From 915e2d63777d79471672ce0afb6749717be8f3ab Mon Sep 17 00:00:00 2001 From: waveringana Date: Wed, 18 Jun 2025 06:30:26 -0400 Subject: [PATCH] add declarative vm to valefar --- flake.lock | 74 +++++++++++++++++++++++++++++++++++- flake.nix | 7 ++-- hosts/valefar/default.nix | 63 +++++++++++++++++++++--------- hosts/valefar/gamevm.nix | 80 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 202 insertions(+), 22 deletions(-) create mode 100644 hosts/valefar/gamevm.nix diff --git a/flake.lock b/flake.lock index 0551400..bc65be0 100755 --- a/flake.lock +++ b/flake.lock @@ -83,6 +83,24 @@ "inputs": { "systems": "systems_3" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -209,6 +227,28 @@ "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1750196518, + "narHash": "sha256-HJYnJg3TvzFZjVgYHZgH3NtwqkqKiGVCJXpZlO4Y4EE=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "094da86a3e68f2f0d93b654e97b5d42398ead67d", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1750083401, @@ -293,12 +333,29 @@ "catppuccin": "catppuccin", "home-manager": "home-manager_2", "lix-module": "lix-module", + "microvm": "microvm", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "vscode-server": "vscode-server", "zen-browser": "zen-browser" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1746869549, + "narHash": "sha256-BKZ/yZO/qeLKh9YqVkKB6wJiDQJAZNN5rk5NsMImsWs=", + "ref": "refs/heads/main", + "rev": "d927e78530892ec8ed389e8fae5f38abee00ad87", + "revCount": 862, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -344,9 +401,24 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_4" }, "locked": { diff --git a/flake.nix b/flake.nix index 4809c42..ce0fda7 100755 --- a/flake.nix +++ b/flake.nix @@ -15,8 +15,8 @@ url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; - #microvm.url = "github:astro/microvm.nix"; - #microvm.inputs.nixpkgs.follows = "nixpkgs"; + microvm.url = "github:astro/microvm.nix"; + microvm.inputs.nixpkgs.follows = "nixpkgs"; catppuccin.url = "github:catppuccin/nix"; home-manager = { @@ -88,7 +88,8 @@ vscode-server.nixosModules.default agenix.nixosModules.default - + microvm.nixosModules.host + { imports = builtins.attrValues nixosModules; } ]; }; diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix index 71b7e3d..6b20da7 100755 --- a/hosts/valefar/default.nix +++ b/hosts/valefar/default.nix @@ -1,5 +1,5 @@ # hosts/valefar/configuration.nix (or default.nix) -{ config, lib, pkgs, modulesPath, inputs, ... }: +{ config, lib, pkgs, modulesPath, microvm, inputs, ... }: { # ============================================================================= # IMPORTS @@ -8,6 +8,7 @@ # Host-specific hardware ./hardware.nix ./secrets.nix + ../../common/nvidia.nix # Common modules shared across hosts ../../common/system.nix @@ -42,7 +43,7 @@ # ============================================================================= # NETWORKING # ============================================================================= - networking = { + /*networking = { hostName = "valefar"; hostId = "2a07da90"; firewall.enable = false; @@ -51,6 +52,35 @@ useDHCP = true; firewall.allowedTCPPorts = [ 22 80 443 2049 2456 2457 9000 9001 9002 ]; firewall.allowedUDPPorts = [ 2049 ]; + };*/ + networking.useNetworkd = true; + systemd.network.enable = true; + networking.hostName = "valefar"; + networking.hostId = "2a07da90"; + networking.firewall.enable = false; + + systemd.network.networks."10-lan" = { + matchConfig.Name = ["enp6s0" "vm-*"]; + networkConfig = { + Bridge = "br0"; + }; + }; + systemd.network.netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + }; + + systemd.network.networks."10-lan-bridge" = { + matchConfig.Name = "br0"; + networkConfig = { + Address = ["10.0.0.30/24" "2601:5c2:8400:26c0::30/64"]; + Gateway = "10.0.0.1"; + DNS = ["10.0.0.210" "1.1.1.1" "1.0.0.1"]; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; }; # DNS resolution @@ -158,22 +188,19 @@ inputs.agenix.packages.x86_64-linux.default ]; + # ============================================================================= - # COMMENTED OUT / DISABLED + # VIRTUAL MACHINES # ============================================================================= - # Remote unlock via SSH (commented out) - # boot.kernelParams = [ "ip=dhcp" ]; - # boot.initrd = { - # availableKernelModules = [ "r8169" ]; - # network = { - # enable = true; - # ssh = { - # enable = true; - # port = 22; - # authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" ]; - # hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; - # shell = "/bin/cryptsetup-askpass"; - # }; - # }; - # }; + systemd.services."microvm@".after = [ "microvm-virtiofsd@%i.service" ]; + + microvm.vms = { + gameservers = { + config = import ./gamevm.nix; + }; + }; + + microvm.autostart = [ + "gameservers" + ]; } \ No newline at end of file diff --git a/hosts/valefar/gamevm.nix b/hosts/valefar/gamevm.nix new file mode 100644 index 0000000..def1019 --- /dev/null +++ b/hosts/valefar/gamevm.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, modulesPath, microvm, inputs, ... }: + +{ + # ============================================================================= + # IMPORTS + # ============================================================================= + imports = [ + # Common modules shared across hosts + ../../common/system.nix + ../../common/users.nix + ../../common/services.nix + ]; + + system.stateVersion = "25.05"; + networking.hostName = "gameservers"; + + virtualisation.docker = { + enable = true; + enableOnBoot = true; + }; + + systemd.network.networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + Address = [ + "10.0.0.31/24" + "2601:5c2:8400:26c0::31/64" + ]; + Gateway = "10.0.0.1"; + DNS = [ + "10.0.0.210" + "1.1.1.1" + "1.0.0.1" + ]; + IPv6AcceptRA = true; + DHCP = "no"; + }; + }; + + systemd.network.networks."19-docker" = { + matchConfig.Name = "veth*"; + linkConfig = { + Unmanaged = true; + }; + }; + + microvm = { + interfaces = [ + { + type = "tap"; + id = "vm-test1"; + mac = "02:00:00:00:00:01"; + } + ]; + + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/etc/ssh"; + mountPoint = "/etc/ssh"; + tag = "ssh"; + proto = "virtiofs"; + } + { + source = "/home/regent/gamedata"; + mountPoint = "/root/gamedata"; + tag = "gamedata"; + proto = "virtiofs"; + } + ]; + + vcpu = 4; + mem = 8192; + }; +} \ No newline at end of file