genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clean up microvm bits

Browse source
This commit is contained in:
Gene Liverman 2024-04-02 23:28:56 -04:00
parent 48f74e7c6a
commit 891be5631c
5 changed files with 50 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

104
flake.lock generated
View file

@ -45,11 +45,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711006105, "lastModified": 1710906792,
"narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=", "narHash": "sha256-kFzpfZcInLhBFWHy452NlvFuzNr0BDEkz3w9Sgg2ypo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6", "rev": "e9875b969086a53dff5ec4677575ad3156fc875d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -96,24 +96,6 @@
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": { "locked": {
"lastModified": 1687709756, "lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
@ -138,11 +120,11 @@
"sqlite3pp": "sqlite3pp" "sqlite3pp": "sqlite3pp"
}, },
"locked": { "locked": {
"lastModified": 1711144337, "lastModified": 1710948909,
"narHash": "sha256-7nExp0SsiOcKvn+12W1Vp56F5mxmFiPZqctf5JWLB7w=", "narHash": "sha256-kESddzTIzBUGToPgBcM2kFiKt1Njyo2wYwPb8GqAhIM=",
"owner": "flox", "owner": "flox",
"repo": "flox", "repo": "flox",
"rev": "aaaac2e75eb84a3e3838d31b8db4d01ab834e852", "rev": "21e1a2929eeadfb6e128d6f991f82ae029bf7e07",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -213,11 +195,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1710888565, "lastModified": 1706981411,
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -227,28 +209,6 @@
"type": "github" "type": "github"
} }
}, },
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1711159783,
"narHash": "sha256-nwl2Cygq7NrV9QcebJE/T/vXv7w+zLERD7ygHz0F5g8=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "d31f7c7d3194c51372134832a3a2a256773c161a",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -305,7 +265,7 @@
"nix-homebrew": { "nix-homebrew": {
"inputs": { "inputs": {
"brew-src": "brew-src", "brew-src": "brew-src",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nix-darwin": "nix-darwin_2", "nix-darwin": "nix-darwin_2",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
@ -389,11 +349,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1711106783, "lastModified": 1710889954,
"narHash": "sha256-PDwAcHahc6hEimyrgGmFdft75gmLrJOZ0txX7lFqq+I=", "narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a3ed7406349a9335cb4c2a71369b697cecd9d351", "rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -434,11 +394,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1711156376, "lastModified": 1710951922,
"narHash": "sha256-gZDInkcCv3lmo578cIOyWpJ7mNgVcI6v2aodMF87oSo=", "narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b94075d5e741439f255799453be7ead01930caf0", "rev": "f091af045dff8347d66d186a62d42aceff159456",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -479,7 +439,6 @@
"flox-flake": "flox-flake", "flox-flake": "flox-flake",
"genebean-omp-themes": "genebean-omp-themes", "genebean-omp-themes": "genebean-omp-themes",
"home-manager": "home-manager", "home-manager": "home-manager",
"microvm": "microvm",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nix-homebrew": "nix-homebrew", "nix-homebrew": "nix-homebrew",
@ -509,22 +468,6 @@
"type": "github" "type": "github"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1708358594,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 614,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"sqlite3pp": { "sqlite3pp": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -575,21 +518,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

27
flake.nix
View file

@ -48,13 +48,8 @@
flake = false; flake = false;
}; };
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; # end inputs }; # end inputs
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, microvm, genebean-omp-themes, ... }: let outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, genebean-omp-themes, ... }: let
# creates a macOS system config # creates a macOS system config
darwinHostConfig = system: hostname: username: nix-darwin.lib.darwinSystem { darwinHostConfig = system: hostname: username: nix-darwin.lib.darwinSystem {
@ -112,7 +107,6 @@
}; };
modules = [ modules = [
disko.nixosModules.disko disko.nixosModules.disko
#microvm.nixosModules.host
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager = { home-manager = {
@ -133,22 +127,6 @@
]; ];
}; # end nixosSystem }; # end nixosSystem
nixosMicrovmConfig = system: hostname: username: nixpkgs.lib.nixosSystem {
inherit system;
modules = [
microvm.nixosModules.microvm
{
networking.hostName = "${hostname}";
users.users.${username} = {
initialHashedPassword = "$6$FH6xo/OzM9mIAXqx$GTqSEDahPGyxLiDOEY77uxaApdd3xJKOkvddV6X4wplTCxsbuoyXwuOuQjMODS7dhfRs.HwL3VQgUjmok3QM60";
isNormalUser = true;
};
}
./modules/hosts/nixos/microvms/${hostname} # host specific stuff
];
}; # end nixosMicrovmConfig
linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration { linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { inherit genebean-omp-themes hostname username; extraSpecialArgs = { inherit genebean-omp-themes hostname username;
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -189,9 +167,6 @@
hetznix01 = nixosHostConfig "aarch64-linux" "hetznix01" "gene"; hetznix01 = nixosHostConfig "aarch64-linux" "hetznix01" "gene";
nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene"; nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene";
rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene"; rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene";
# VMs
nginx-proxy = nixosMicrovmConfig "x86_64-linux" "nginx-proxy" "gene";
}; };
homeConfigurations = { homeConfigurations = {

31
modules/hosts/nixos/containers/nginx-proxy.nix Normal file
View file

@ -0,0 +1,31 @@
{ ... }: {
containers.nginx-proxy = {
autoStart = true;
privateNetwork = true;
hostBridge = "br1-23";
localAddress = "192.168.23.21/24";
config = { config, pkgs, lib, ... }: {
system.stateVersion = "23.11";
services.nginx = {
enable = true;
virtualHosts.default.listen = [{
port = 80;
addr = "0.0.0.0";
}];
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
defaultGateway = "192.168.23.1";
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
}

32
modules/hosts/nixos/microvms/nginx-proxy/default.nix
View file

@ -1,32 +0,0 @@
{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: {
microvm = {
hypervisor = "qemu";
socket = "control.socket";
vcpu = 1;
volumes = [
{
#image = "/persist/microvm/${config.networking.hostName}-var.img";
image = "/tmp/${config.networking.hostName}-var.img";
mountPoint = "/var";
size = 1024;
}
];
shares = [
{
# use "virtiofs" for MicroVMs that are started by systemd
proto = "9p";
tag = "ro-store";
# a host's /nix/store will be picked up so that no
# squashfs/erofs will be built for it.
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
interfaces = [{
type = "tap";
id = "vm-nginx-proxy";
mac = "02:00:00:00:00:01";
}];
};
}

34
modules/hosts/nixos/nixnuc/default.nix
View file

@ -1,8 +1,8 @@
{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: { { inputs, config, hostname, pkgs, sops-nix, username, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./audiobookshelf.nix ./audiobookshelf.nix
#../microvms/nginx-proxy ../containers/nginx-proxy.nix
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -20,36 +20,6 @@
}; };
}; };
containers.nginx-proxy = {
autoStart = true;
privateNetwork = true;
hostBridge = "br1-23";
localAddress = "192.168.23.21/24";
config = { config, pkgs, lib, ... }: {
system.stateVersion = "23.11";
services.nginx = {
enable = true;
virtualHosts.default.listen = [{
port = 80;
addr = "0.0.0.0";
}];
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
defaultGateway = "192.168.23.1";
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
intel-gpu-tools intel-gpu-tools
jellyfin jellyfin