From 592537fb631ffd02466e3f4b49bc2707f7a24fbf Mon Sep 17 00:00:00 2001 From: Vivian Date: Fri, 29 Dec 2023 17:35:24 +0100 Subject: [PATCH] demo vm --- flake.lock | 186 +++++++++++++----- flake.nix | 3 + nixos/hosts/olympus/bastion/configuration.nix | 7 +- nixos/hosts/olympus/bastion/home.nix | 11 -- nixos/hosts/olympus/bastion/vms.nix | 32 +++ 5 files changed, 175 insertions(+), 64 deletions(-) delete mode 100644 nixos/hosts/olympus/bastion/home.nix create mode 100644 nixos/hosts/olympus/bastion/vms.nix diff --git a/flake.lock b/flake.lock index 7e21601..6633b90 100644 --- a/flake.lock +++ b/flake.lock @@ -179,6 +179,26 @@ "type": "github" } }, + "deploy": { + "inputs": { + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_4", + "utils": "utils_2" + }, + "locked": { + "lastModified": 1703087360, + "narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "devshell": { "flake": false, "locked": { @@ -231,7 +251,7 @@ "essentials": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1703847800, @@ -358,6 +378,22 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1668681692, @@ -373,7 +409,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1673956053, @@ -389,7 +425,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1673956053, @@ -476,7 +512,7 @@ }, "flake-utils_10": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1681202837, @@ -509,7 +545,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1701680307, @@ -527,7 +563,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1701680307, @@ -545,7 +581,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1694529238, @@ -563,7 +599,7 @@ }, "flake-utils_6": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1701680307, @@ -581,7 +617,7 @@ }, "flake-utils_7": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1701680307, @@ -599,7 +635,7 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1685518550, @@ -708,7 +744,7 @@ "gnome-autounlock-keyring": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1702994344, @@ -763,7 +799,7 @@ "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-parts": "flake-parts", "flake-utils": "flake-utils_5", "nixpkgs": [ @@ -820,13 +856,13 @@ "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "nixpkgs": [ "nixpkgs" ], "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils_2" + "utils": "utils_3" }, "locked": { "lastModified": 1703666786, @@ -845,7 +881,7 @@ "microvm": { "inputs": { "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "spectrum": "spectrum" }, "locked": { @@ -908,7 +944,7 @@ "nix": { "inputs": { "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nixpkgs-regression": "nixpkgs-regression" }, "locked": { @@ -1120,6 +1156,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1686736559, + "narHash": "sha256-YyUSVoOKIDAscTx7IZhF9x3qgZ9dPNF19fKk+4c5irc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ddf4688dc7aeb14e8a3c549cb6aa6337f187a884", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1645296114, "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", @@ -1135,7 +1187,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1696165369, "narHash": "sha256-pd1cjFHCoEf9q5f9B0HhlOwwpBI9RP3HbUE6xjI7wAI=", @@ -1151,7 +1203,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1682526928, "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", @@ -1167,7 +1219,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1670507980, "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=", @@ -1216,6 +1268,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1703438236, "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", @@ -1231,7 +1299,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1702933230, "narHash": "sha256-xi8AZ3noIXrgmKLR+ij+CeYFoUTKiQuTLL+aA7FRdRQ=", @@ -1246,7 +1314,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1702312524, "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", @@ -1262,7 +1330,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1703438236, "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", @@ -1277,7 +1345,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1703013332, "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", @@ -1293,22 +1361,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1686736559, - "narHash": "sha256-YyUSVoOKIDAscTx7IZhF9x3qgZ9dPNF19fKk+4c5irc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ddf4688dc7aeb14e8a3c549cb6aa6337f187a884", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_stable": { "locked": { "lastModified": 