{ config, microvm, nixpkgs, user, agenix, ... }: let name = "gitea-runner"; in { microvm = { autostart = [ "gitea-runnervm" ]; vms = { ${name} = { pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; #inherit pkgs; config = { imports = [ agenix.nixosModules.default ] ++ [( ./gitea_runner.nix )]; networking = { hostName = "${name}"; firewall = { enable = true; allowedUDPPorts = [ ]; allowedTCPPorts = [ ]; }; }; systemd.network = { enable = true; networks = { "10-lan" = { matchConfig.Name = "*"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; }; }; }; users.users.${user} = { # System User isNormalUser = true; extraGroups = [ "wheel" ]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de" ]; }; services = { openssh = { enable = true; settings.PasswordAuthentication = false; }; }; microvm = { hypervisor = "cloud-hypervisor"; vcpu = 4; mem = 4096; interfaces = [ { type = "macvtap"; id = "vm-${name}"; mac = "04:00:00:00:00:01"; macvtap = { link = "enp6s18"; mode = "bridge"; }; } ]; shares = [{ source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; }]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; system.stateVersion = "23.05"; }; }; }; }; }