Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:4a876f27d33ad81fce89f4faa83b9df18cd9f136
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
...
compare: Kabbone:557aa480ee2f515e4423c59a80561144df91ff07
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

2 Commits
4a876f27d3 ... 557aa480ee

Author SHA1 Message Date
Kabbone
557aa480ee
hosts: server: make runner persistent 2024-01-21 14:16:39 +01:00
Kabbone
853ee2a917
hosts: server: switch runner to user networking 2024-01-21 14:01:57 +01:00
3 changed files with 24 additions and 63 deletions
Show Stats Expand all files Collapse all files

1
modules/services/dmz/microvm.nix
View File

@ -78,6 +78,7 @@ in
directories = [ directories = [
"/var/lib/nixos" "/var/lib/nixos"
"/var/log" "/var/log"
"/var/lib/gitea-runner"
]; ];
files = [ files = [

45
modules/services/server/microvm.nix
View File

@ -3,42 +3,6 @@ let
name = "gitea-runner"; name = "gitea-runner";
in in
{ {
systemd.network = {
enable = true;
netdevs."10-microvm".netdevConfig = {
Kind = "bridge";
Name = "microvm";
};
networks = {
"10-microvm" = {
matchConfig.Name = "microvm";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
addresses = [ {
addressConfig.Address = "10.0.0.1/24";
} {
addressConfig.Address = "fd12:3456:789a::1/64";
} ];
ipv6Prefixes = [ {
ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
} ];
};
"11-microvm" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microvm";
};
};
};
networking = {
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens18";
internalInterfaces = [ "microvm" ];
};
};
microvm = { microvm = {
autostart = [ autostart = [
@ -117,6 +81,7 @@ in
directories = [ directories = [
"/var/lib/nixos" "/var/lib/nixos"
"/var/log" "/var/log"
"/var/lib/gitea-runner"
]; ];
files = [ files = [
@ -125,20 +90,16 @@ in
}; };
microvm = { microvm = {
hypervisor = "cloud-hypervisor"; hypervisor = "qemu";
vcpu = 4; vcpu = 4;
mem = 4096; mem = 4096;
balloonMem = 4096; balloonMem = 4096;
#kernel = pkgs.linuxKernel.packages.linux_latest; #kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [ interfaces = [
{ {
type = "macvtap"; type = "user";
id = "vm-${name}"; id = "vm-${name}";
mac = "04:00:00:00:00:01"; mac = "04:00:00:00:00:01";
macvtap = {
link = "ens18";
mode = "bridge";
};
} ]; } ];
shares = [{ shares = [{
source = "/nix/store"; source = "/nix/store";

