dotfiles/nixos/systems/omen/microvm.nix
2023-10-07 22:45:51 +02:00

93 lines
1.8 KiB
Nix

{ inputs', ... }:
{
systemd.network.netdevs."mvm0" = {
netdevConfig = {
Name = "mvm0";
Kind = "bridge";
};
};
systemd.network.networks."10-mvm0" = {
matchConfig.Name = "mvm0";
networkConfig.Address = "10.80.1.1/24";
linkConfig.RequiredForOnline = "yes";
};
systemd.network.networks."11-mvm-test" = {
matchConfig.Name = "mvm-test";
networkConfig.Bridge = "mvm0";
linkConfig.RequiredForOnline = "no";
};
microvm.services.tcpUdp.test-ssh = {
hostName = "test";
port = 22;
protocol = [ "tcp" ];
};
microvm.services.http.test = {
hostName = "test";
port = 80;
};
microvm.services.icmp.test = {
hostName = "test";
};
microvm.connections.http = [
{
target = "test";
}
];
microvm.connections.tcpUdp = [
{
target = "test-ssh";
}
];
microvm.connections.icmp = [
{
target = "test";
}
];
microvm.vms = {
test.config = {
imports = [ inputs'.self.nixosModules.microvm-extras ];
microvm = {
hostName = "test";
hostsHostName = "omen";
groupId = 1;
taskId = 2;
};
microvm.hypervisor = "cloud-hypervisor";
microvm.shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}];
microvm.storeOnDisk = false;
networking.firewall.allowedTCPPorts = [ 80 22 ];
services.nginx = {
enable = true;
virtualHosts."example.com" = {
root = "/var/www/blog";
};
};
users.users.root.password = "";
services.getty.helpLine = ''
Log in as "root" with an empty password.
'';
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
};
};
}