flake update

microvm first running version

microvm first running version

flake.lock

@@ -44,6 +44,24 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -72,11 +90,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1696737557,
+        "lastModified": 1697323135,
-        "narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
+        "narHash": "sha256-tlAv11c0NIRTk2IzpFxYknHrveeFXojVyCTAMg749Zg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
+        "rev": "d4a5076ea8c2c063c45e0165f9f75f69ef583e20",
         "type": "github"
       },
       "original": {
@@ -102,13 +120,34 @@
         "type": "github"
       }
     },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1697304130,
+        "narHash": "sha256-ovr9mPbMW9UxI1iSeQrIJO8Q2YfLTe8hcRkl6ec0v3c=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "38ce07ca9c5c02c391682defe0bfff947cc5d7a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1696614066,
+        "lastModified": 1697100850,
-        "narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
+        "narHash": "sha256-qSAzJVzNRIo+r3kBjL8TcpJctcgcHlnZyqdzpWgtg0M=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
+        "rev": "fb6af288f6cf0f00d3af60cf9d5110433b954565",
         "type": "github"
       },
       "original": {
@@ -120,11 +159,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1696604326,
+        "lastModified": 1697059129,
-        "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
+        "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
+        "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
         "type": "github"
       },
       "original": {
@@ -136,11 +175,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1696697597,
+        "lastModified": 1696983906,
-        "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=",
+        "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=",
         "owner": "NixOS",
         "repo": "nIxpkgs",
-        "rev": "5a237aecb57296f67276ac9ab296a41c23981f56",
+        "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51",
         "type": "github"
       },
       "original": {
@@ -152,11 +191,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1696853627,
+        "lastModified": 1697348381,
-        "narHash": "sha256-ELtKIGYJ/+xaCkMGkNktpyKuQz4UJj6jDWpjlFxnYiU=",
+        "narHash": "sha256-L7gyIq2koN2bQh4nbYTcJSEc5t/VpRyN2E16LmHvpeA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "50139018c48dd130a9b4fbd0756984cfe0dc88b7",
+        "rev": "b391ed27e3ac4083226c11bac3783ecbd6ad7d15",
         "type": "github"
       },
       "original": {
@@ -170,11 +209,27 @@
         "agenix": "agenix",
         "home-manager": "home-manager_2",
         "jovian-nixos": "jovian-nixos",
+        "microvm": "microvm",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-stable": "nixpkgs-stable",
         "nur": "nur"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -14,6 +14,8 @@
       nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
       nixpkgs-stable.url = "github:NixOS/nIxpkgs/nixos-23.05";
       nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+      microvm.url = "github:astro/microvm.nix";
+      microvm.inputs.nixpkgs.follows = "nixpkgs";
 
       home-manager = {                                                      # User Package Management
         url = "github:nix-community/home-manager";
@@ -35,7 +37,7 @@
       };
     };
 
-  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, agenix, jovian-nixos, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
+  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, agenix, jovian-nixos, microvm, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
     let                                                                     # Variables that can be used in the config files
       user = "kabbone";
       location = "$HOME/.setup";
@@ -44,7 +46,7 @@
       nixosConfigurations = (                                               # NixOS configurations
         import ./hosts {                                                    # Imports ./hosts/default.nix
           inherit (nixpkgs) lib;
-          inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos;   # Also inherit home-manager so it does not need to be defined here.
+          inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos microvm;   # Also inherit home-manager so it does not need to be defined here.
           nix.allowedUsers = [ "@wheel" ];
           security.sudo.execWheelOnly = true;
         }

hosts/default.nix

@@ -11,7 +11,7 @@
 #            └─ ./home.nix 
 #
 
-{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, agenix, jovian-nixos, ... }:
+{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, agenix, jovian-nixos, microvm, ... }:
 
 let
   system = "x86_64-linux";                                  # System architecture
@@ -28,10 +28,11 @@ in
 {
   desktop = lib.nixosSystem {                                # Desktop profile
     inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs user location nixos-hardware nur agenix microvm nixpkgs; };
     modules = [
       agenix.nixosModules.default
       nur.nixosModules.nur
+      microvm.nixosModules.host
       ./desktop
       ./configuration_desktop.nix
       ../modules/hardware/remoteBuilder.nix

hosts/desktop/default.nix

@@ -17,7 +17,7 @@
 #           └─ default.nix
 #
 
-{ config, pkgs, user, ... }:
+{ config, nixpkgs, pkgs, user, ... }:
 
