feat: prepare structure for microvm.nix

2025-10-11 07:10:39 +02:00 · 2023-03-30 01:29:05 +02:00 · 2023-03-30 01:29:05 +02:00 · 66bea99eb6
commit 66bea99eb6
parent aa2a660c61
13 changed files with 124 additions and 82 deletions
--- a/flake.nix
+++ b/flake.nix
@ -63,6 +63,7 @@
      hosts = import ./nix/hosts.nix inputs;
      colmena = import ./nix/colmena.nix inputs;
      homeConfigurations = import ./nix/home-manager.nix inputs;
      microVms = import ./nix/microvms.nix inputs;
      inherit ((colmena.lib.makeHive self.colmena).introspect (x: x)) nodes;
    }
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -1,7 +1,9 @@
 {
  inputs,
  lib,
  pkgs,
  config,
  nodeName,
  nodeSecrets,
  ...
 }: let
@ -20,6 +22,16 @@ in {
    ./xdg.nix
  ];
  # Setup secret rekeying parameters
  rekey.forceRekeyOnSystem = "x86_64-linux";
  rekey.hostPubkey = let
    pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
  in
    lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
    pubkeyPath;
  rekey.masterIdentities = inputs.self.secrets.masterIdentities;
  rekey.extraEncryptionPubkeys = inputs.self.secrets.extraEncryptionPubkeys;
  boot = {
    kernelParams = ["log_buf_len=10M"];
    tmpOnTmpfs = true;
@ -40,6 +52,7 @@ in {
  };
  networking = {
    hostName = lib.mkDefault nodeName;
    # FIXME: would like to use mkForce false for useDHCP, but nixpkgs#215908 blocks that.
    useDHCP = true;
    useNetworkd = true;
--- a/hosts/common/core/nix.nix
+++ b/hosts/common/core/nix.nix
@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
  inputs,
  pkgs,
  ...
 }: {
  nix = {
    settings = {
      auto-optimise-store = true;
@ -28,5 +32,12 @@
    '';
    optimise.automatic = true;
    gc.automatic = true;
    # Define global flakes for this system
    registry = {
      nixpkgs.flake = inputs.nixpkgs;
      p.flake = inputs.nixpkgs;
      pkgs.flake = inputs.nixpkgs;
      templates.flake = inputs.templates;
    };
  };
 }
--- a/hosts/common/sound.nix
+++ b/hosts/common/sound.nix
@ -3,9 +3,8 @@
  pkgs,
  ...
 }: {
  sound.enable = true;
  environment.systemPackages = with pkgs; [pulseaudio pulsemixer];
-
+  sound.enable = false; # ALSA
  hardware.pulseaudio.enable = lib.mkForce false;
  security.rtkit.enable = true;
  services.pipewire = {
--- a/hosts/nom/meta.nix
+++ b/hosts/nom/meta.nix
@ -1,7 +1,7 @@
 {
  type = "nixos";
  system = "x86_64-linux";
-  physical_connections = {
+  physicalConnections = {
    "10-lan1" = "LAN 1";
    "10-wlan1" = "WiFi";
  };
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -10,7 +10,7 @@
    ../common/core
    ../common/hardware/intel.nix
-    ../common/initrd-ssh.nix
+    #../common/initrd-ssh.nix
    ../common/efi.nix
    ../common/zfs.nix
@ -22,22 +22,9 @@
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
-  services.home-assistant = {
+  microvm.vms.agag = {
-    enable = true;
+    flake = self;
-    extraComponents = ["default_config" "met" "zha"];
+    updateFlake = microvm;
    openFirewall = true;
    config = {
      default_config = {};
      met = {};
    };
  };
-  #networking.firewall.allowedTCPPorts = [1883];
+  autostart = ["guest"];
  #services.zigbee2mqtt.enable = true;
  #services.zigbee2mqtt.settings = {
  #  homeassistant = config.services.home-assistant.enable;
  #  permit_join = true;
  #  serial = {
  #    port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
  #  };
  #};
 }
--- a/hosts/ward/meta.nix
+++ b/hosts/ward/meta.nix
@ -1,7 +1,8 @@
 {
  type = "nixos";
  system = "x86_64-linux";
-  physical_connections = {
+  microVmHost = true;
  physicalConnections = {
    "10-lan1" = "LAN 1";
    "10-lan2" = "LAN 2";
  };
--- a/hosts/zackbiene/meta.nix
+++ b/hosts/zackbiene/meta.nix
@ -1,7 +1,7 @@
 {
  type = "nixos";
  system = "aarch64-linux";
-  physical_connections = {
+  physicalConnections = {
    "10-lan1" = "LAN 1";
  };
 }
--- a/nix/colmena.nix
+++ b/nix/colmena.nix
@ -1,45 +1,18 @@
 {
  self,
  colmena,
  home-manager,
  #impermanence,
  nixos-hardware,
  nixpkgs,
  agenix,
  agenix-rekey,
  templates,
  ...
