hosts/containers/leon: init

2022-06-01 20:46:47 +02:00 · 2022-06-01 20:46:47 +02:00 · d8b302cacc
parent 723ef8db15
commit d8b302cacc
3 changed files with 74 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -588,6 +588,13 @@
          ];
        };

+        leon = nixosSystem' {
+          modules = [
+            microvm.nixosModules.microvm
+            ./hosts/containers/leon
+          ];
+        };
+
      };

      nixosModule = self.nixosModules.c3d2;
--- a/hosts/containers/leon/default.nix
+++ b/hosts/containers/leon/default.nix
@ -0,0 +1,66 @@
+{ zentralwerk, config, pkgs, ... }:
+let
+  netConfig = zentralwerk.lib.config.site.net.serv;
+
+in
+{
+  microvm = {
+    hypervisor = "qemu";
+
+    shares = [ {
+      source = "/nix/store";
+      mountPoint = "/nix/.ro-store";
+      tag = "store";
+      proto = "virtiofs";
+      socket = "store.socket";
+    } ] ++ map (dir: {
+      source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
+      mountPoint = "/${dir}";
+      tag = dir;
+      proto = "virtiofs";
+      socket = "${dir}.socket";
+    }) [ "etc" "home" "var"];
+
+    interfaces = [ {
+      type = "tap";
+      id = "leon";
+      mac = "00:de:8d:c1:9f:45";
+    } ];
+  };
+
+  networking = {
+    hostName = "leon";
+
+    useDHCP = false;
+    interfaces.eth0 = {
+      useDHCP = false;
+      ipv4.addresses = [ {
+        address = netConfig.hosts4.${config.networking.hostName};
+        prefixLength = netConfig.subnet4Len;
+      } ];
+    };
+    defaultGateway = netConfig.hosts4.serv-gw;
+    nameservers = [
+      netConfig.hosts4.dnscache "9.9.9.9"
+    ];
+
+    firewall.enable = true;
+  };
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+  services.openssh.enable = true;
+
+  users.users.leon = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    createHome = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcYiIES2gFpS4OXFpCkiVqV34+duNKOAySkSsO+1e8Nyegmb7mchmCy78uohsjgZD5lPwNUX9UsAY4Uw9vO9w5QV/2zAX5XNElKf8xm4UvtkEiKU5zquxn3iAi1UBrT2+AgRZEOzkPpc5yeh76b9thYZULUao6CXAR2TTD2CaYFIOrZ2psDtAAdNdq8Sqkpg5BaVFnTITHIc+ihr2QpONFsWGHA4J2jgLnKATQIXMfCJuAJb2oAA6FkyMbDqcCkt6Y0FDhHX9Vj8ANzoSwKmptG3S6EEryz/XfYkkqNG37FgKXpCg4pMm84X6T0oWIJ3xLWH7UFAMkxeHE34GYnnU0fw0hmcY0DHYZsG9n+2cKpr0XXA6sXYdp5VwGBJItbAZF3m2qK1xyLtBk02sPzlaS/88knMa784ISPXPJ2fQqoO5cX3fkPJkrK4csEf08ERFa/wouUl+fSDSfK8Ug1qAsY//JpfMSaSZsa6vGS83thpqfWJbxN/dD7Er/lYFA/tE= leon@MacBook-Air"
+    ];
+  };
+
+  system.stateVersion = "22.05";
+}
--- a/hosts/server10/microvms.nix
+++ b/hosts/server10/microvms.nix
@ -1,7 +1,7 @@
 {
  microvm.autostart = [ "oparl" ];
  c3d2.server.bridgePorts = {
-    serv = [ "oparl" ];
+    serv = [ "oparl" "leon" ];
  };

  nix = {