From 4cddd93189ec26fed40edd953d51b29b979b9b58 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 11 Jun 2025 22:53:22 +0200 Subject: [PATCH] deploy microvm --- flake.nix | 1 + hosts/stream/default.nix | 77 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 hosts/stream/default.nix diff --git a/flake.nix b/flake.nix index ddde63b..2b085bc 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,7 @@ "forgejo" "miniflux" "radicale" + "stream" ]; microvm-unstable-list = [ "auth" diff --git a/hosts/stream/default.nix b/hosts/stream/default.nix new file mode 100644 index 0000000..cd0b29e --- /dev/null +++ b/hosts/stream/default.nix @@ -0,0 +1,77 @@ +{ config, lib, ... }: +let + mac = "02:00:00:00:00:07"; +in +{ + imports = [ + ]; + # sops.defaultSopsFile = ./secrets.yaml; + # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # + # sops.secrets = { + # "wg/0xa-proxy" = { + # owner = config.users.users.systemd-network.name; + # }; + # }; + + microvm = { + hypervisor = "qemu"; + mem = 3 * 1024; + vcpu = 2; + interfaces = [ + { + type = "tap"; + id = "uvm-stream"; + mac = mac; + } + ]; + shares = + [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "store"; + proto = "virtiofs"; + socket = "store.socket"; + } + ] + ++ map + (dir: { + source = dir; + mountPoint = "/${dir}"; + tag = dir; + proto = "virtiofs"; + socket = "${dir}.socket"; + }) + [ + "etc" + "var" + "media" + "home" + ]; + }; + + networking.useNetworkd = true; + networking.firewall.enable = lib.mkForce false; # firewalling done by the host + + systemd.network = { + enable = true; + networks."11-host" = { + matchConfig.MACAddress = mac; + networkConfig = { + Address = "10.99.99.17/24"; + DHCP = "no"; + }; + routes = [ + { + Gateway = "10.99.99.1"; + Destination = "0.0.0.0/0"; + Metric = 1024; + } + ]; + }; + }; + + networking.hostName = "stream"; + system.stateVersion = "25.05"; +}