{ zentralwerk, config, lib, pkgs, ... }: let netConfig = zentralwerk.lib.config.site.net.serv; nfsExports = [ "var/lib/nfsroot/dacbert" "var/lib/nfsroot/riscbert" "var/lib/dump-dvb/whoopsie" ]; in { microvm = { hypervisor = "qemu"; shares = [ { source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "store"; proto = "virtiofs"; socket = "store.socket"; } ] ++ map (dir: { source = "/var/lib/microvms/${config.networking.hostName}/${dir}"; mountPoint = "/${dir}"; tag = builtins.baseNameOf dir; proto = "virtiofs"; socket = "${builtins.baseNameOf dir}.socket"; }) [ "etc" "home" "var" ]; volumes = map (export: { mountPoint = "/${export}"; image = "/dev/zvol/server10/vm/nfsroot/${builtins.baseNameOf export}"; autoCreate = false; }) nfsExports; interfaces = [ { type = "tap"; id = "nfsroot"; mac = "00:de:fa:c8:28:9c"; } ]; }; fileSystems = builtins.foldl' (fileSystems: export: fileSystems // { "/${export}".options = [ "relatime" "discard" ]; }) {} nfsExports; networking = { hostName = "nfsroot"; useDHCP = false; interfaces.eth0 = { useDHCP = false; ipv4.addresses = [ { address = netConfig.hosts4.${config.networking.hostName}; prefixLength = netConfig.subnet4Len; } ]; }; defaultGateway = netConfig.hosts4.serv-gw; nameservers = [ netConfig.hosts4.dnscache "9.9.9.9" ]; firewall.enable = false; }; system.stateVersion = "22.05"; services.nfs.server = { enable = true; exports = let allowed = [ "172.22.99.0/24" "172.20.72.0/21" "30c:c3d2:b946:76d0::/64" "2a00:8180:2c00:200::/56" "fd23:42:c3d2:500::/56" ]; opts = o: fsid: lib.concatStringsSep "," [ o "async" "no_subtree_check" "no_root_squash" "fsid=${toString fsid}" ]; in '' /var/lib/nfsroot/dacbert ${ lib.concatMapStringsSep " " (subnet: "${subnet}(${opts "rw" 0})" ) allowed } /var/lib/nfsroot/riscbert ${ lib.concatMapStringsSep " " (subnet: "${subnet}(${opts "rw" 1})" ) allowed } /var/lib/dump-dvb/whoopsie ${ lib.concatMapStringsSep " " (subnet: "${subnet}(${opts "rw" 2})" ) allowed } ''; }; }