diff --git a/flake.lock b/flake.lock index b5d7acb..69ab3ac 100644 --- a/flake.lock +++ b/flake.lock @@ -267,6 +267,24 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -376,6 +394,28 @@ "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz" } }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1736905611, + "narHash": "sha256-eW6SfZRaOnOybBzhvEzu3iRL8IhwE0ETxUpnkErlqkE=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "a18d7ba1bb7fd4841191044ca7a7f895ef2adf3b", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, "nix-github-actions": { "inputs": { "nixpkgs": [ @@ -633,6 +673,7 @@ "flake-parts": "flake-parts_2", "impermanence": "impermanence", "lix-module": "lix-module", + "microvm": "microvm", "nix-packages": "nix-packages", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", @@ -663,6 +704,22 @@ "type": "github" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1733308308, + "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", + "ref": "refs/heads/main", + "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", + "revCount": 792, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "stable": { "locked": { "lastModified": 1730883749, @@ -694,6 +751,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 38fa77c..760cb41 100644 --- a/flake.nix +++ b/flake.nix @@ -44,10 +44,13 @@ url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; - # treefmt-nix treefmt-nix = { url = "github:numtide/treefmt-nix"; }; + microvm = { + url = "github:astro/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/hosts/chopper/default.nix b/hosts/chopper/default.nix index 1be0f0a..27698a9 100644 --- a/hosts/chopper/default.nix +++ b/hosts/chopper/default.nix @@ -43,6 +43,7 @@ in ./glance.nix ./buildbot.nix ./calibre.nix + ./microvm.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/chopper/microvm.nix b/hosts/chopper/microvm.nix new file mode 100644 index 0000000..0629a7f --- /dev/null +++ b/hosts/chopper/microvm.nix @@ -0,0 +1,13 @@ +{ inputs, ... }: +{ + imports = [ + inputs.microvm.nixosModules.host + ]; + + microvm = { + vms = { + kube0.config = import ./vms/kube0.nix; + }; + }; + +} diff --git a/hosts/chopper/vms/kube0.nix b/hosts/chopper/vms/kube0.nix new file mode 100644 index 0000000..88ee130 --- /dev/null +++ b/hosts/chopper/vms/kube0.nix @@ -0,0 +1,89 @@ +{ pkgs, lib, ... }: +{ + microvm = { + mem = 8192; + vcpu = 4; + interfaces = [ + { + type = "tap"; + id = "vm-kube0"; + mac = "02:00:00:00:00:01"; + } + ]; + shares = [ + { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + volumes = [ + { + image = "etc.img"; + label = "etc"; + mountPoint = "/etc"; + size = 500; + autoCreate = true; + } + { + image = "var.img"; + label = "var"; + mountPoint = "/var"; + size = 8192; + autoCreate = true; + } + ]; + }; + + # enable passwordless sudo + security.sudo = { + enable = lib.mkDefault true; + wheelNeedsPassword = lib.mkForce false; + }; + + users.users.mhelton = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + ]; + }; + users.users.mhelton.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD+tZ4hf4MhEW+akoZbXPN3Zi4cijSkQlX6bZlnV+Aq mhelton@gmail.com" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5rmy7r//z1fARqDe6sIu5D4Nt5uD3rRvwtADDgb+sS6slv6I51Gm2rKcxDIHgYBSyhTDIuhNHlnn+cyJK4ZPxyZFxF0Vy0fZIFG3Y7AqkyQ0oXEDGYyqfL8U0mi0uGKmVW02T45w16REJG3x77uncw8VVxdEpKuYw+wk7uRlQpP/UiFYWsX4NS9rUS/aZrYZ2ys1/dCPqvz4KPXk7SZrqyqkiumIr8O0wluYI5FwhMtd3xpD9AQVI3V0zjYZPwesL+BkW4CAAm5dSnsns3haAuWHti/QLSR+90k15KhflXlq6JDzE4jrMbd1DYZqoVuTgoZxDB3HDJwEwpbYCWKLFaGR6ZDhE3NeFikNkdDRrlIcrK1wJCEO2QuDZ43IE/bDhLhOmqfliL6kRr+2G1AvY4Hr0jnJHbbHqN9mES5+VJZuhH2ii+QHS70VZN0NNQv7f0QJqiTVcUVuPXksBp6oojbkXK79CWd1X0u3shd6XinZ5N3KAD4PT8zlTCmglXNYamc1JpRqKzgFwgFcljXpHwtfuezpNVmzo1Vqi6Ib9S8qJi9rahhsafYP3Y+8EV3Ii3oXmGQBSwumAHCQIkiQ/Sc+FRS02GRgWuYOaQfvW99kLXbX+0eCMSdCJSLC+H1cO2b451qpDGGDnH9w+EvS04oyv4yufpwFlhys7qfU6HQ== mhelton@gmail.com" + ]; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PasswordAuthentication = false; + }; + }; + + networking.firewall.enable = false; + + networking.hostName = "kube0"; + environment.systemPackages = with pkgs; [ + neovim + bottom + ]; + systemd.network.enable = true; + systemd.network.networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + Address = "192.168.20.70/23"; + Gateway = "192.168.20.1"; + DNS = "8.8.8.8"; + }; + }; + + services.k3s = { + enable = true; + role = "server"; + extraFlags = [ + "--flannel-backend wireguard-native" + ]; + }; + +}