hosts: server: make runner persistent

hosts: server: switch runner to user networking
2024-01-21 14:16:39 +01:00 · 2024-01-21 14:01:57 +01:00
3 changed files with 24 additions and 63 deletions
--- a/modules/services/dmz/microvm.nix
+++ b/modules/services/dmz/microvm.nix
@ -24,7 +24,7 @@ in
          networking = {
            hostName = "${name}";

-            firewall = {
+           firewall = {
              enable = true;
                allowedUDPPorts = [  ];
                allowedTCPPorts = [  ];
@ -78,6 +78,7 @@ in
              directories = [
                "/var/lib/nixos"
                "/var/log"
+                "/var/lib/gitea-runner"
              ];

              files = [
--- a/modules/services/server/microvm.nix
+++ b/modules/services/server/microvm.nix
@ -3,42 +3,6 @@ let
  name = "gitea-runner";
 in
 {
-  systemd.network = {
-      enable = true;
-      netdevs."10-microvm".netdevConfig = {
-          Kind = "bridge";
-          Name = "microvm";
-      };
-      networks = {
-          "10-microvm" = {
-              matchConfig.Name = "microvm";
-              networkConfig = {
-                DHCP = "yes";
-                IPv6AcceptRA = true;
-              };
-              addresses = [ {
-                  addressConfig.Address = "10.0.0.1/24";
-              } {
-                  addressConfig.Address = "fd12:3456:789a::1/64";
-              } ];
-              ipv6Prefixes = [ {
-                  ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
-              } ];
-          };
-          "11-microvm" = {
-              matchConfig.Name = "vm-*";
-              networkConfig.Bridge = "microvm";
-          };
-      };
-  };
-  networking =  {
-      nat = {
-          enable = true;
-          enableIPv6 = true;
-          externalInterface = "ens18";
-          internalInterfaces = [ "microvm" ];
-      };
-  };

  microvm = {
    autostart = [
@ -117,6 +81,7 @@ in
              directories = [
                "/var/lib/nixos"
                "/var/log"
+                "/var/lib/gitea-runner"
              ];

              files = [
@ -125,20 +90,16 @@ in
          };

