diff --git a/flake.lock b/flake.lock index b9edaee..4bfd185 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1710906792, - "narHash": "sha256-kFzpfZcInLhBFWHy452NlvFuzNr0BDEkz3w9Sgg2ypo=", + "lastModified": 1711006105, + "narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=", "owner": "nix-community", "repo": "disko", - "rev": "e9875b969086a53dff5ec4677575ad3156fc875d", + "rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6", "type": "github" }, "original": { @@ -96,6 +96,24 @@ "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1687709756, "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", @@ -120,11 +138,11 @@ "sqlite3pp": "sqlite3pp" }, "locked": { - "lastModified": 1710948909, - "narHash": "sha256-kESddzTIzBUGToPgBcM2kFiKt1Njyo2wYwPb8GqAhIM=", + "lastModified": 1711144337, + "narHash": "sha256-7nExp0SsiOcKvn+12W1Vp56F5mxmFiPZqctf5JWLB7w=", "owner": "flox", "repo": "flox", - "rev": "21e1a2929eeadfb6e128d6f991f82ae029bf7e07", + "rev": "aaaac2e75eb84a3e3838d31b8db4d01ab834e852", "type": "github" }, "original": { @@ -195,11 +213,11 @@ ] }, "locked": { - "lastModified": 1706981411, - "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "owner": "nix-community", "repo": "home-manager", - "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "type": "github" }, "original": { @@ -209,6 +227,28 @@ "type": "github" } }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1711159783, + "narHash": "sha256-nwl2Cygq7NrV9QcebJE/T/vXv7w+zLERD7ygHz0F5g8=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "d31f7c7d3194c51372134832a3a2a256773c161a", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -265,7 +305,7 @@ "nix-homebrew": { "inputs": { "brew-src": "brew-src", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nix-darwin": "nix-darwin_2", "nixpkgs": "nixpkgs_3" }, @@ -349,11 +389,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1710889954, - "narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=", + "lastModified": 1711106783, + "narHash": "sha256-PDwAcHahc6hEimyrgGmFdft75gmLrJOZ0txX7lFqq+I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b", + "rev": "a3ed7406349a9335cb4c2a71369b697cecd9d351", "type": "github" }, "original": { @@ -394,11 +434,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1710951922, - "narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=", + "lastModified": 1711156376, + "narHash": "sha256-gZDInkcCv3lmo578cIOyWpJ7mNgVcI6v2aodMF87oSo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f091af045dff8347d66d186a62d42aceff159456", + "rev": "b94075d5e741439f255799453be7ead01930caf0", "type": "github" }, "original": { @@ -439,6 +479,7 @@ "flox-flake": "flox-flake", "genebean-omp-themes": "genebean-omp-themes", "home-manager": "home-manager", + "microvm": "microvm", "nix-darwin": "nix-darwin", "nix-flatpak": "nix-flatpak", "nix-homebrew": "nix-homebrew", @@ -468,6 +509,22 @@ "type": "github" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1708358594, + "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", + "ref": "refs/heads/main", + "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", + "revCount": 614, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "sqlite3pp": { "inputs": { "nixpkgs": [ @@ -518,6 +575,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ac86e3e..e5ffdab 100644 --- a/flake.nix +++ b/flake.nix @@ -48,8 +48,13 @@ flake = false; }; + microvm = { + url = "github:astro/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; # end inputs - outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, genebean-omp-themes, ... }: let + outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, nix-darwin, home-manager, nix-homebrew, nix-flatpak, disko, sops-nix, flox-flake, microvm, genebean-omp-themes, ... }: let # creates a macOS system config darwinHostConfig = system: hostname: username: nix-darwin.lib.darwinSystem { @@ -127,6 +132,22 @@ ]; }; # end nixosSystem + nixosMicrovmConfig = system: hostname: username: nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + microvm.nixosModules.microvm + { + networking.hostName = "${hostname}"; + users.users.${username} = { + initialHashedPassword = "$6$FH6xo/OzM9mIAXqx$GTqSEDahPGyxLiDOEY77uxaApdd3xJKOkvddV6X4wplTCxsbuoyXwuOuQjMODS7dhfRs.HwL3VQgUjmok3QM60"; + isNormalUser = true; + }; + } + ./modules/hosts/nixos/microvms/${hostname} # host specific stuff + ]; + + }; # end nixosMicrovmConfig + linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration { extraSpecialArgs = { inherit genebean-omp-themes hostname username; pkgs = import nixpkgs { @@ -167,6 +188,9 @@ hetznix01 = nixosHostConfig "aarch64-linux" "hetznix01" "gene"; nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene"; rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene"; + + # VMs + nginx-proxy = nixosMicrovmConfig "x86_64-linux" "nginx-proxy" "gene"; }; homeConfigurations = { diff --git a/modules/hosts/nixos/microvms/nginx-proxy/default.nix b/modules/hosts/nixos/microvms/nginx-proxy/default.nix new file mode 100644 index 0000000..3b38306 --- /dev/null +++ b/modules/hosts/nixos/microvms/nginx-proxy/default.nix @@ -0,0 +1,27 @@ +{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: { + microvm = { + hypervisor = "qemu"; + socket = "control.socket"; + vcpu = 1; + volumes = [ + { + #image = "/persist/microvm/${config.networking.hostName}-var.img"; + image = "/tmp/${config.networking.hostName}-var.img"; + mountPoint = "/var"; + size = 1024; + } + ]; + shares = [ + { + # use "virtiofs" for MicroVMs that are started by systemd + proto = "9p"; + tag = "ro-store"; + # a host's /nix/store will be picked up so that no + # squashfs/erofs will be built for it. + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + }; +} + diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index 5b90a09..db7324a 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -1,5 +1,6 @@ -{ inputs, config, hostname, pkgs, sops-nix, username, ... }: { +{ inputs, config, hostname, microvm, pkgs, sops-nix, username, ... }: { imports = [ + microvm.nixosModules.host ./hardware-configuration.nix ./audiobookshelf.nix ]; @@ -40,6 +41,10 @@ ]; }; + microvm.autostart = [ + #"nginx-proxy" + ]; + networking = { # Open ports in the firewall. firewall.allowedTCPPorts = [ 22 80 ]; @@ -50,6 +55,24 @@ hostId = "c5826b45"; # head -c4 /dev/urandom | od -A none -t x4 networkmanager.enable = true; + enableIPv6 = true; + useDHCP = true; + vlans = { + vlan23 = { id = 23; interface = "eno1-23"; }; + }; + bridges = { + br1-23 = { interfaces = [ "vlan23" ]; }; + }; + interfaces = { + eno1.ipv4.addresses = [{ + address = "192.168.20.190"; + prefixLength = 24; + }]; + br1-23.ipv4.addresses = [{ + address = "192.168.23.21"; + prefixLength = 24; + }]; + }; }; # Hardware Transcoding for Jellyfin diff --git a/modules/system/common/all-nixos.nix b/modules/system/common/all-nixos.nix index c1df1e3..3aff185 100644 --- a/modules/system/common/all-nixos.nix +++ b/modules/system/common/all-nixos.nix @@ -41,10 +41,14 @@ "flakes" "nix-command" ]; - extra-trusted-public-keys = [ + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs=" ]; - extra-trusted-substituters = [ + substituters = [ + "https://cache.nixos.org" + ]; + trusted-substituters = [ "https://cache.flox.dev" ]; trusted-users = [ "${username}" ];