From d61b1a26eb050323397328cf86b4a62f8eb9a6c6 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Wed, 5 Feb 2025 18:11:49 +0000 Subject: [PATCH] deploy vm --- flake.nix | 1 + hosts/conduwuit/default.nix | 76 +++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 hosts/conduwuit/default.nix diff --git a/flake.nix b/flake.nix index e7ae1b4..52c4b5f 100644 --- a/flake.nix +++ b/flake.nix @@ -64,6 +64,7 @@ let microvm-list = [ "auth" + "conduwuit" "forgejo" "immich" "miniflux" diff --git a/hosts/conduwuit/default.nix b/hosts/conduwuit/default.nix new file mode 100644 index 0000000..1a594ad --- /dev/null +++ b/hosts/conduwuit/default.nix @@ -0,0 +1,76 @@ +{ config, lib, ... }: +let + mac = "02:00:00:00:00:06"; +in +{ + imports = [ + ]; + # sops.defaultSopsFile = ./secrets.yaml; + # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + # sops.secrets = { + # "wg/0xa-proxy" = { + # owner = config.users.users.systemd-network.name; + # }; + # }; + + microvm = { + hypervisor = "qemu"; + mem = 3 * 1024; + vcpu = 2; + interfaces = [ + { + type = "tap"; + id = "uvm-conduwuit"; + mac = mac; + } + ]; + shares = + [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "store"; + proto = "virtiofs"; + socket = "store.socket"; + } + ] + ++ map + (dir: { + source = dir; + mountPoint = "/${dir}"; + tag = dir; + proto = "virtiofs"; + socket = "${dir}.socket"; + }) + [ + "etc" + "var" + "home" + ]; + }; + + networking.useNetworkd = true; + networking.firewall.enable = lib.mkForce false; # firewalling done by the host + + systemd.network = { + enable = true; + networks."11-host" = { + matchConfig.MACAddress = mac; + networkConfig = { + Address = "10.99.99.16/24"; + DHCP = "no"; + }; + routes = [ + { + Gateway = "10.99.99.1"; + Destination = "0.0.0.0/0"; + Metric = 1024; + } + ]; + }; + }; + + networking.hostName = "conduwuit"; + system.stateVersion = "24.11"; +}