          microvm = {
-            hypervisor = "cloud-hypervisor";
+            hypervisor = "qemu";
            vcpu = 4;
            mem = 4096;
            balloonMem = 4096;
            #kernel = pkgs.linuxKernel.packages.linux_latest;
            interfaces = [
            {
-              type = "macvtap";
+              type = "user";
              id = "vm-${name}";
              mac = "04:00:00:00:00:01";
-              macvtap = {
-                  link = "ens18";
-                  mode = "bridge";
-              };
            } ];
             shares = [{
              source = "/nix/store";
--- a/secrets/services/gitea/serverrunner-token.age
+++ b/secrets/services/gitea/serverrunner-token.age
@ -1,22 +1,21 @@
 age-encryption.org/v1
-> ssh-ed25519 URAPyw voAi15csDCmcVbZP+WErs2/+vL3yVvRZa0SQW7g34B4
-WgGNr9IwKDGWqL+AeoVUc8jTkATmvRQ08s3neohc5fc
+-> ssh-ed25519 URAPyw KfgM30iObaBFnzr/qt52XYcaoL7gtG6uV3Y6WYzY8gs
+AK/uaa683L/ryApa+007fq4A1qVSVWxDd+LoeBHt0nQ
 -> ssh-rsa VtjGpQ
-j/9J3kb9EdqUuDaNgFjyi6dsoU5W0a8QNRXRvmVgCnxBTWuFsh/Un+Eyo19bXSgu
-JIPe/WtlQLwLVNiDhDcDAg7yVo/DSj81pqEQLYJz7X41NwjQMHcmn0W6ylrr1vl6
-7nC85aPrjSRnMsaHNox5ODYH3YdvLbX/yfVLZo1IydqyA+Aq6KOYd3kQ7lDaejhl
-7O1ynmEqOdTaXpV3MJTh98YFczFwm5hg+0OOrT5souCN61V/ny0qWgE6Y6KQh3P7
-WHvgwKX9j5qjMHF6j1nzsoJV1KFlaxCHPEyA3tsquB48JxSV7iC35gw+doUayKMa
-FuiVbYzCZuRhLZsyTEZiEIDIrAkM2kuQUpJZ8aBxtg70uGMPwjZ/xopHifNfrtFF
-xkd735W1shrYB4+HtnaYONkN0Le8XXUhzLuqmy6OQZ5g+9gnauctT3OfOwxMeArd
-U3zSSUvtp7j4HjfkZkVzO2VPjirfmv8y3lplHBCDGc2uMOp2POSok50AWXb9Eog5
-0eFyKADDsr5HhLCyqeWYAtKcEmy/C+8iLPJuQmotedhqWc/8SQahqid0R7xyn61g
-VBGoWi7OD9DUqDKwoaPEkPFXHn9WROjs0b9aLgm5a/CPPyf8q+DEFOPPhiPMzJ48
-kupKCoM2d8i8CRy7/kNsvQty08fjPWwwerJUC2RX33E
-> piv-p256 grR75w Ay9pizV/zj5k0ZAUNB/Sh7yDFWE5bsSg5m1s3T43s+U1
-abA2Gw5V6kOYR+38oqa7GCbsmCvdIrYuOXUk5c1UmEI
-> piv-p256 RQguQQ AwHtJavrSXgHos0kMpADmy8ziZUij3cmsFKpx/oE2Qn5
-haQG2+q3uYzgokcjB19hRgTwMn2F4EZJbYvcUqoHtx8
--- Nuj7KymDL26sjM6Yse24I7b5TemyuyNMtWcdYc0TWAM
-˝Šö’ŘM˝űßćâžň–0x3VŽ<56>›ÝŻ×®ąÝ%ó‘
-?ł–JĹFonČaŚőćM˛™˙§ĂČ‚AŹ}áý*!©ÎŰ§wvŚž
@aęĽ¨z
+JqNH1SH7MBFwibYKe+VQSuj9ceHyLMo0yWOk4KOLfoMXTBfRFYsqeS+G9p1sTCiJ
+I42DQHCustbQ77vElUAYt87v+s+0esK9z0HqSxuYeV2AovQ0FcV7AIrwA+m+eypv
+KObVeF+c0PSLaG2HMXSwd3MTXjH8PAwxDB+f+nF2cTYm7oaz5YpNjsMjjcoHxEVz
+GOkHWMujX1zxqdp0o0TZC4YhQa4BqF5MXX4IIVtSGMnzShCzubH47bWgLqTxFlnn
+bcSHFxldOaPiu/GUV/ygnSGassQJ6naWqu7DlqcdT+NWxARvCRn2Cx786Avi3LHY
+vmZFUwdtNkmLNL0jDkmwxT8styRl5ZKJ4IwmAn86O2TcUrqt/FFJ7ph8U0N0UjOe
+sD3YNLLC/KeaoiF+z5DJGmbI8YZdx/sInoDlkxWRcHSkqSBmorMTO9bLrsmMkwwa
+1dWhb/SUn2OAEv2juLhxZmUR7SrJBJCdLgkBtn3zVXbQvBkGPfzuurUhJP+VpbN6
+uTrBUG9Irki4Ns7q7OcrBc0aMpZEb+J8P1fXhXppw7LdL8b+4M2LrjIA4JqxY0Wf
+gI8NZnGdYxb9pcJuL4SXdHZyLyeMG1bC1bMeG5ihd7a9PasclO5LjIVF2OUWaE8s
+6TYh2bF4OE7c5rgvGbKrqLR5T3J29BOxPE5W4mExhes
+-> piv-p256 grR75w AxpHUU6Ng4C05fdWcUyEZXn3s5SH0PaAyNi9LNyO6X/l
+NWfALN4H5Txhi20Xa8ntZPbbbrW3aRegNObZB5pt+0I
+-> piv-p256 RQguQQ Au3A174gvw9p88Vt5KbrFs9AZM1YP/7hL1z+7dqmT0TE
+X/14RhuJnGihZ9YIpyfz8wjT6Ww88Z4B65Ju1jbM6rs
+--- KL1itlvz/yBCLl2CXz3bDu5fSQbT/3XxP2f9hufzSLA
+‘n\ô!èKã=WúÅ·Y,Å&f·%þoÚ	YŒúPÆYÆsàê_ÌsCbú,Oùènl…©¯W?¿¼¾—1ášS	ÄV4ÈJz
Author	SHA1	Message	Date
Kabbone	557aa480ee	hosts: server: make runner persistent	2024-01-21 14:16:39 +01:00
Kabbone	853ee2a917	hosts: server: switch runner to user networking	2024-01-21 14:01:57 +01:00