commit 915e2d63777d79471672ce0afb6749717be8f3ab · nekomimi.pet/nixcfg

+73 -1

flake.lock

··· 84 84 "systems": "systems_3" 85 85 }, 86 86 "locked": { 87 + "lastModified": 1731533236, 88 + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 89 + "owner": "numtide", 90 + "repo": "flake-utils", 91 + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 92 + "type": "github" 93 + }, 94 + "original": { 95 + "owner": "numtide", 96 + "repo": "flake-utils", 97 + "type": "github" 98 + } 99 + }, 100 + "flake-utils_3": { 101 + "inputs": { 102 + "systems": "systems_4" 103 + }, 104 + "locked": { 87 105 "lastModified": 1681202837, 88 106 "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 89 107 "owner": "numtide", ··· 209 227 "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" 210 228 } 211 229 }, 230 + "microvm": { 231 + "inputs": { 232 + "flake-utils": "flake-utils_2", 233 + "nixpkgs": [ 234 + "nixpkgs" 235 + ], 236 + "spectrum": "spectrum" 237 + }, 238 + "locked": { 239 + "lastModified": 1750196518, 240 + "narHash": "sha256-HJYnJg3TvzFZjVgYHZgH3NtwqkqKiGVCJXpZlO4Y4EE=", 241 + "owner": "astro", 242 + "repo": "microvm.nix", 243 + "rev": "094da86a3e68f2f0d93b654e97b5d42398ead67d", 244 + "type": "github" 245 + }, 246 + "original": { 247 + "owner": "astro", 248 + "repo": "microvm.nix", 249 + "type": "github" 250 + } 251 + }, 212 252 "nixos-hardware": { 213 253 "locked": { 214 254 "lastModified": 1750083401, ··· 293 333 "catppuccin": "catppuccin", 294 334 "home-manager": "home-manager_2", 295 335 "lix-module": "lix-module", 336 + "microvm": "microvm", 296 337 "nixos-hardware": "nixos-hardware", 297 338 "nixpkgs": "nixpkgs_3", 298 339 "vscode-server": "vscode-server", 299 340 "zen-browser": "zen-browser" 300 341 } 301 342 }, 343 + "spectrum": { 344 + "flake": false, 345 + "locked": { 346 + "lastModified": 1746869549, 347 + "narHash": "sha256-BKZ/yZO/qeLKh9YqVkKB6wJiDQJAZNN5rk5NsMImsWs=", 348 + "ref": "refs/heads/main", 349 + "rev": "d927e78530892ec8ed389e8fae5f38abee00ad87", 350 + "revCount": 862, 351 + "type": "git", 352 + "url": "https://spectrum-os.org/git/spectrum" 353 + }, 354 + "original": { 355 + "type": "git", 356 + "url": "https://spectrum-os.org/git/spectrum" 357 + } 358 + }, 302 359 "systems": { 303 360 "locked": { 304 361 "lastModified": 1681028828, ··· 344 401 "type": "github" 345 402 } 346 403 }, 404 + "systems_4": { 405 + "locked": { 406 + "lastModified": 1681028828, 407 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 408 + "owner": "nix-systems", 409 + "repo": "default", 410 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 411 + "type": "github" 412 + }, 413 + "original": { 414 + "owner": "nix-systems", 415 + "repo": "default", 416 + "type": "github" 417 + } 418 + }, 347 419 "vscode-server": { 348 420 "inputs": { 349 - "flake-utils": "flake-utils_2", 421 + "flake-utils": "flake-utils_3", 350 422 "nixpkgs": "nixpkgs_4" 351 423 }, 352 424 "locked": {

+4 -3

flake.nix

··· 15 15 url = "github:0xc000022070/zen-browser-flake"; 16 16 inputs.nixpkgs.follows = "nixpkgs"; 17 17 }; 18 - #microvm.url = "github:astro/microvm.nix"; 19 - #microvm.inputs.nixpkgs.follows = "nixpkgs"; 18 + microvm.url = "github:astro/microvm.nix"; 19 + microvm.inputs.nixpkgs.follows = "nixpkgs"; 20 20 21 21 catppuccin.url = "github:catppuccin/nix"; 22 22 home-manager = { ··· 88 88 89 89 vscode-server.nixosModules.default 90 90 agenix.nixosModules.default 91 - 91 + microvm.nixosModules.host 92 + 92 93 { imports = builtins.attrValues nixosModules; } 93 94 ]; 94 95 };