-}:
+} @ inputs: let
-with nixpkgs.lib; let
+  inherit
-  nixosHosts = filterAttrs (_: x: x.type == "nixos") self.hosts;
+    (nixpkgs.lib)
-  generateColmenaNode = hostName: _: {
+    filterAttrs
-    imports = [
+    mapAttrs
-      ({config, ...}: {
+    ;
-        # By default, set networking.hostName to the hostName
+
-        networking.hostName = mkDefault hostName;
+  nixosNodes = filterAttrs (_: x: x.type == "nixos") self.hosts;
-        # Define global flakes for this system
+  nodes = mapAttrs (import ./generate-node.nix inputs) nixosNodes;
-        nix.registry = {
+  generateColmenaNode = nodeName: _: {
-          nixpkgs.flake = nixpkgs;
+    inherit (nodes.${nodeName}) imports;
          p.flake = nixpkgs;
          pkgs.flake = nixpkgs;
          templates.flake = templates;
        };
        # Setup parameters for Secrets
        rekey.forceRekeyOnSystem = "x86_64-linux";
        rekey.hostPubkey = let
          pubkeyPath = ../hosts + "/${hostName}/secrets/host.pub";
        in
          mkIf (pathExists pubkeyPath || trace "Missing pubkey for ${hostName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
          pubkeyPath;
        rekey.masterIdentities = self.secrets.masterIdentities;
        rekey.extraEncryptionPubkeys = self.secrets.extraEncryptionPubkeys;
      })
      (../hosts + "/${hostName}")
      home-manager.nixosModules.default
      #impermanence.nixosModules.default
      agenix.nixosModules.default
      agenix-rekey.nixosModules.default
    ];
  };
 in
  {
@ -47,18 +20,8 @@ in
      description = "oddlama's colmena configuration";
      # Just a required dummy for colmena, overwritten on a per-node basis by nodeNixpkgs below.
      nixpkgs = self.pkgs.x86_64-linux;
-      nodeNixpkgs = mapAttrs (hostName: {system, ...}: self.pkgs.${system}) nixosHosts;
+      nodeNixpkgs = mapAttrs (_: node: node.pkgs) nodes;
-      nodeSpecialArgs =
+      nodeSpecialArgs = mapAttrs (_: node: node.specialArgs) nodes;
        mapAttrs (hostName: _: {
          nodeSecrets = self.secrets.content.nodes.${hostName};
        })
        nixosHosts;
      specialArgs = {
        inherit (nixpkgs) lib;
        secrets = self.secrets.content;
        nixos-hardware = nixos-hardware.nixosModules;
        #impermanence = impermanence.nixosModules;
      };
    };
  }
-  // mapAttrs generateColmenaNode nixosHosts
+  // mapAttrs generateColmenaNode nodes
--- a/nix/generate-node.nix
+++ b/nix/generate-node.nix
@ -0,0 +1,45 @@
 {
  self,
  colmena,
  home-manager,
  #impermanence,
  nixos-hardware,
  nixpkgs,
  microvm,
  agenix,
  agenix-rekey,
  ...
 } @ inputs: let
  inherit
    (nixpkgs.lib)
    optionals
    ;
 in
  nodeName: nodeMeta: {
    inherit (nodeMeta) system;
    pkgs = self.pkgs.${nodeMeta.system};
    specialArgs = {
      inherit (nixpkgs) lib;
      inherit inputs;
      inherit nodeName;
      inherit nodeMeta;
      secrets = self.secrets.content;
      nodeSecrets = self.secrets.content.nodes.${nodeName};
      nixos-hardware = nixos-hardware.nixosModules;
      #impermanence = impermanence.nixosModules;
    };
    imports =
      [
        (../hosts + "/${nodeName}")
        home-manager.nixosModules.default
        #impermanence.nixosModules.default
        agenix.nixosModules.default
        agenix-rekey.nixosModules.default
      ]
      ++ optionals nodeMeta.microVmHost [
        microvm.nixosModules.host
      ]
      ++ optionals (nodeMeta.type == "microvm") [
        microvm.nixosModules.microvm
      ];
  }
--- a/nix/hosts.nix
+++ b/nix/hosts.nix
@ -1,5 +1,10 @@
-{nixpkgs, ...}:
+{nixpkgs, ...}: let
-nixpkgs.lib.concatMapAttrs (nodeName: fileType:
+  hostDefaults = {
    physicalConnections = {};
    microVmHost = false;
  };
 in
  nixpkgs.lib.concatMapAttrs (nodeName: fileType:
    if fileType == "directory" && nodeName != "common"
-    then {${nodeName} = import (../hosts + "/${nodeName}/meta.nix");}
+    then {${nodeName} = hostDefaults // import (../hosts + "/${nodeName}/meta.nix");}
    else {}) (builtins.readDir ../hosts)
--- a/nix/microvms.nix
+++ b/nix/microvms.nix
@ -0,0 +1,21 @@
 {
  self,
  nixpkgs,
  ...
 } @ inputs: let
  inherit
    (nixpkgs.lib)
    filterAttrs
    mapAttrs
    nixosSystem
    ;
  microvmNodes = filterAttrs (_: x: x.type == "microvm") self.hosts;
  nodes = mapAttrs (import ./generate-node.nix inputs) microvmNodes;
  generateMicrovmNode = nodeName: _:
    nixosSystem {
      inherit (nodes.${nodeName}) system pkgs specialArgs;
      modules = nodes.${nodeName}.imports;
    };
 in
  mapAttrs generateMicrovmNode nodes
--- a/users/common/nushell.nix
+++ b/users/common/nushell.nix
@ -1,8 +1,4 @@
 {
  lib,
  pkgs,
  ...
 }: {
  programs.nushell = {
    enable = true;
  };