c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

server10: add microvm-staging

This commit is contained in:
Astro 2022-05-15 02:46:14 +02:00
parent 992ef4cad2
commit e077cd1cd3
5 changed files with 255 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
flake.lock
View File

@ -21,6 +21,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"locked": {
"lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"heliwatch": { "heliwatch": {
"inputs": { "inputs": {
"fenix": [ "fenix": [
@ -86,6 +101,25 @@
"type": "github" "type": "github"
} }
}, },
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1652316068,
"narHash": "sha256-9vrbO7lnjd9t4xVnrPOBJXrg0pUA7oxuIj99F+Saxsc=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "95bca60048a486d71d0d63f51e66bedabaf6a4c7",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"naersk": { "naersk": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -234,6 +268,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1649986882,
"narHash": "sha256-cNsInUFq1MbuvaEmv8x6jetWnmAU+osMpnwKumtjksI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5181d5945eda382ff6a9ca3e072ed6ea9b547fee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1651368560, "lastModified": 1651368560,
"narHash": "sha256-OV6o5j27tnwqGhQd1u8/p5TjQI7+HyOnl6erteId4IE=", "narHash": "sha256-OV6o5j27tnwqGhQd1u8/p5TjQI7+HyOnl6erteId4IE=",
@ -249,7 +299,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1651024496, "lastModified": 1651024496,
"narHash": "sha256-uKSrrw/neSkxX6TXPSaMyfu7iKzFrK7F6HOt6vQefGY=", "narHash": "sha256-uKSrrw/neSkxX6TXPSaMyfu7iKzFrK7F6HOt6vQefGY=",
@ -282,7 +332,7 @@
}, },
"openwrt-imagebuilder": { "openwrt-imagebuilder": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"openwrt": "openwrt_2" "openwrt": "openwrt_2"
}, },
"locked": { "locked": {
@ -320,9 +370,10 @@
"fenix": "fenix", "fenix": "fenix",
"heliwatch": "heliwatch", "heliwatch": "heliwatch",
"hydra": "hydra", "hydra": "hydra",
"microvm": "microvm",
"naersk": "naersk", "naersk": "naersk",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-mobilizon": "nixpkgs-mobilizon", "nixpkgs-mobilizon": "nixpkgs-mobilizon",
"nixpkgs-openwebrx": "nixpkgs-openwebrx", "nixpkgs-openwebrx": "nixpkgs-openwebrx",

4
flake.nix
View File

@ -55,9 +55,10 @@
url = "github:nixos/hydra"; url = "github:nixos/hydra";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
microvm.url = "github:astro/microvm.nix";
}; };
outputs = inputs@{ self, nixpkgs, secrets, nixos-hardware, zentralwerk, yammat, scrapers, spacemsg, tigger, ticker, heliwatch, sops-nix, naersk, fenix, ... }: outputs = inputs@{ self, nixpkgs, secrets, nixos-hardware, zentralwerk, yammat, scrapers, spacemsg, tigger, ticker, heliwatch, sops-nix, naersk, fenix, microvm, ... }:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
@ -542,6 +543,7 @@
server10 = nixosSystem' { server10 = nixosSystem' {
modules = [ modules = [
./hosts/server10 ./hosts/server10
microvm.nixosModules.host
]; ];
}; };

1
hosts/server10/default.nix
View File

@ -5,6 +5,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./network.nix ./network.nix
./microvm-staging.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.

