mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-30 12:06:13 +01:00
aff0158ef7
Signed-off-by: magic_rb <magic_rb@redalder.org>
139 lines
2.6 KiB
Nix
139 lines
2.6 KiB
Nix
{
|
|
pkgs,
|
|
inputs',
|
|
...
|
|
}: {
|
|
environment.systemPackages = [
|
|
inputs'.microvm.packages.${pkgs.stdenv.system}.microvm
|
|
];
|
|
|
|
services.ifstate = {
|
|
enable = true;
|
|
settings = {
|
|
ignore.ifname = [
|
|
"^wlan0$"
|
|
"^mvm0$"
|
|
"^wg0$"
|
|
"^mvm-test$"
|
|
"^lo$"
|
|
];
|
|
|
|
interfaces = [
|
|
{
|
|
name = "test-veth1";
|
|
link = {
|
|
kind = "veth";
|
|
peer = "test-veth0";
|
|
peer_netns = "tenant1";
|
|
};
|
|
}
|
|
];
|
|
|
|
namespaces.tenant1.interfaces = [
|
|
{
|
|
name = "test-veth0";
|
|
link = {
|
|
kind = "veth";
|
|
peer = "test-veth1";
|
|
peer_netns = null;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.network.netdevs."mvm0" = {
|
|
netdevConfig = {
|
|
Name = "mvm0";
|
|
Kind = "bridge";
|
|
};
|
|
};
|
|
|
|
systemd.network.networks."10-mvm0" = {
|
|
matchConfig.Name = "mvm0";
|
|
networkConfig.Address = "10.80.1.1/24";
|
|
linkConfig.RequiredForOnline = "yes";
|
|
};
|
|
|
|
systemd.network.networks."11-mvm-test" = {
|
|
matchConfig.Name = "mvm-test";
|
|
networkConfig.Bridge = "mvm0";
|
|
linkConfig.RequiredForOnline = "no";
|
|
};
|
|
|
|
microvm.services.tcpUdp.test-ssh = {
|
|
hostName = "test";
|
|
port = 22;
|
|
protocol = ["tcp"];
|
|
};
|
|
|
|
microvm.services.http.test = {
|
|
hostName = "test";
|
|
port = 80;
|
|
};
|
|
|
|
microvm.services.icmp.test = {
|
|
hostName = "test";
|
|
};
|
|
|
|
microvm.connections.http = [
|
|
{
|
|
target = "test";
|
|
}
|
|
];
|
|
microvm.connections.tcpUdp = [
|
|
{
|
|
target = "test-ssh";
|
|
}
|
|
];
|
|
microvm.connections.icmp = [
|
|
{
|
|
target = "test";
|
|
}
|
|
];
|
|
|
|
microvm.vms = {
|
|
test.config = {
|
|
imports = [inputs'.self.nixosModules.microvm-extras];
|
|
|
|
microvm = {
|
|
hostName = "test";
|
|
hostsHostName = "omen";
|
|
groupId = 1;
|
|
taskId = 2;
|
|
};
|
|
|
|
microvm.hypervisor = "cloud-hypervisor";
|
|
microvm.shares = [
|
|
{
|
|
source = "/nix/store";
|
|
mountPoint = "/nix/.ro-store";
|
|
tag = "ro-store";
|
|
proto = "virtiofs";
|
|
}
|
|
];
|
|
microvm.storeOnDisk = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [80 22];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."example.com" = {
|
|
root = "/var/www/blog";
|
|
};
|
|
};
|
|
|
|
users.users.root.password = "";
|
|
services.getty.helpLine = ''
|
|
Log in as "root" with an empty password.
|
|
'';
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "yes";
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
};
|
|
};
|
|
}
|