Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:557aa480ee2f515e4423c59a80561144df91ff07
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
..
compare: Kabbone:4a876f27d33ad81fce89f4faa83b9df18cd9f136
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

No commits in common. "557aa480ee2f515e4423c59a80561144df91ff07" and "4a876f27d33ad81fce89f4faa83b9df18cd9f136" have entirely different histories.
557aa480ee ... 4a876f27d3

3 changed files with 63 additions and 24 deletions
Show Stats Expand all files Collapse all files

3
modules/services/dmz/microvm.nix
View File

@ -24,7 +24,7 @@ in
networking = { networking = {
hostName = "${name}"; hostName = "${name}";
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
allowedTCPPorts = [ ]; allowedTCPPorts = [ ];
@ -78,7 +78,6 @@ in
directories = [ directories = [
"/var/lib/nixos" "/var/lib/nixos"
"/var/log" "/var/log"
"/var/lib/gitea-runner"
]; ];
files = [ files = [

45
modules/services/server/microvm.nix
View File

@ -3,6 +3,42 @@ let
name = "gitea-runner"; name = "gitea-runner";
in in
{ {
systemd.network = {
enable = true;
netdevs."10-microvm".netdevConfig = {
Kind = "bridge";
Name = "microvm";
};
networks = {
"10-microvm" = {
matchConfig.Name = "microvm";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
addresses = [ {
addressConfig.Address = "10.0.0.1/24";
} {
addressConfig.Address = "fd12:3456:789a::1/64";
} ];
ipv6Prefixes = [ {
ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
} ];
};
"11-microvm" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microvm";
};
};
};
networking = {
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens18";
internalInterfaces = [ "microvm" ];
};
};
microvm = { microvm = {
autostart = [ autostart = [
@ -81,7 +117,6 @@ in
directories = [ directories = [
"/var/lib/nixos" "/var/lib/nixos"
"/var/log" "/var/log"
"/var/lib/gitea-runner"
]; ];
files = [ files = [
@ -90,16 +125,20 @@ in
}; };
microvm = { microvm = {
hypervisor = "qemu"; hypervisor = "cloud-hypervisor";
vcpu = 4; vcpu = 4;
mem = 4096; mem = 4096;
balloonMem = 4096; balloonMem = 4096;
#kernel = pkgs.linuxKernel.packages.linux_latest; #kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [ interfaces = [
{ {
type = "user"; type = "macvtap";
id = "vm-${name}"; id = "vm-${name}";
mac = "04:00:00:00:00:01"; mac = "04:00:00:00:00:01";
macvtap = {
link = "ens18";
mode = "bridge";
};
} ]; } ];
shares = [{ shares = [{
source = "/nix/store"; source = "/nix/store";

