73 lines
2.3 KiB
Nix
73 lines
2.3 KiB
Nix
{ microvm, nixpkgs, ... }:
|
|
let
|
|
name = "gitea";
|
|
in
|
|
{
|
|
microvm = {
|
|
# autostart = [
|
|
# "gitea-runnervm"
|
|
# ];
|
|
vms = {
|
|
${name} = {
|
|
pkgs = import nixpkgs {
|
|
system = "x86_64-linux";
|
|
config.allowUnfree = true;
|
|
};
|
|
|
|
config = {
|
|
networking = {
|
|
hostName = "${name}-runner";
|
|
firewall = {
|
|
enable = true;
|
|
#allowedUDPPorts = [ 53 67 ];
|
|
#allowedTCPPorts = [ 53 80 443 9443 ];
|
|
};
|
|
};
|
|
users.users."kabbone" = { # System User
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
uid = 2000;
|
|
openssh.authorizedKeys.keys = [
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
|
|
];
|
|
};
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
microvm = {
|
|
hypervisor = "cloud-hypervisor";
|
|
vcpu = 4;
|
|
mem = 4096;
|
|
interfaces = [
|
|
{
|
|
type = "macvtap";
|
|
id = "${name}-tap";
|
|
mac = "02:00:00:00:00:01";
|
|
macvtap = {
|
|
link = "enp34s0";
|
|
mode = "bridge";
|
|
};
|
|
} ];
|
|
shares = [{
|
|
source = "/nix/store";
|
|
mountPoint = "/nix/.ro-store";
|
|
tag = "ro-store";
|
|
proto = "virtiofs";
|
|
}];
|
|
#writableStoreOverlay = "/nix/.rw-store";
|
|
#storeOnDisk = true;
|
|
};
|
|
system.stateVersion = "23.05";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|