chopper: add kube0 microvm

devusb · Oct 26, 2024 · 09aeaf9 · 09aeaf9
1 parent fd332da
commit 09aeaf9
Show file tree

Hide file tree

Showing 5 changed files with 280 additions and 15 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -41,6 +41,10 @@
       url = "github:devusb/pingshutdown";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { self, nixpkgs, nix-packages, nixos-generators, flake-parts, sops-nix, impermanence, blocky-tailscale, disko, colmena, buildbot-nix, pingshutdown, ... }@inputs:

diff --git a/hosts/chopper/default.nix b/hosts/chopper/default.nix
@@ -42,7 +42,7 @@ in
       ../common/builder.nix
       ./paperless.nix
       ./glance.nix
-      ./buildbot.nix
+      ./microvm.nix
     ];
 
   boot.loader.systemd-boot.enable = true;

diff --git a/hosts/chopper/microvm.nix b/hosts/chopper/microvm.nix
@@ -0,0 +1,12 @@
+{ inputs, ... }: {
+  imports = [
+    inputs.microvm.nixosModules.host
+  ];
+
+  microvm = {
+    vms = {
+      kube0.config = import ./vms/kube0.nix;
+    };
+  };
+
+}
diff --git a/hosts/chopper/vms/kube0.nix b/hosts/chopper/vms/kube0.nix
@@ -0,0 +1,58 @@
+{ pkgs, lib, ... }: {
+  microvm = {
+    mem = 8192;
+    vcpu = 4;
+    interfaces = [{
+      type = "tap";
+      id = "vm-kube0";
+      mac = "02:00:00:00:00:01";
+    }];
+    shares = [
+      {
+        tag = "ro-store";
+        source = "/nix/store";
+        mountPoint = "/nix/.ro-store";
+      }
+      # {
+      #   tag = "etc";
+      #   source = "/var/lib/microvm/kube0/shares/etc";
+      #   mountPoint = "/etc";
+      #   socket = "etc.socket";
+      #   proto = "virtiofs";
+      # }
+    ];
+  };
+
+  users.users.mhelton = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" ];
+  };
+  users.users.mhelton.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD+tZ4hf4MhEW+akoZbXPN3Zi4cijSkQlX6bZlnV+Aq [email protected]"
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5rmy7r//z1fARqDe6sIu5D4Nt5uD3rRvwtADDgb+sS6slv6I51Gm2rKcxDIHgYBSyhTDIuhNHlnn+cyJK4ZPxyZFxF0Vy0fZIFG3Y7AqkyQ0oXEDGYyqfL8U0mi0uGKmVW02T45w16REJG3x77uncw8VVxdEpKuYw+wk7uRlQpP/UiFYWsX4NS9rUS/aZrYZ2ys1/dCPqvz4KPXk7SZrqyqkiumIr8O0wluYI5FwhMtd3xpD9AQVI3V0zjYZPwesL+BkW4CAAm5dSnsns3haAuWHti/QLSR+90k15KhflXlq6JDzE4jrMbd1DYZqoVuTgoZxDB3HDJwEwpbYCWKLFaGR6ZDhE3NeFikNkdDRrlIcrK1wJCEO2QuDZ43IE/bDhLhOmqfliL6kRr+2G1AvY4Hr0jnJHbbHqN9mES5+VJZuhH2ii+QHS70VZN0NNQv7f0QJqiTVcUVuPXksBp6oojbkXK79CWd1X0u3shd6XinZ5N3KAD4PT8zlTCmglXNYamc1JpRqKzgFwgFcljXpHwtfuezpNVmzo1Vqi6Ib9S8qJi9rahhsafYP3Y+8EV3Ii3oXmGQBSwumAHCQIkiQ/Sc+FRS02GRgWuYOaQfvW99kLXbX+0eCMSdCJSLC+H1cO2b451qpDGGDnH9w+EvS04oyv4yufpwFlhys7qfU6HQ== [email protected]"
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = lib.mkForce "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  networking.firewall.enable = false;
+
+  networking.hostName = "kube0";
+  environment.systemPackages = with pkgs; [
+    neovim
+    bottom
+  ];
+  systemd.network.enable = true;
+  systemd.network.networks."20-lan" = {
+    matchConfig.Type = "ether";
+    networkConfig = {
+      DHCP = "yes";
+    };
+  };
+
+}