 changed files with 158 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
modules/services/dmz/microvm.nix
View File

@@ -1,11 +1,11 @@
{ config, microvm, nixpkgs, user, agenix, ... }:
{ config, microvm, nixpkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
"gitea-runnervm"
name
];
vms = {
${name} = {
@@ -15,11 +15,10 @@ in
config.allowUnfree = true;
};
#inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
@@ -46,6 +45,7 @@ in
users.users.${user} = { # System User
isNormalUser = true;
initialPassword = "runnertest";
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
@@ -59,9 +59,32 @@ in
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true;
environment.persistence."/persist" = {
directories = [
"/var/lib/nixos"
"/var/log"
];
files = [
"/etc/machine-id"
];
};
microvm = {
hypervisor = "cloud-hypervisor";
vcpu = 4;
@@ -81,6 +104,12 @@ in
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;