1703351344, @@ -1327,7 +1379,7 @@ "nixvim": { "inputs": { "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { @@ -1378,7 +1430,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "flake-utils": "flake-utils_8", "gitignore": "gitignore_2", "nixpkgs": [ @@ -1463,7 +1515,7 @@ "inputs": { "fenix": "fenix", "naersk": "naersk_2", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1690193312, @@ -1484,6 +1536,7 @@ "attic": "attic", "colmena": "colmena", "comma": "comma", + "deploy": "deploy", "essentials": "essentials", "gnome-autounlock-keyring": "gnome-autounlock-keyring", "home-manager": "home-manager", @@ -1492,7 +1545,7 @@ "microvm": "microvm", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs_stable": "nixpkgs_stable", "nixvim": "nixvim", "nur": "nur", @@ -1608,6 +1661,21 @@ "type": "github" } }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1747,6 +1815,24 @@ } }, "utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_3": { "locked": { "lastModified": 1605370193, "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", @@ -1761,9 +1847,9 @@ "type": "github" } }, - "utils_3": { + "utils_4": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1694529238, @@ -1781,11 +1867,11 @@ }, "vault-secrets": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "flake-utils": "flake-utils_9", "nix": "nix", - "nixpkgs": "nixpkgs_11", - "utils": "utils_3" + "nixpkgs": "nixpkgs_12", + "utils": "utils_4" }, "locked": { "lastModified": 1702898724, @@ -1804,7 +1890,7 @@ "vault-unseal": { "inputs": { "flake-utils": "flake-utils_10", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_13" }, "locked": { "lastModified": 1683013874, @@ -1823,7 +1909,7 @@ "webcord": { "inputs": { "dream2nix": "dream2nix", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "webcord": "webcord_2" }, "locked": { diff --git a/flake.nix b/flake.nix index 47ab4ab..0667b2b 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ nixpkgs_stable.url = "nixpkgs/nixos-23.05"; nur.url = "github:nix-community/NUR"; colmena.url = "github:zhaofengli/colmena"; + deploy.url = "github:serokell/deploy-rs"; vault-secrets.url = "github:serokell/vault-secrets"; microvm.url = "github:astro/microvm.nix"; @@ -57,6 +58,7 @@ , nixos-generators , nur , attic + , deploy , ... }@inputs: let @@ -142,6 +144,7 @@ attic.packages.${pkgs.system}.attic apply-local colmena.packages.${system}.colmena + deploy.packages.${system}.deploy-rs cachix deadnix statix diff --git a/nixos/hosts/olympus/bastion/configuration.nix b/nixos/hosts/olympus/bastion/configuration.nix index 9540561..c93fc19 100644 --- a/nixos/hosts/olympus/bastion/configuration.nix +++ b/nixos/hosts/olympus/bastion/configuration.nix @@ -2,10 +2,11 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ pkgs, ... }: { +{ pkgs, inputs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./vms.nix ]; programs.nix-ld.enable = true; @@ -27,10 +28,10 @@ # Additional packages environment.systemPackages = with pkgs; [ vault ]; + networking.useNetworkd = true; + programs.gnupg.agent = { enable = true; pinentryFlavor = "curses"; }; - - home-manager.users.vivian = import ./home.nix; } diff --git a/nixos/hosts/olympus/bastion/home.nix b/nixos/hosts/olympus/bastion/home.nix deleted file mode 100644 index a65de8e..0000000 --- a/nixos/hosts/olympus/bastion/home.nix +++ /dev/null @@ -1,11 +0,0 @@ -_: { - programs.direnv = { - enable = true; - nix-direnv = { enable = true; }; - }; - - programs.zsh = { - enable = true; - sessionVariables = { DIRENV_LOG_FORMAT = ""; }; - }; -} diff --git a/nixos/hosts/olympus/bastion/vms.nix b/nixos/hosts/olympus/bastion/vms.nix new file mode 100644 index 0000000..6f8a57f --- /dev/null +++ b/nixos/hosts/olympus/bastion/vms.nix @@ -0,0 +1,32 @@ +{ config, pkgs, inputs, ... }: { + imports = [ + inputs.microvm.nixosModules.host + ]; + + microvm.vms = { + test-vm = { + inherit pkgs; + + # (Optional) A set of special arguments to be passed to the MicroVM's NixOS modules. + #specialArgs = {}; + + # The configuration for the MicroVM. + # Multiple definitions will be merged as expected. + config = { + # It is highly recommended to share the host's nix-store + # with the VMs to prevent building huge images. + microvm.hypervisor = "crosvm"; + microvm.shares = [{ + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + }]; + + # Any other configuration for your MicroVM + # [...] + }; + + }; + }; +}