{ config, microvm, nixpkgs, user, agenix, impermanence, ... }: let name = "gitea-runner"; in { microvm = { autostart = [ name ]; vms = { ${name} = { pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; config = { imports = [ agenix.nixosModules.default ] ++ [ impermanence.nixosModules.impermanence ] ++ [( ./gitea_runner.nix )]; networking = { hostName = "${name}"; firewall = { enable = true; allowedUDPPorts = [ ]; allowedTCPPorts = [ ]; }; }; systemd.network = { enable = true; networks = { "10-lan" = { matchConfig.Name = "*"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; }; }; }; users.users.${user} = { # System User isNormalUser = true; initialPassword = "runnertest"; extraGroups = [ "wheel" ]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de" ]; }; services = { openssh = { enable = true; settings.PasswordAuthentication = false; hostKeys = [ { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }]; }; }; fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true; environment.persistence."/persist" = { directories = [ "/var/lib/nixos" "/var/log" "/var/lib/gitea-runner" ]; files = [ "/etc/machine-id" ]; }; microvm = { hypervisor = "cloud-hypervisor"; vcpu = 4; mem = 4096; interfaces = [ { type = "macvtap"; id = "vm-${name}"; mac = "04:00:00:00:00:01"; macvtap = { link = "enp6s18"; mode = "bridge"; }; } ]; shares = [{ source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; } { source = "/etc/vm-persist/${name}"; mountPoint = "/persist"; tag = "persist"; proto = "virtiofs"; }]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; system.stateVersion = "23.05"; }; }; }; }; }