From 61375199e52b9991964611629dc62e4be0ce3d11 Mon Sep 17 00:00:00 2001 From: oddlama Date: Thu, 21 Dec 2023 21:18:08 +0100 Subject: [PATCH] fix: update microvm definitions to new combined guests option --- hosts/ward/default.nix | 22 ++++++++------ modules/config/impermanence.nix | 4 +-- modules/guests/default.nix | 21 +++++++++++-- modules/guests/microvm.nix | 53 ++++++++++----------------------- nix/hosts.nix | 6 ++-- 5 files changed, 51 insertions(+), 55 deletions(-) diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index cf09a19..2d48e15 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -1,4 +1,5 @@ { + config, inputs, lib, nodes, @@ -62,15 +63,18 @@ ]; }; - mkMicrovm = system: guestName: - mkGuest guestName - // { - backend = "microvm"; - microvm = { - system = "x86_64-linux"; - macvtapInterface = "lan"; + mkMicrovm = guestName: { + ${guestName} = + mkGuest guestName + // { + backend = "microvm"; + microvm = { + system = "x86_64-linux"; + macvtap = "lan"; + baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; + }; }; - }; + }; mkContainer = guestName: { ${guestName} = @@ -83,7 +87,7 @@ in lib.mkIf (!minimal) ( {} - // mkContainer "adguardhome" + // mkMicrovm "adguardhome" // mkContainer "forgejo" // mkContainer "grafana" // mkContainer "influxdb" diff --git a/modules/config/impermanence.nix b/modules/config/impermanence.nix index a504a40..182fb53 100644 --- a/modules/config/impermanence.nix +++ b/modules/config/impermanence.nix @@ -85,7 +85,7 @@ in { # State that should be kept across reboots, but is otherwise # NOT important information in any way that needs to be backed up. - fileSystems."/state".neededForBoot = true; + fileSystems."/state".neededForBoot = lib.mkForce true; environment.persistence."/state" = { hideMounts = true; directories = @@ -105,7 +105,7 @@ in { }; # State that should be kept forever, and backed up accordingly. - fileSystems."/persist".neededForBoot = true; + fileSystems."/persist".neededForBoot = lib.mkForce true; environment.persistence."/persist" = { hideMounts = true; files = [ diff --git a/modules/guests/default.nix b/modules/guests/default.nix index ace6626..a64543f 100644 --- a/modules/guests/default.nix +++ b/modules/guests/default.nix @@ -8,6 +8,7 @@ } @ attrs: let inherit (lib) + attrNames attrValues attrsToList disko @@ -22,6 +23,7 @@ mkIf mkMerge mkOption + net types ; @@ -156,10 +158,25 @@ in { description = "The system that this microvm should use"; }; - macvtapInterface = mkOption { + macvtap = mkOption { type = types.str; description = "The host interface to which the microvm should be attached via macvtap"; }; + + baseMac = mkOption { + type = types.net.mac; + description = "The base mac address from which the guest's mac will be derived. Only the second and third byte are used, so for 02:XX:YY:ZZ:ZZ:ZZ, this specifies XX and YY, while Zs are generated automatically. Not used if the mac is set directly."; + default = "02:01:27:00:00:00"; + }; + + mac = mkOption { + type = types.net.mac; + description = "The MAC address for the guest's macvtap interface"; + default = let + base = "02:${lib.substring 3 5 submod.config.microvm.baseMac}:00:00:00"; + in + (net.mac.assignMacs base 24 [] (attrNames config.guests)).