+45 -18

hosts/valefar/default.nix

··· 1 1 # hosts/valefar/configuration.nix (or default.nix) 2 - { config, lib, pkgs, modulesPath, inputs, ... }: 2 + { config, lib, pkgs, modulesPath, microvm, inputs, ... }: 3 3 { 4 4 # ============================================================================= 5 5 # IMPORTS ··· 8 8 # Host-specific hardware 9 9 ./hardware.nix 10 10 ./secrets.nix 11 + ../../common/nvidia.nix 11 12 12 13 # Common modules shared across hosts 13 14 ../../common/system.nix ··· 42 43 # ============================================================================= 43 44 # NETWORKING 44 45 # ============================================================================= 45 - networking = { 46 + /*networking = { 46 47 hostName = "valefar"; 47 48 hostId = "2a07da90"; 48 49 firewall.enable = false; ··· 51 52 useDHCP = true; 52 53 firewall.allowedTCPPorts = [ 22 80 443 2049 2456 2457 9000 9001 9002 ]; 53 54 firewall.allowedUDPPorts = [ 2049 ]; 55 + };*/ 56 + networking.useNetworkd = true; 57 + systemd.network.enable = true; 58 + networking.hostName = "valefar"; 59 + networking.hostId = "2a07da90"; 60 + networking.firewall.enable = false; 61 + 62 + systemd.network.networks."10-lan" = { 63 + matchConfig.Name = ["enp6s0" "vm-*"]; 64 + networkConfig = { 65 + Bridge = "br0"; 66 + }; 67 + }; 68 + systemd.network.netdevs."br0" = { 69 + netdevConfig = { 70 + Name = "br0"; 71 + Kind = "bridge"; 72 + }; 73 + }; 74 + 75 + systemd.network.networks."10-lan-bridge" = { 76 + matchConfig.Name = "br0"; 77 + networkConfig = { 78 + Address = ["10.0.0.30/24" "2601:5c2:8400:26c0::30/64"]; 79 + Gateway = "10.0.0.1"; 80 + DNS = ["10.0.0.210" "1.1.1.1" "1.0.0.1"]; 81 + IPv6AcceptRA = true; 82 + }; 83 + linkConfig.RequiredForOnline = "routable"; 54 84 }; 55 85 56 86 # DNS resolution ··· 158 188 inputs.agenix.packages.x86_64-linux.default 159 189 ]; 160 190 191 + 161 192 # ============================================================================= 162 - # COMMENTED OUT / DISABLED 193 + # VIRTUAL MACHINES 163 194 # ============================================================================= 164 - # Remote unlock via SSH (commented out) 165 - # boot.kernelParams = [ "ip=dhcp" ]; 166 - # boot.initrd = { 167 - # availableKernelModules = [ "r8169" ]; 168 - # network = { 169 - # enable = true; 170 - # ssh = { 171 - # enable = true; 172 - # port = 22; 173 - # authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" ]; 174 - # hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; 175 - # shell = "/bin/cryptsetup-askpass"; 176 - # }; 177 - # }; 178 - # }; 195 + systemd.services."microvm@".after = [ "microvm-virtiofsd@%i.service" ]; 196 + 197 + microvm.vms = { 198 + gameservers = { 199 + config = import ./gamevm.nix; 200 + }; 201 + }; 202 + 203 + microvm.autostart = [ 204 + "gameservers" 205 + ]; 179 206 }

+80

hosts/valefar/gamevm.nix

··· 1 + { config, lib, pkgs, modulesPath, microvm, inputs, ... }: 2 + 3 + { 4 + # ============================================================================= 5 + # IMPORTS 6 + # ============================================================================= 7 + imports = [ 8 + # Common modules shared across hosts 9 + ../../common/system.nix 10 + ../../common/users.nix 11 + ../../common/services.nix 12 + ]; 13 + 14 + system.stateVersion = "25.05"; 15 + networking.hostName = "gameservers"; 16 + 17 + virtualisation.docker = { 18 + enable = true; 19 + enableOnBoot = true; 20 + }; 21 + 22 + systemd.network.networks."20-lan" = { 23 + matchConfig.Type = "ether"; 24 + networkConfig = { 25 + Address = [ 26 + "10.0.0.31/24" 27 + "2601:5c2:8400:26c0::31/64" 28 + ]; 29 + Gateway = "10.0.0.1"; 30 + DNS = [ 31 + "10.0.0.210" 32 + "1.1.1.1" 33 + "1.0.0.1" 34 + ]; 35 + IPv6AcceptRA = true; 36 + DHCP = "no"; 37 + }; 38 + }; 39 + 40 + systemd.network.networks."19-docker" = { 41 + matchConfig.Name = "veth*"; 42 + linkConfig = { 43 + Unmanaged = true; 44 + }; 45 + }; 46 + 47 + microvm = { 48 + interfaces = [ 49 + { 50 + type = "tap"; 51 + id = "vm-test1"; 52 + mac = "02:00:00:00:00:01"; 53 + } 54 + ]; 55 + 56 + shares = [ 57 + { 58 + source = "/nix/store"; 59 + mountPoint = "/nix/.ro-store"; 60 + tag = "ro-store"; 61 + proto = "virtiofs"; 62 + } 63 + { 64 + source = "/etc/ssh"; 65 + mountPoint = "/etc/ssh"; 66 + tag = "ssh"; 67 + proto = "virtiofs"; 68 + } 69 + { 70 + source = "/home/regent/gamedata"; 71 + mountPoint = "/root/gamedata"; 72 + tag = "gamedata"; 73 + proto = "virtiofs"; 74 + } 75 + ]; 76 + 77 + vcpu = 4; 78 + mem = 8192; 79 + }; 80 + }