dotfiles/nixos/systems/omen/microvm.nix

139 lines
2.6 KiB
Nix
Raw Normal View History

{
pkgs,
inputs',
...
}: {
environment.systemPackages = [
inputs'.microvm.packages.${pkgs.stdenv.system}.microvm
];
services.ifstate = {
enable = true;
settings = {
ignore.ifname = [
"^wlan0$"
"^mvm0$"
"^wg0$"
"^mvm-test$"
"^lo$"
];
interfaces = [
{
name = "test-veth1";
link = {
kind = "veth";
peer = "test-veth0";
peer_netns = "tenant1";
};
}
];
namespaces.tenant1.interfaces = [
{
name = "test-veth0";
link = {
kind = "veth";
peer = "test-veth1";
peer_netns = null;
};
}
];
};
};
systemd.network.netdevs."mvm0" = {
netdevConfig = {
Name = "mvm0";
Kind = "bridge";
};
};
systemd.network.networks."10-mvm0" = {
matchConfig.Name = "mvm0";
networkConfig.Address = "10.80.1.1/24";
linkConfig.RequiredForOnline = "yes";
};
systemd.network.networks."11-mvm-test" = {
matchConfig.Name = "mvm-test";
networkConfig.Bridge = "mvm0";
linkConfig.RequiredForOnline = "no";
};
microvm.services.tcpUdp.test-ssh = {
hostName = "test";
port = 22;
protocol = ["tcp"];
};
microvm.services.http.test = {
hostName = "test";
port = 80;
};
microvm.services.icmp.test = {
hostName = "test";
};
microvm.connections.http = [
{
target = "test";
}
];
microvm.connections.tcpUdp = [
{
target = "test-ssh";
}
];
microvm.connections.icmp = [
{
target = "test";
}
];
microvm.vms = {
test.config = {
imports = [inputs'.self.nixosModules.microvm-extras];
microvm = {
hostName = "test";
hostsHostName = "omen";
groupId = 1;
taskId = 2;
};
microvm.hypervisor = "cloud-hypervisor";
microvm.shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
];
microvm.storeOnDisk = false;
networking.firewall.allowedTCPPorts = [80 22];
services.nginx = {
enable = true;
virtualHosts."example.com" = {
root = "/var/www/blog";
};
};
users.users.root.password = "";
services.getty.helpLine = ''
Log in as "root" with an empty password.
'';
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
system.stateVersion = "23.05";
};
};
}