${submod.config._module.args.name}; + }; }; # Options for the container backend @@ -175,7 +192,7 @@ in { description = "The main ethernet link name inside of the guest. For containers, this cannot be named similar to an existing interface on the host."; default = if submod.config.backend == "microvm" - then submod.config.microvm.macvtapInterface + then submod.config.microvm.macvtap else if submod.config.backend == "container" then "mv-${submod.config.container.macvlan}" else throw "Invalid backend"; diff --git a/modules/guests/microvm.nix b/modules/guests/microvm.nix index 518e84d..f8b7cb2 100644 --- a/modules/guests/microvm.nix +++ b/modules/guests/microvm.nix @@ -8,20 +8,16 @@ guestName: guestCfg: { }: let inherit (lib) - attrNames + flip + mapAttrsToList mkDefault mkForce - net - optional ; - - mac = (net.mac.assignMacs "02:01:27:00:00:00" 24 [] (attrNames config.guests)).${guestName}; in { specialArgs = { inherit (inputs.self) nodes; inherit (inputs.self.pkgs.${guestCfg.microvm.system}) lib; - inherit inputs; - inherit minimal; + inherit inputs minimal; }; pkgs = inputs.self.pkgs.${guestCfg.microvm.system}; inherit (guestCfg) autostart; @@ -30,7 +26,7 @@ in { # TODO needed because of https://github.com/NixOS/nixpkgs/issues/102137 environment.noXlibs = mkForce false; - lib.microvm.mac = mac; + lib.microvm.mac = guestCfg.microvm.mac; microvm = { hypervisor = mkDefault "qemu"; @@ -43,9 +39,9 @@ in { { type = "macvtap"; id = "vm-${guestName}"; - inherit mac; + inherit (guestCfg.microvm) mac; macvtap = { - link = guestCfg.microvm.macvtapInterface; + link = guestCfg.microvm.macvtap; mode = "bridge"; }; } @@ -60,41 +56,22 @@ in { tag = "ro-store"; proto = "virtiofs"; } - { - source = "/state/guests/${guestName}"; - mountPoint = "/state"; - tag = "state"; + ] + ++ flip mapAttrsToList guestCfg.zfs ( + _: zfsCfg: { + source = zfsCfg.hostMountpoint; + mountPoint = zfsCfg.guestMountpoint; + tag = lib.replaceStrings ["/"] ["_"] zfsCfg.hostMountpoint; proto = "virtiofs"; } - ] - # Mount persistent data from the host - ++ optional guestCfg.zfs.enable { - source = guestCfg.zfs.mountpoint; - mountPoint = "/persist"; - tag = "persist"; - proto = "virtiofs"; - }; + ); }; - # FIXME this should be changed in microvm.nix to mkDefault in order to not require mkForce here - fileSystems."/state".neededForBoot = mkForce true; - fileSystems."/persist".neededForBoot = mkForce true; - # Add a writable store overlay, but since this is always ephemeral # disable any store optimization from nix. microvm.writableStoreOverlay = "/nix/.rw-store"; - nix = { - settings.auto-optimise-store = mkForce false; - optimise.automatic = mkForce false; - gc.automatic = mkForce false; - }; - networking.renameInterfacesByMac.${guestCfg.networking.mainLinkName} = mac; - - systemd.network.networks = { - "10-${guestCfg.networking.mainLinkName}" = { - matchConfig.MACAddress = mac; - }; - }; + networking.renameInterfacesByMac.${guestCfg.networking.mainLinkName} = guestCfg.microvm.mac; + systemd.network.networks."10-${guestCfg.networking.mainLinkName}".matchConfig.MACAddress = guestCfg.microvm.mac; }; } diff --git a/nix/hosts.nix b/nix/hosts.nix index de69f85..27709a2 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -54,13 +54,11 @@ inputs: let guestConfigs = flip concatMapAttrs self.nixosConfigurations (_: node: flip mapAttrs' (node.config.guests or {}) ( guestName: guestDef: - nameValuePair guestDef.nodeName - ( + nameValuePair guestDef.nodeName ( if guestDef.backend == "microvm" then node.config.microvm.vms.${guestName}.config - else node.config.containers.${guestName} + else node.config.containers.${guestName}.nixosConfiguration ) - .nixosConfiguration )); in { inherit