 {
   imports =                                                         # For now, if applying to other system, swap files
@@ -25,6 +25,7 @@
     #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
     [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
     (import ../../modules/desktop/virtualisation) ++   # Docker
+    [(import ./microvm.nix)] ++
     (import ../../modules/hardware);                                # Hardware devices
 
   boot = {                                  # Boot options

hosts/desktop/hardware-configuration.nix

@@ -130,12 +130,9 @@
               matchConfig.Name = "enp34s0";
               ntp = [ "192.168.2.1" ];
               domains = [ "home.opel-online.de" ];
-              ipv6AcceptRAConfig = {
-                  DHCPv6Client = "always";
-                  UseDNS = true;
-              };
               networkConfig = {
                 DHCP = "yes";
+                IPv6AcceptRA = true;
               };
           };
       };

hosts/desktop/microvm.nix

@@ -0,0 +1,72 @@
+{ microvm, nixpkgs, ... }:
+let
+  name = "gitea";
+in
+{
+  microvm = {
+#    autostart = [
+#      "gitea-runnervm"
+#    ];
+    vms = {
+      ${name} = {
+        pkgs = import nixpkgs {
+          system = "x86_64-linux";
+          config.allowUnfree = true;
+        };
+
+        config = {
+          networking = {
+            hostName = "${name}-runner";
+            firewall = {
+              enable = true;
+                #allowedUDPPorts = [ 53 67 ];
+                #allowedTCPPorts = [ 53 80 443 9443 ];
+            };
+          };
+          users.users."kabbone" = {                   # System User
+            isNormalUser = true;
+            extraGroups = [ "wheel" ];
+            uid = 2000;
+            openssh.authorizedKeys.keys = [
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
+            ];
+          };
+          services = {
+            openssh = {
+              enable = true;
+              settings.PasswordAuthentication = false;
+            };
+          };
+
+          microvm = {
+            hypervisor = "cloud-hypervisor";
+            vcpu = 4;
+            mem = 4096;
+            interfaces = [
+            {
+              type = "macvtap";
+              id = "${name}-tap";
+              mac = "02:00:00:00:00:01";
+              macvtap = {
+                  link = "enp34s0";
+                  mode = "bridge";
+              };
+            } ];
+             shares = [{
+              source = "/nix/store";
+              mountPoint = "/nix/.ro-store";
+              tag = "ro-store";
+              proto = "virtiofs";
+            }];
+            #writableStoreOverlay = "/nix/.rw-store";
+            #storeOnDisk = true;
+          };
+        system.stateVersion = "23.05";
+        };
+      };
+    };
+  };
+}

modules/desktop/gnome/default.nix

@@ -20,8 +20,8 @@
       gnomeExtensions.dash-to-dock
       gnomeExtensions.appindicator
       flatpak
-      rocm-opencl-icd
+      rocmPackages.clr.icd
-      rocm-opencl-runtime
+      rocmPackages.clr
       clinfo
     ];
 

modules/desktop/kde/default.nix

@@ -16,8 +16,8 @@
 
     environment.systemPackages = with pkgs; [
       flatpak
-      rocm-opencl-icd
+      rocmPackages.clr.icd
-      rocm-opencl-runtime
+      rocmPackages.clr
       clinfo
       libsForQt5.discover
       maliit-keyboard

modules/desktop/sway/default.nix

@@ -37,8 +37,8 @@
       grim
       bemenu
       lxqt.lxqt-openssh-askpass
-      rocm-opencl-icd
+      rocmPackages.clr.icd
-      rocm-opencl-runtime
+      rocmPackages.clr
       clinfo
     ];
   };

modules/desktop/virtualisation/default.nix

@@ -13,5 +13,5 @@
 
 [
   ./docker.nix
-  ./qemu.nix
+#  ./qemu.nix
 ]