89
hosts/server10/microvm-staging.nix Normal file
View File

@ -0,0 +1,89 @@
{ config, pkgs, ... }:
let
microvms = {
staging-data-hoarder = {
flakeref = "github:dump-dvb/nix-config";
};
};
in
{
microvm.autostart = builtins.attrNames microvms;
systemd.services = {
"staging-dh-create-data" = {
description = "Create ZFS datasets for staging-data-hoarder shares";
requiredBy = [
"microvm@staging-data-hoarder.service"
];
before = [
"microvm@staging-data-hoarder.service"
];
after = [
"microvm-create@staging-data-hoarder.service"
];
serviceConfig = {
Type = "oneshot";
};
path = [ pkgs.zfs ];
script = ''
cd /var/lib/microvms/staging-data-hoarder
for MNT in etc var ; do
[ -d $MNT ] || zfs create -o mountpoint=`pwd`/$MNT ${config.networking.hostName}/vm/staging-data-hoarder/$MNT
done
'';
};
"microvm-update@" = {
description = "Update MicroVMs automatically";
after = [ "network-online.target" ];
unitConfig.ConditionPathExists = "/var/lib/microvms/%i";
serviceConfig = {
Type = "oneshot";
};
scriptArgs = "%i";
path = [ pkgs.nixFlakes ];
script = ''
NAME=$1
set +e
nix flake update $(cat /var/lib/microvms/$NAME/flake)
set -e
/run/current-system/sw/bin/microvm -Ru $NAME
'';
};
} // builtins.foldl' (services: name: services // {
"microvm-create-${name}" = {
description = "Create MicroVM ${name} automatically";
wantedBy = [ "microvms.target" ];
after = [ "network-online.target" ];
before = [
"microvm-tap-interfaces@${name}.service"
"microvm-virtiofsd@${name}.service"
];
unitConfig.ConditionPathExists = "!/var/lib/microvms/${name}";
serviceConfig.Type = "oneshot";
scriptArgs = "${name}";
script = ''
/run/current-system/sw/bin/microvm -c ${name} -f "${microvms.${name}.flakeref}"
'';
};
}) {} (builtins.attrNames microvms);
systemd.timers = builtins.foldl' (timers: name: timers // {
"microvm-update-${name}" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "microvm-update@${name}.service";
# three times per hour
OnCalendar = "*:0,20,40:00";
Persistent = true;
};
};
}) {} (builtins.attrNames microvms);
c3d2.server.bridgePorts = {
serv = [
"staging-dh"
];
};
}

