{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }: let name = "gitea-runner"; in { systemd.network = { enable = true; netdevs."10-microvm".netdevConfig = { Kind = "bridge"; Name = "microvm"; }; networks = { "10-microvm" = { matchConfig.Name = "microvm"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; addresses = [ { addressConfig.Address = "10.0.0.1/24"; } { addressConfig.Address = "fd12:3456:789a::1/64"; } ]; ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; } ]; }; "11-microvm" = { matchConfig.Name = "vm-*"; networkConfig.Bridge = "microvm"; }; }; }; networking = { nat = { enable = true; enableIPv6 = true; externalInterface = "ens18"; internalInterfaces = [ "microvm" ]; }; }; microvm = { autostart = [ name ]; vms = { ${name} = { inherit pkgs; config = { #pkgs = import nixpkgs { # system = "x86_64-linux"; # config.allowUnfree = true; #}; imports = [ agenix.nixosModules.default ] ++ [ impermanence.nixosModules.impermanence ] ++ [( ./gitea_runner.nix )]; networking = { hostName = "${name}"; firewall = { enable = true; allowedUDPPorts = [ ]; allowedTCPPorts = [ ]; }; }; systemd.network = { enable = true; networks = { "10-lan" = { matchConfig.Name = "*"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; }; }; }; users.users.${user} = { # System User isNormalUser = true; extraGroups = [ "wheel" ]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de" ]; }; services = { openssh = { enable = true; settings.PasswordAuthentication = false; hostKeys = [ { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }]; }; }; fileSystems."/persist".neededForBoot = lib.mkForce true; environment.persistence."/persist" = { directories = [ "/var/lib/nixos" "/var/log" ]; files = [ "/etc/machine-id" ]; }; microvm = { hypervisor = "cloud-hypervisor"; vcpu = 4; mem = 4096; balloonMem = 4096; #kernel = pkgs.linuxKernel.packages.linux_latest; interfaces = [ { type = "macvtap"; id = "vm-${name}"; mac = "04:00:00:00:00:01"; macvtap = { link = "ens18"; mode = "bridge"; }; } ]; shares = [{ source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; } { source = "/etc/vm-persist/${name}"; mountPoint = "/persist"; tag = "persist"; proto = "virtiofs"; }]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; system.stateVersion = "23.05"; }; }; }; }; }