From dedf41918cf82bd4346becde154d4110aa9f089c Mon Sep 17 00:00:00 2001 From: Morgan Helton Date: Sat, 3 Aug 2024 15:13:32 -0500 Subject: [PATCH] chopper: add kube0 microvm --- flake.lock | 72 +++++++++++++++++++++++++++++++++++++ flake.nix | 4 +++ hosts/chopper/default.nix | 2 +- hosts/chopper/microvm.nix | 12 +++++++ hosts/chopper/vms/kube0.nix | 58 ++++++++++++++++++++++++++++++ 5 files changed, 147 insertions(+), 1 deletion(-) create mode 100644 hosts/chopper/microvm.nix create mode 100644 hosts/chopper/vms/kube0.nix diff --git a/flake.lock b/flake.lock index 263a13a..9416724 100644 --- a/flake.lock +++ b/flake.lock @@ -249,6 +249,24 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "hercules-ci-effects": { "inputs": { "flake-parts": "flake-parts_5", @@ -283,6 +301,28 @@ "type": "github" } }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1729726792, + "narHash": "sha256-ndjFy5kfhn9MoOOSzGnZ7f2FwRUUY1EJYwXGxK8DzsQ=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "ef42cfface9940b9ce9614307670b60cdbda33f6", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, "nix-packages": { "inputs": { "deckbd": "deckbd", @@ -485,6 +525,7 @@ "disko": "disko", "flake-parts": "flake-parts_2", "impermanence": "impermanence", + "microvm": "microvm", "nix-packages": "nix-packages", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", @@ -515,6 +556,22 @@ "type": "github" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1720264467, + "narHash": "sha256-xzM92n3Q9L90faJIJrkrTtTx+JqCGRHMkHWztkV4PuY=", + "ref": "refs/heads/main", + "rev": "fb59d42542049f586c84b0f8bb86ff3be338e9d3", + "revCount": 674, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "stable": { "locked": { "lastModified": 1724316499, @@ -531,6 +588,21 @@ "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 7d02305..648bf67 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,10 @@ url = "github:devusb/pingshutdown"; inputs.nixpkgs.follows = "nixpkgs"; }; + microvm = { + url = "github:astro/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, nix-packages, nixos-generators, flake-parts, sops-nix, impermanence, blocky-tailscale, disko, colmena, buildbot-nix, pingshutdown, ... }@inputs: diff --git a/hosts/chopper/default.nix b/hosts/chopper/default.nix index 8cd659f..4fcf494 100644 --- a/hosts/chopper/default.nix +++ b/hosts/chopper/default.nix @@ -42,7 +42,7 @@ in ../common/builder.nix ./paperless.nix ./glance.nix - ./buildbot.nix + ./microvm.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/chopper/microvm.nix b/hosts/chopper/microvm.nix new file mode 100644 index 0000000..c78d40c --- /dev/null +++ b/hosts/chopper/microvm.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: { + imports = [ + inputs.microvm.nixosModules.host + ]; + + microvm = { + vms = { + kube0.config = import ./vms/kube0.nix; + }; + }; + +} diff --git a/hosts/chopper/vms/kube0.nix b/hosts/chopper/vms/kube0.nix new file mode 100644 index 0000000..940b3ab --- /dev/null +++ b/hosts/chopper/vms/kube0.nix @@ -0,0 +1,58 @@ +{ pkgs, lib, ... }: { + microvm = { + mem = 8192; + vcpu = 4; + interfaces = [{ + type = "tap"; + id = "vm-kube0"; + mac = "02:00:00:00:00:01"; + }]; + shares = [ + { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + # { + # tag = "etc"; + # source = "/var/lib/microvm/kube0/shares/etc"; + # mountPoint = "/etc"; + # socket = "etc.socket"; + # proto = "virtiofs"; + # } + ]; + }; + + users.users.mhelton = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + }; + users.users.mhelton.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD+tZ4hf4MhEW+akoZbXPN3Zi4cijSkQlX6bZlnV+Aq mhelton@gmail.com" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5rmy7r//z1fARqDe6sIu5D4Nt5uD3rRvwtADDgb+sS6slv6I51Gm2rKcxDIHgYBSyhTDIuhNHlnn+cyJK4ZPxyZFxF0Vy0fZIFG3Y7AqkyQ0oXEDGYyqfL8U0mi0uGKmVW02T45w16REJG3x77uncw8VVxdEpKuYw+wk7uRlQpP/UiFYWsX4NS9rUS/aZrYZ2ys1/dCPqvz4KPXk7SZrqyqkiumIr8O0wluYI5FwhMtd3xpD9AQVI3V0zjYZPwesL+BkW4CAAm5dSnsns3haAuWHti/QLSR+90k15KhflXlq6JDzE4jrMbd1DYZqoVuTgoZxDB3HDJwEwpbYCWKLFaGR6ZDhE3NeFikNkdDRrlIcrK1wJCEO2QuDZ43IE/bDhLhOmqfliL6kRr+2G1AvY4Hr0jnJHbbHqN9mES5+VJZuhH2ii+QHS70VZN0NNQv7f0QJqiTVcUVuPXksBp6oojbkXK79CWd1X0u3shd6XinZ5N3KAD4PT8zlTCmglXNYamc1JpRqKzgFwgFcljXpHwtfuezpNVmzo1Vqi6Ib9S8qJi9rahhsafYP3Y+8EV3Ii3oXmGQBSwumAHCQIkiQ/Sc+FRS02GRgWuYOaQfvW99kLXbX+0eCMSdCJSLC+H1cO2b451qpDGGDnH9w+EvS04oyv4yufpwFlhys7qfU6HQ== mhelton@gmail.com" + ]; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PasswordAuthentication = false; + }; + }; + + networking.firewall.enable = false; + + networking.hostName = "kube0"; + environment.systemPackages = with pkgs; [ + neovim + bottom + ]; + systemd.network.enable = true; + systemd.network.networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + DHCP = "yes"; + }; + }; + +}