39
secrets/services/gitea/serverrunner-token.age
View File

@ -1,21 +1,22 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 URAPyw KfgM30iObaBFnzr/qt52XYcaoL7gtG6uV3Y6WYzY8gs -> ssh-ed25519 URAPyw voAi15csDCmcVbZP+WErs2/+vL3yVvRZa0SQW7g34B4
AK/uaa683L/ryApa+007fq4A1qVSVWxDd+LoeBHt0nQ WgGNr9IwKDGWqL+AeoVUc8jTkATmvRQ08s3neohc5fc
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
JqNH1SH7MBFwibYKe+VQSuj9ceHyLMo0yWOk4KOLfoMXTBfRFYsqeS+G9p1sTCiJ j/9J3kb9EdqUuDaNgFjyi6dsoU5W0a8QNRXRvmVgCnxBTWuFsh/Un+Eyo19bXSgu
I42DQHCustbQ77vElUAYt87v+s+0esK9z0HqSxuYeV2AovQ0FcV7AIrwA+m+eypv JIPe/WtlQLwLVNiDhDcDAg7yVo/DSj81pqEQLYJz7X41NwjQMHcmn0W6ylrr1vl6
KObVeF+c0PSLaG2HMXSwd3MTXjH8PAwxDB+f+nF2cTYm7oaz5YpNjsMjjcoHxEVz 7nC85aPrjSRnMsaHNox5ODYH3YdvLbX/yfVLZo1IydqyA+Aq6KOYd3kQ7lDaejhl
GOkHWMujX1zxqdp0o0TZC4YhQa4BqF5MXX4IIVtSGMnzShCzubH47bWgLqTxFlnn 7O1ynmEqOdTaXpV3MJTh98YFczFwm5hg+0OOrT5souCN61V/ny0qWgE6Y6KQh3P7
bcSHFxldOaPiu/GUV/ygnSGassQJ6naWqu7DlqcdT+NWxARvCRn2Cx786Avi3LHY WHvgwKX9j5qjMHF6j1nzsoJV1KFlaxCHPEyA3tsquB48JxSV7iC35gw+doUayKMa
vmZFUwdtNkmLNL0jDkmwxT8styRl5ZKJ4IwmAn86O2TcUrqt/FFJ7ph8U0N0UjOe FuiVbYzCZuRhLZsyTEZiEIDIrAkM2kuQUpJZ8aBxtg70uGMPwjZ/xopHifNfrtFF
sD3YNLLC/KeaoiF+z5DJGmbI8YZdx/sInoDlkxWRcHSkqSBmorMTO9bLrsmMkwwa xkd735W1shrYB4+HtnaYONkN0Le8XXUhzLuqmy6OQZ5g+9gnauctT3OfOwxMeArd
1dWhb/SUn2OAEv2juLhxZmUR7SrJBJCdLgkBtn3zVXbQvBkGPfzuurUhJP+VpbN6 U3zSSUvtp7j4HjfkZkVzO2VPjirfmv8y3lplHBCDGc2uMOp2POSok50AWXb9Eog5
uTrBUG9Irki4Ns7q7OcrBc0aMpZEb+J8P1fXhXppw7LdL8b+4M2LrjIA4JqxY0Wf 0eFyKADDsr5HhLCyqeWYAtKcEmy/C+8iLPJuQmotedhqWc/8SQahqid0R7xyn61g
gI8NZnGdYxb9pcJuL4SXdHZyLyeMG1bC1bMeG5ihd7a9PasclO5LjIVF2OUWaE8s VBGoWi7OD9DUqDKwoaPEkPFXHn9WROjs0b9aLgm5a/CPPyf8q+DEFOPPhiPMzJ48
6TYh2bF4OE7c5rgvGbKrqLR5T3J29BOxPE5W4mExhes kupKCoM2d8i8CRy7/kNsvQty08fjPWwwerJUC2RX33E
-> piv-p256 grR75w AxpHUU6Ng4C05fdWcUyEZXn3s5SH0PaAyNi9LNyO6X/l -> piv-p256 grR75w Ay9pizV/zj5k0ZAUNB/Sh7yDFWE5bsSg5m1s3T43s+U1
NWfALN4H5Txhi20Xa8ntZPbbbrW3aRegNObZB5pt+0I abA2Gw5V6kOYR+38oqa7GCbsmCvdIrYuOXUk5c1UmEI
-> piv-p256 RQguQQ Au3A174gvw9p88Vt5KbrFs9AZM1YP/7hL1z+7dqmT0TE -> piv-p256 RQguQQ AwHtJavrSXgHos0kMpADmy8ziZUij3cmsFKpx/oE2Qn5
X/14RhuJnGihZ9YIpyfz8wjT6Ww88Z4B65Ju1jbM6rs haQG2+q3uYzgokcjB19hRgTwMn2F4EZJbYvcUqoHtx8
--- KL1itlvz/yBCLl2CXz3bDu5fSQbT/3XxP2f9hufzSLA --- Nuj7KymDL26sjM6Yse24I7b5TemyuyNMtWcdYc0TWAM
n\ô!èKã=WúÅ·Y,Å&f ·%þoÚ YŒúPÆYÆsàê_ÌsCbú,Oùènl…©¯W?¿¼¾—1ášS ÄV4­ÈJz ˝ŠöŘM˝űßćâžň0x3VŽ<56>ݯ׮ąÝ%ó‘
?ł–JĹFonČaŚőćM˛™˙§ĂČAŹ}áý*!©ÎۧwvŚž @a꼨z