initial rewrite

hosts/olympus/bastion/containers/common.nix

@@ -0,0 +1,6 @@
+# common container config
+{ lib, ... }: {
+  # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+  networking.useHostResolvConf = lib.mkForce false;
+  services.resolved.enable = true;
+}

hosts/olympus/bastion/containers/default.nix

@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+let
+  hostAddress = "10.42.99.1";
+  hostAddress6 = "fc00::1";
+in {
+  # TODO: Loop over subdirs, create nixos container for each
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "ens18";
+    # Lazy IPv6 connectivity for the container
+    enableIPv6 = true;
+
+    forwardPorts = [
+
+    ];
+  };
+
+  # Containers network is
+  # * 10.42.99.0/24
+  # * fc00:x
+
+  containers = {
+
+  };
+}

hosts/olympus/bastion/default.nix

@@ -0,0 +1,38 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ pkgs, ... }: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./containers
+    # ./vms.nix
+  ];
+
+  programs.nix-ld.enable = true;
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+
+  virtualisation.podman.enable = true;
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ vault ];
+
+  networking.useNetworkd = true;
+
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryFlavor = "curses";
+  };
+}

hosts/olympus/bastion/hardware-configuration.nix

@@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot = {
+
+    initrd.availableKernelModules =
+      [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
+    fsType = "ext4";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
+
+}

hosts/olympus/bastion/vms.nix

@@ -0,0 +1,32 @@
+{ config, pkgs, inputs, ... }: {
+  imports = [
+    inputs.microvm.nixosModules.host
+  ];
+
+  microvm.vms = {
+    test-vm = {
+      inherit pkgs;
+
+      # (Optional) A set of special arguments to be passed to the MicroVM's NixOS modules.
+      #specialArgs = {};
+
+      # The configuration for the MicroVM.
+      # Multiple definitions will be merged as expected.
+      config = {
+        # It is highly recommended to share the host's nix-store
+        # with the VMs to prevent building huge images.
+        microvm.hypervisor = "crosvm";
+        microvm.shares = [{
+          source = "/nix/store";
+          mountPoint = "/nix/.ro-store";
+          tag = "ro-store";
+          proto = "virtiofs";
+        }];
+
+        # Any other configuration for your MicroVM
+        # [...]
+      };
+
+    };
+  };
+}