Skip to content

Commit

Permalink
FMO-13: Create dedicated messageVM up and run NATS server on it
Browse files Browse the repository at this point in the history 
- Add dedicated messageVM
- Add NATS server to messageVM
- Add NATS client to VMs
- Add openssl distribution cert generation and distribution service

Signed-off-by: Ivan Kuznetsov <[email protected]>
  • Loading branch information
@jsvapiav
jsvapiav committed Dec 5, 2024
1 parent 3a69570 commit 0b4fd02
Show file tree
Hide file tree
Showing 5 changed files with 443 additions and 1 deletion.
159 changes: 159 additions & 0 deletions hardware/fmo-os-rugged-laptop-7330.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
"vim"
"tcpdump"
"gpsd"
"natscli"
]; # systemPackages

launchers = [
Expand Down Expand Up @@ -53,6 +54,19 @@
fmo-config = {
enable = true;
}; # fmo-config
fmo-certs-distribution-service-host = {
enable = true;
ca-name = "NATS CA";
ca-path = "/run/certs/nats/ca";
server-ips = ["192.168.101.111" "127.0.0.1"];
server-name = "NATS-server";
server-path = "/run/certs/nats/server";
clients-paths = [
"/run/certs/nats/clients/host"
"/run/certs/nats/clients/netvm"
"/run/certs/nats/clients/dockervm"
];
};
registration-agent-laptop = {
enable = true;
}; # services.registration-agent-laptop
Expand All @@ -76,6 +90,7 @@
systemPackages = [
"vim"
"tcpdump"
"natscli"
]; # systemPackages
extraModules = [
{
Expand Down Expand Up @@ -243,6 +258,20 @@
proto = "virtiofs";
socket = "netconf.sock";
}
{
source = "/run/certs/nats/clients/netvm";
mountPoint = "/var/lib/nats/certs";
tag = "nats_netvm_certs";
proto = "virtiofs";
socket = "nats_netvm_certs.sock";
}
{
source = "/run/certs/nats/ca";
mountPoint = "/var/lib/nats/ca";
tag = "nats_netvm_ca_certs";
proto = "virtiofs";
socket = "nats_netvm_ca_certs.sock";
}
{
tag = "ssh-public-key";
source = "/run/ssh-public-key";
Expand All @@ -267,6 +296,7 @@
"vim"
"tcpdump"
"gpsd"
"natscli"
]; # systemPackages
extraModules = [
{
Expand Down Expand Up @@ -320,6 +350,20 @@
proto = "virtiofs";
socket = "fogdata.sock";
}
{
source = "/run/certs/nats/clients/dockervm";
mountPoint = "/var/lib/nats/certs";
tag = "nats_dockervm_certs";
proto = "virtiofs";
socket = "nats_dockervm_certs.sock";
}
{
source = "/run/certs/nats/ca";
mountPoint = "/var/lib/nats/ca";
tag = "nats_dockervm_ca_certs";
proto = "virtiofs";
socket = "nats_dockervm_ca_certs.sock";
}
{
tag = "ssh-public-key";
source = "/run/ssh-public-key";
Expand Down Expand Up @@ -374,6 +418,121 @@
networking.firewall.enable = false;
}]; # extraModules
}; # dockervm
msgvm = {
enable = true;
name = "msgvm";
macaddr = "02:00:00:01:01:03";
ipaddr = "192.168.101.111";
defaultgw = "192.168.101.1";
systemPackages = [
"vim"
"tcpdump"
"natscli"
"nats-top"
"nats-server"
]; # systemPackages
extraModules = [
{
users.users."ghaf".extraGroups = ["docker"];
microvm = {
mem = 2028;
vcpu = 1;
volumes = [
{
image = "/var/tmp/msgvm_internal.img";
mountPoint = "/var/lib/internal";
size = 10240;
autoCreate = true;
fsType = "ext4";
}
{
image = "/var/tmp/msgvm_var.img";
mountPoint = "/var";
size = 10240;
autoCreate = true;
fsType = "ext4";
}
];# microvm.volumes
shares = [
{
source = "/var/vms_shares/common";
mountPoint = "/var/vms_share/common";
tag = "common_share_msgvm";
proto = "virtiofs";
socket = "common_share_msgvm.sock";
}
{
source = "/var/vms_shares/msgvm";
mountPoint = "/var/vms_share/host";
tag = "msgvm_share";
proto = "virtiofs";
socket = "msgvm_share.sock";
}
{
source = "/run/certs/nats/server";
mountPoint = "/var/lib/nats/certs";
tag = "nats_certs";
proto = "virtiofs";
socket = "nats_certs.sock";
}
{
source = "/run/certs/nats/ca";
mountPoint = "/var/lib/nats/ca";
tag = "nats_ca";
proto = "virtiofs";
socket = "nats_ca.sock";
}
{
tag = "ssh-public-key";
source = "/run/ssh-public-key";
mountPoint = "/run/ssh-public-key";
}
]; # microvm.shares
};# microvm
fileSystems."/run/ssh-public-key".options = ["ro"];
services = {
avahi = {
enable = true;
nssmdns = true;
ipv4 = true;
ipv6 = false;
publish.enable = true;
publish.domain = true;
publish.addresses = true;
publish.workstation = true;
domainName = "msgvm";
}; # services.avahi
fmo-psk-distribution-service-vm = {
enable = true;
}; # fmo-psk-distribution-service-vm
nats = {
enable = true;
port = 4222;

settings = {
# Monitoring endpoints
http = 8222;
tls = {
# Path to the server certificate and private key
cert_file = "/var/lib/nats/certs/server.crt";
key_file = "/var/lib/nats/certs/server.key";

# Path to the CA certificate
ca_file = "/var/lib/nats/ca/ca.crt";

# Require client certificate verification
verify_and_map = true;
};

# Logs config
log_file = "/var/lib/nats/nats-server.log";
logtime = true;
};
}; # services.nats-server
}; # services
networking.firewall.enable = false;
}]; # extraModules
}; # msgvm
}; # vms
}; # system
}
Loading

0 comments on commit 0b4fd02

Please sign in to comment.