swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 21:29:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat[server]: first working microvm

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-12-24 14:48:27 +01:00
parent a7cca50ff7
commit c39cbed1cf
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
40 changed files with 759 additions and 194 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/optional/default.nix
View file

@ -1,3 +1,4 @@
# @ future me: dont panic, this file is not read in by readNix
{ lib, ... }:
let
importNames = lib.swarselsystems.readNix "modules/nixos/optional";

13
modules/nixos/optional/framework.nix
View file

@ -1,12 +1,7 @@
{ self, config, ... }:
{ self, lib, config, withHomeManager, ... }:
{
config = {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [
"${self}/modules/home/optional/framework.nix"
];
};
services = {
fwupd = {
@ -29,5 +24,11 @@
defaultStrategy = "lazy";
};
};
} // lib.optionalAttrs withHomeManager {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [
"${self}/modules/home/optional/framework.nix"
];
};
};
}

14
modules/nixos/optional/gaming.nix
View file

@ -1,13 +1,7 @@
{ self, pkgs, config, ... }:
{ self, lib, pkgs, config, withHomeManager, ... }:
{
config = {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [
"${self}/modules/home/optional/gaming.nix"
];
};
programs.steam = {
enable = true;
package = pkgs.steam;
@ -41,6 +35,12 @@
# ];
# };
# };
} // lib.optionalAttrs withHomeManager {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [
"${self}/modules/home/optional/gaming.nix"
];
};
};
}

31
modules/nixos/optional/microvm-guest.nix
View file

@ -1,9 +1,28 @@
_:
{ self, inputs, ... }:
{
# imports = [
# inputs.microvm.nixosModules.microvm
# ];
imports = [
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
inputs.microvm.nixosModules.host
inputs.microvm.nixosModules.microvm
inputs.nix-index-database.nixosModules.nix-index
inputs.nix-minecraft.nixosModules.minecraft-servers
inputs.nix-topology.nixosModules.default
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
inputs.simple-nixos-mailserver.nixosModules.default
inputs.sops.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default
config =
{ };
(inputs.nixos-extra-modules + "/modules/interface-naming.nix")
"${self}/modules/shared/meta.nix"
];
config = {
system.stateVersion = "23.05";
};
}

116
modules/nixos/optional/systemd-networkd-vlan.nix Normal file
View file

@ -0,0 +1,116 @@
{ lib, config, globals, ... }:
{
systemd.network = {
wait-online.anyInterface = true;
netdevs = {
"10-veth" = {
netdevConfig = {
Kind = "veth";
Name = "veth-br";
};
peerConfig = {
Name = "veth-int";
};
};
"20-br" = {
netdevConfig = {
Kind = "bridge";
Name = "br";
};
};
} // lib.flip lib.concatMapAttrs globals.networks.home-lan.vlans (
vlanName: vlanCfg: {
"30-vlan-${vlanName}" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan-${vlanName}";
};
vlanConfig.Id = vlanCfg.id;
};
"40-me-${vlanName}" = {
netdevConfig = {
Name = "me-${vlanName}";
Kind = "macvlan";
};
extraConfig = ''
[MACVLAN]
Mode=bridge
'';
};
}
);
networks = {
"40-br" = {
matchConfig.Name = "br";
bridgeConfig = { };
linkConfig = {
ActivationPolicy = "always-up";
RequiredForOnline = "no";
};
networkConfig = {
ConfigureWithoutCarrier = true;
LinkLocalAddressing = "no";
};
};
"15-veth-br" = {
matchConfig.Name = "veth-br";
linkConfig = {
RequiredForOnline = "no";
};
networkConfig = {
Bridge = "br";
};
};
"15-veth-int" = {
matchConfig.Name = "veth-int";
linkConfig = {
ActivationPolicy = "always-up";
RequiredForOnline = "no";
};
networkConfig = {
ConfigureWithoutCarrier = true;
LinkLocalAddressing = "no";
};
vlan = map (name: "vlan-${name}") (builtins.attrNames globals.networks.home-lan.vlans);
};
"90-macvtap-ignore" = {
matchConfig.Kind = "macvtap";
linkConfig.ActivationPolicy = "manual";
linkConfig.Unmanaged = "yes";
};
} // lib.flip lib.concatMapAttrs globals.networks.home-lan.vlans (
vlanName: vlanCfg: {
"30-vlan-${vlanName}" = {
matchConfig.Name = "vlan-${vlanName}";
networkConfig.LinkLocalAddressing = "no";
networkConfig.MACVLAN = "me-${vlanName}";
linkConfig.RequiredForOnline = "no";
};
"40-me-${vlanName}" = {
address = [
vlanCfg.hosts.${config.node.name}.cidrv4
vlanCfg.hosts.${config.node.name}.cidrv6
];
matchConfig.Name = "me-${vlanName}";
networkConfig = {
IPv4Forwarding = "yes";
IPv6PrivacyExtensions = "yes";
IPv6SendRA = true;
IPv6AcceptRA = false;
};
ipv6Prefixes = [
{ Prefix = vlanCfg.cidrv6; }
];
linkConfig.RequiredForOnline = "routable";
};
}
);
};
}

4
modules/nixos/optional/uni.nix
View file

@ -1,6 +1,6 @@
{ self, config, ... }:
{ self, config, withHomeManager, ... }:
{
config = {
config = { } // lib.optionalAttrs withHomeManager {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [

17
modules/nixos/optional/work.nix
View file

@ -1,4 +1,4 @@
{ self, lib, pkgs, config, ... }:
{ self, lib, pkgs, config, withHomeManager, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
iwd = config.networking.networkmanager.wifi.backend == "iwd";
@ -18,12 +18,6 @@ in
};
config = {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [
"${self}/modules/home/optional/work.nix"
];
};
sops =
let
secretNames = [
@ -198,7 +192,7 @@ in
openssh = {
enable = true;
extraConfig = ''
'';
'';
};
syncthing = {
@ -236,6 +230,13 @@ in
# ];
# };
# };
} // lib.optionalAttrs withHomeManager {
home-manager.users."${config.swarselsystems.mainUser}" = {
imports = [
"${self}/modules/home/optional/work.nix"
];
};
};
}