From 87dc4f22b20c3ac95d3bde0096f96e6937745ffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 20 May 2023 02:45:32 +0200
Subject: [PATCH] Revive microvm-default to reduce the mess

---
 flake.nix                    |  4 ++-
 modules/microvm-defaults.nix | 48 ++++++++++++++++++++++++++++++++++++
 modules/microvm.nix          | 45 +--------------------------------
 3 files changed, 52 insertions(+), 45 deletions(-)
 create mode 100644 modules/microvm-defaults.nix

diff --git a/flake.nix b/flake.nix
index b3733fc6..6545b5dd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -772,10 +772,12 @@
         cluster-network = ./modules/cluster/network.nix;
         cluster-options.imports = [
           deployment.nixosModules.deployment-options
-          self.nixosModules.microvm
+          microvm.nixosModules.microvm
+          ./modules/microvm-defaults.nix
         ];
         microvm.imports = [
           microvm.nixosModules.microvm
+          ./modules/microvm-defaults.nix
           ./modules/microvm.nix
         ];
         microvm-host.imports = [
diff --git a/modules/microvm-defaults.nix b/modules/microvm-defaults.nix
new file mode 100644
index 00000000..367c9552
--- /dev/null
+++ b/modules/microvm-defaults.nix
@@ -0,0 +1,48 @@
+# No MicroVM settings but some defaults that enable evaulating NixOS
+# configurations that are destined to be used on Skyflake
+
+{ config, lib, ... }:
+
+{
+  # autoupdates do not make sense inside MicroVMs with read-only /nix/store
+  c3d2.autoUpdate = false;
+
+  boot = {
+    loader.grub.enable = false;
+    kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
+      # table overflow causing packets from nginx to the service to drop
+      # nf_conntrack: nf_conntrack: table full, dropping packet
+      "net.netfilter.nf_conntrack_max" = "65536";
+    };
+    kernelParams = [
+      "preempt=none"
+      # No server/router runs any untrusted user code
+      "mitigations=off"
+    ];
+  };
+
+  fileSystems."/" = lib.mkDefault {
+    fsType = "tmpfs";
+  };
+
+  hardware.enableRedistributableFirmware = false;
+
+  # required that sysctl contains net.netfilter.nf_conntrack_max on boot
+  networking.firewall.autoLoadConntrackHelpers = true;
+
+  # nix store is mounted read only
+  nix.gc.automatic = false;
+
+  systemd.tmpfiles.rules = [
+    "d /home/root 0700 root root -" # createHome does not create it
+  ];
+
+  users = {
+    mutableUsers = false;
+    # store root users files persistent, especially .bash_history
+    users."root" = {
+      createHome = true;
+      home = lib.mkForce "/home/root";
+    };
+  };
+}
diff --git a/modules/microvm.nix b/modules/microvm.nix
index ff4d1af6..397aafaa 100644
--- a/modules/microvm.nix
+++ b/modules/microvm.nix
@@ -69,30 +69,6 @@ in
   };
 
   config = {
-    boot.loader.grub.enable = false;
-
-    # autoupdates do not make sense inside MicroVMs with read-only /nix/store
-    c3d2.autoUpdate = false;
-
-    boot = {
-      kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
-        # table overflow causing packets from nginx to the service to drop
-        # nf_conntrack: nf_conntrack: table full, dropping packet
-        "net.netfilter.nf_conntrack_max" = "65536";
-      };
-      kernelParams = [
-        "preempt=none"
-        # No server/router runs any untrusted user code
-        "mitigations=off"
-      ];
-    };
-
-    fileSystems."/" = lib.mkDefault {
-      fsType = "tmpfs";
-    };
-
-    hardware.enableRedistributableFirmware = false;
-
     microvm = {
       hypervisor = lib.mkDefault "cloud-hypervisor";
       mem = lib.mkDefault 512;
@@ -127,18 +103,12 @@ in
         }) config.c3d2.deployment.mounts;
     };
 
-    networking = {
-      # required that sysctl contains net.netfilter.nf_conntrack_max on boot
-      firewall.autoLoadConntrackHelpers = true;
-    } // lib.optionalAttrs config.c3d2.deployment.autoNetSetup {
+    networking = lib.mkIf config.c3d2.deployment.autoNetSetup {
       useDHCP = false;
       dhcpcd.enable = false;
       useNetworkd = true;
     };
 
-    # nix store is mounted read only
-    nix.gc.automatic = false;
-
     systemd.network = lib.mkIf config.c3d2.deployment.autoNetSetup {
       links = builtins.foldl' (links: net: links // {
         "30-${net}" = {
@@ -192,18 +162,5 @@ in
         ssh root@${serverFQDN} -- $@
       '';
     };
-
-    systemd.tmpfiles.rules = [
-      "d /home/root 0700 root root -" # createHome does not create it
-    ];
-
-    users = {
-      mutableUsers = false;
-      # store root users files persistent, especially .bash_history
-      users."root" = {
-        createHome = true;
-        home = lib.mkForce "/home/root";
-      };
-    };
   };
 }