39
secrets/services/gitea/serverrunner-token.age
View File

@ -1,22 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 URAPyw voAi15csDCmcVbZP+WErs2/+vL3yVvRZa0SQW7g34B4 -> ssh-ed25519 URAPyw KfgM30iObaBFnzr/qt52XYcaoL7gtG6uV3Y6WYzY8gs
WgGNr9IwKDGWqL+AeoVUc8jTkATmvRQ08s3neohc5fc AK/uaa683L/ryApa+007fq4A1qVSVWxDd+LoeBHt0nQ
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
j/9J3kb9EdqUuDaNgFjyi6dsoU5W0a8QNRXRvmVgCnxBTWuFsh/Un+Eyo19bXSgu JqNH1SH7MBFwibYKe+VQSuj9ceHyLMo0yWOk4KOLfoMXTBfRFYsqeS+G9p1sTCiJ
JIPe/WtlQLwLVNiDhDcDAg7yVo/DSj81pqEQLYJz7X41NwjQMHcmn0W6ylrr1vl6 I42DQHCustbQ77vElUAYt87v+s+0esK9z0HqSxuYeV2AovQ0FcV7AIrwA+m+eypv
7nC85aPrjSRnMsaHNox5ODYH3YdvLbX/yfVLZo1IydqyA+Aq6KOYd3kQ7lDaejhl KObVeF+c0PSLaG2HMXSwd3MTXjH8PAwxDB+f+nF2cTYm7oaz5YpNjsMjjcoHxEVz
7O1ynmEqOdTaXpV3MJTh98YFczFwm5hg+0OOrT5souCN61V/ny0qWgE6Y6KQh3P7 GOkHWMujX1zxqdp0o0TZC4YhQa4BqF5MXX4IIVtSGMnzShCzubH47bWgLqTxFlnn
WHvgwKX9j5qjMHF6j1nzsoJV1KFlaxCHPEyA3tsquB48JxSV7iC35gw+doUayKMa bcSHFxldOaPiu/GUV/ygnSGassQJ6naWqu7DlqcdT+NWxARvCRn2Cx786Avi3LHY
FuiVbYzCZuRhLZsyTEZiEIDIrAkM2kuQUpJZ8aBxtg70uGMPwjZ/xopHifNfrtFF vmZFUwdtNkmLNL0jDkmwxT8styRl5ZKJ4IwmAn86O2TcUrqt/FFJ7ph8U0N0UjOe
xkd735W1shrYB4+HtnaYONkN0Le8XXUhzLuqmy6OQZ5g+9gnauctT3OfOwxMeArd sD3YNLLC/KeaoiF+z5DJGmbI8YZdx/sInoDlkxWRcHSkqSBmorMTO9bLrsmMkwwa
U3zSSUvtp7j4HjfkZkVzO2VPjirfmv8y3lplHBCDGc2uMOp2POSok50AWXb9Eog5 1dWhb/SUn2OAEv2juLhxZmUR7SrJBJCdLgkBtn3zVXbQvBkGPfzuurUhJP+VpbN6
0eFyKADDsr5HhLCyqeWYAtKcEmy/C+8iLPJuQmotedhqWc/8SQahqid0R7xyn61g uTrBUG9Irki4Ns7q7OcrBc0aMpZEb+J8P1fXhXppw7LdL8b+4M2LrjIA4JqxY0Wf
VBGoWi7OD9DUqDKwoaPEkPFXHn9WROjs0b9aLgm5a/CPPyf8q+DEFOPPhiPMzJ48 gI8NZnGdYxb9pcJuL4SXdHZyLyeMG1bC1bMeG5ihd7a9PasclO5LjIVF2OUWaE8s
kupKCoM2d8i8CRy7/kNsvQty08fjPWwwerJUC2RX33E 6TYh2bF4OE7c5rgvGbKrqLR5T3J29BOxPE5W4mExhes
-> piv-p256 grR75w Ay9pizV/zj5k0ZAUNB/Sh7yDFWE5bsSg5m1s3T43s+U1 -> piv-p256 grR75w AxpHUU6Ng4C05fdWcUyEZXn3s5SH0PaAyNi9LNyO6X/l
abA2Gw5V6kOYR+38oqa7GCbsmCvdIrYuOXUk5c1UmEI NWfALN4H5Txhi20Xa8ntZPbbbrW3aRegNObZB5pt+0I
-> piv-p256 RQguQQ AwHtJavrSXgHos0kMpADmy8ziZUij3cmsFKpx/oE2Qn5 -> piv-p256 RQguQQ Au3A174gvw9p88Vt5KbrFs9AZM1YP/7hL1z+7dqmT0TE
haQG2+q3uYzgokcjB19hRgTwMn2F4EZJbYvcUqoHtx8 X/14RhuJnGihZ9YIpyfz8wjT6Ww88Z4B65Ju1jbM6rs
--- Nuj7KymDL26sjM6Yse24I7b5TemyuyNMtWcdYc0TWAM --- KL1itlvz/yBCLl2CXz3bDu5fSQbT/3XxP2f9hufzSLA
˝ŠöŘM˝űßćâžň0x3VŽ<56>ݯ׮ąÝ%ó‘ n\ô!èKã=WúÅ·Y,Å&f ·%þoÚ YŒúPÆYÆsàê_ÌsCbú,Oùènl…©¯W?¿¼¾—1ášS ÄV4­ÈJz
?ł–JĹFonČaŚőćM˛™˙§ĂČAŹ}áý*!©ÎۧwvŚž @a꼨z