feat: prepare structure for microvm.nix

2025-10-11 07:10:39 +02:00 · 2023-03-30 01:29:05 +02:00 · 2023-03-30 01:29:05 +02:00 · 66bea99eb6
commit 66bea99eb6
parent aa2a660c61
13 changed files with 124 additions and 82 deletions
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -1,7 +1,9 @@
 {
+  inputs,
  lib,
  pkgs,
  config,
+  nodeName,
  nodeSecrets,
  ...
 }: let
@ -20,6 +22,16 @@ in {
    ./xdg.nix
  ];

+  # Setup secret rekeying parameters
+  rekey.forceRekeyOnSystem = "x86_64-linux";
+  rekey.hostPubkey = let
+    pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
+  in
+    lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
+    pubkeyPath;
+  rekey.masterIdentities = inputs.self.secrets.masterIdentities;
+  rekey.extraEncryptionPubkeys = inputs.self.secrets.extraEncryptionPubkeys;
+
  boot = {
    kernelParams = ["log_buf_len=10M"];
    tmpOnTmpfs = true;
@ -40,6 +52,7 @@ in {
  };

  networking = {
+    hostName = lib.mkDefault nodeName;
    # FIXME: would like to use mkForce false for useDHCP, but nixpkgs#215908 blocks that.
    useDHCP = true;
    useNetworkd = true;
--- a/hosts/common/core/nix.nix
+++ b/hosts/common/core/nix.nix
@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  inputs,
+  pkgs,
+  ...
+}: {
  nix = {
    settings = {
      auto-optimise-store = true;
@ -28,5 +32,12 @@
    '';
    optimise.automatic = true;
    gc.automatic = true;
+    # Define global flakes for this system
+    registry = {
+      nixpkgs.flake = inputs.nixpkgs;
+      p.flake = inputs.nixpkgs;
+      pkgs.flake = inputs.nixpkgs;
+      templates.flake = inputs.templates;
+    };
  };
 }
--- a/hosts/common/sound.nix
+++ b/hosts/common/sound.nix
@ -3,9 +3,8 @@
  pkgs,
  ...
 }: {
-  sound.enable = true;
  environment.systemPackages = with pkgs; [pulseaudio pulsemixer];
-
+  sound.enable = false; # ALSA
  hardware.pulseaudio.enable = lib.mkForce false;
  security.rtkit.enable = true;
  services.pipewire = {
--- a/hosts/nom/meta.nix
+++ b/hosts/nom/meta.nix
@ -1,7 +1,7 @@
 {
  type = "nixos";
  system = "x86_64-linux";
-  physical_connections = {
+  physicalConnections = {
    "10-lan1" = "LAN 1";
    "10-wlan1" = "WiFi";
  };
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -10,7 +10,7 @@

    ../common/core
    ../common/hardware/intel.nix
-    ../common/initrd-ssh.nix
+    #../common/initrd-ssh.nix
    ../common/efi.nix
    ../common/zfs.nix

@ -22,22 +22,9 @@

  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];

-  services.home-assistant = {
-    enable = true;
-    extraComponents = ["default_config" "met" "zha"];
-    openFirewall = true;
-    config = {
-      default_config = {};
-      met = {};
-    };
+  microvm.vms.agag = {
+    flake = self;
+    updateFlake = microvm;
  };
-  #networking.firewall.allowedTCPPorts = [1883];
-  #services.zigbee2mqtt.enable = true;
-  #services.zigbee2mqtt.settings = {
-  #  homeassistant = config.services.home-assistant.enable;
-  #  permit_join = true;
-  #  serial = {
-  #    port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
-  #  };
-  #};
+  autostart = ["guest"];
 }
--- a/hosts/ward/meta.nix
+++ b/hosts/ward/meta.nix
@ -1,7 +1,8 @@
 {
  type = "nixos";
  system = "x86_64-linux";
-  physical_connections = {
+  microVmHost = true;
+  physicalConnections = {
    "10-lan1" = "LAN 1";
    "10-lan2" = "LAN 2";
  };
--- a/hosts/zackbiene/meta.nix
+++ b/hosts/zackbiene/meta.nix
@ -1,7 +1,7 @@
 {
  type = "nixos";
  system = "aarch64-linux";
-  physical_connections = {
+  physicalConnections = {
    "10-lan1" = "LAN 1";
  };
 }