{ microvm, nixpkgs, ... }: let name = "gitea"; in { microvm = { # autostart = [ # "gitea-runnervm" # ]; vms = { ${name} = { pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; config = { networking = { hostName = "${name}-runner"; firewall = { enable = true; #allowedUDPPorts = [ 53 67 ]; #allowedTCPPorts = [ 53 80 443 9443 ]; }; }; users.users."kabbone" = { # System User isNormalUser = true; extraGroups = [ "wheel" ]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de" ]; }; services = { openssh = { enable = true; settings.PasswordAuthentication = false; }; }; microvm = { hypervisor = "cloud-hypervisor"; vcpu = 4; mem = 4096; interfaces = [ { type = "macvtap"; id = "${name}-tap"; mac = "02:00:00:00:00:01"; macvtap = { link = "enp34s0"; mode = "bridge"; }; } ]; shares = [{ source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; }]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; system.stateVersion = "23.05"; }; }; }; }; }