196
hosts/server10/network.nix
View File

@ -12,106 +12,126 @@ let
in in
{ {
networking.useDHCP = false; options = with lib; {
networking.useNetworkd = true; c3d2.server.bridgePorts = mkOption {
description = "Additional interfaces to attach to bridges";
type = with types; attrsOf (listOf str);
default = {};
};
};
config = {
networking.useDHCP = false;
networking.useNetworkd = true;
boot.kernelParams = [ boot.kernelParams = [
# Prevents automatic creation of interface bond0 by the kernel # Prevents automatic creation of interface bond0 by the kernel
"bonding.max_bonds=0" "bonding.max_bonds=0"
]; ];
systemd.network = { systemd.network = {
enable = true; enable = true;
netdevs = { netdevs = {
bond0.netdevConfig = { bond0.netdevConfig = {
Kind = "bond"; Kind = "bond";
Name = "bond0"; Name = "bond0";
}; };
# LACP # LACP
bond0.bondConfig.Mode = "802.3ad"; bond0.bondConfig.Mode = "802.3ad";
} // ( } // (
builtins.foldl' (result: net: result // { builtins.foldl' (result: net: result // {
# Bridges are named just like the corresponding net. # Bridges are named just like the corresponding net.
"${net}" = { "${net}" = {
netdevConfig = { netdevConfig = {
Kind = "bridge"; Kind = "bridge";
Name = "${net}"; Name = "${net}";
}; };
extraConfig = '' extraConfig = ''
[Bridge] [Bridge]
ForwardDelaySec=2 ForwardDelaySec=2
STP=true STP=true
''; '';
};
# External VLAN interface
"ext-${net}" = {
netdevConfig = {
Kind = "vlan";
Name = "ext-${net}";
}; };
vlanConfig.Id = zwNets.${net}.vlan; # External VLAN interface
}; "ext-${net}" = {
}) {} zwHostBridges netdevConfig = {
); Kind = "vlan";
Name = "ext-${net}";
};
vlanConfig.Id = zwNets.${net}.vlan;
};
}) {} zwHostBridges
);
networks = { networks = {
en = { en = {
# physical ethernet ports # physical ethernet ports
matchConfig.Name = "en*"; matchConfig.Name = "en*";
networkConfig = { networkConfig = {
Bond = "bond0"; Bond = "bond0";
LLDP = true; LLDP = true;
EmitLLDP = true; EmitLLDP = true;
};
}; };
}; bond0 = {
bond0 = {
DHCP = "no";
matchConfig.Name = "bond0";
networkConfig = {
VLAN = map (net: "ext-${net}") zwHostBridges;
LinkLocalAddressing = "no";
LLDP = true;
EmitLLDP = true;
};
};
} // (builtins.foldl' (result: net: result // {
"${net}" = {
matchConfig.Name = net;
networkConfig = {
LLDP = true;
EmitLLDP = true;
DHCP = "no"; DHCP = "no";
} // (lib.optionalAttrs (! zwNets.${net}.hosts4 ? ${hostName})) { matchConfig.Name = "bond0";
# Disable all automatic addressing on bridges. It will delay networkConfig = {
# networkd going into operational state. VLAN = map (net: "ext-${net}") zwHostBridges;
LinkLocalAddressing = lib.mkDefault "no"; LinkLocalAddressing = "no";
LLDP = true;
EmitLLDP = true;
};
}; };
addresses = } // (builtins.foldl' (result: net: result // {
let "${net}" = {
netConfig = zwNets.${net}; matchConfig.Name = net;
address = netConfig.hosts4.${hostName}; networkConfig = {
prefixLen = netConfig.subnet4Len; LLDP = true;
in EmitLLDP = true;
lib.optional (netConfig.hosts4 ? ${hostName}) { DHCP = "no";
addressConfig.Address = "${address}/${toString prefixLen}"; } // (lib.optionalAttrs (! zwNets.${net}.hosts4 ? ${hostName})) {
} ++ # Disable all automatic addressing on bridges. It will delay
builtins.concatMap (hosts6: # networkd going into operational state.
lib.optional (hosts6 ? ${hostName}) { LinkLocalAddressing = lib.mkDefault "no";
addressConfig.Address = "${hosts6.${hostName}}/64"; };
} addresses =
) (builtins.attrValues netConfig.hosts6); let
netConfig = zwNets.${net};
address = netConfig.hosts4.${hostName};
prefixLen = netConfig.subnet4Len;
in
lib.optional (netConfig.hosts4 ? ${hostName}) {
addressConfig.Address = "${address}/${toString prefixLen}";
} ++
builtins.concatMap (hosts6:
lib.optional (hosts6 ? ${hostName}) {
addressConfig.Address = "${hosts6.${hostName}}/64";
}
) (builtins.attrValues netConfig.hosts6);
gateway = lib.optionals (net == "cluster") [ gateway = lib.optionals (net == "cluster") [
zwNets.cluster.hosts4.cls-gw zwNets.cluster.hosts4.cls-gw
zwNets.cluster.hosts6.dn42.cls-gw zwNets.cluster.hosts6.dn42.cls-gw
]; ];
}; };
"ext-${net}" = { "ext-${net}" = {
matchConfig.Name = "ext-${net}"; matchConfig.Name = "ext-${net}";
# Attach eth*/bond0/VLAN to bridge # Attach eth*/bond0/VLAN to bridge
networkConfig.Bridge = net; networkConfig.Bridge = net;
}; };
}) {} zwHostBridges); }) {} zwHostBridges) //
builtins.foldl' (result: net:
builtins.foldl' (result: port:
result // {
"${net}-${port}" = {
matchConfig.Name = port;
networkConfig.Bridge = net;
};
}
) result (config.c3d2.server.bridgePorts.${net})
) {} (builtins.attrNames config.c3d2.server.bridgePorts);
};
}; };
} }