fix: remove faulty agenix directory early and only if necessary

chore: change default microvm naming scheme to <host>-<name>

flake.nix

@@ -108,12 +108,12 @@
       colmena = import ./nix/colmena.nix inputs;
       colmenaNodes = ((colmena.lib.makeHive self.colmena).introspect (x: x)).nodes;
       microvmNodes =
-        nixpkgs.lib.concatMapAttrs (
+        nixpkgs.lib.concatMapAttrs
-          nodeName: nodeAttrs:
+        (nodeName: nodeAttrs:
           nixpkgs.lib.mapAttrs'
-            (n: nixpkgs.lib.nameValuePair "${nodeName}-microvm-${n}")
+          # TODO This is duplicated three times. This is microvm naming #3
-            (self.colmenaNodes.${nodeName}.config.microvm.vms or {})
+          (n: nixpkgs.lib.nameValuePair "${nodeName}-${n}")
-        )
+          (self.colmenaNodes.${nodeName}.config.microvm.vms or {}))
         self.colmenaNodes;
       nodes = self.colmenaNodes // self.microvmNodes;
 

hosts/common/core/system.nix

@@ -210,8 +210,8 @@
   # to create a link called /run/agenix. Agenix should probably fail in this case,
   # but doesn't and instead puts the generation link into the existing directory.
   # TODO See https://github.com/ryantm/agenix/pull/187.
-  system.activationScripts.removeAgenixLink.text = "[[ -d /run/agenix ]] && rm -rf /run/agenix";
+  system.activationScripts.removeAgenixLink.text = "[[ ! -L /run/agenix ]] && [[ -d /run/agenix ]] && rm -rf /run/agenix";
-  system.activationScripts.agenixInstall.deps = ["removeAgenixLink"];
+  system.activationScripts.agenixNewGeneration.deps = ["removeAgenixLink"];
 
   # Disable sudo which is entierly unnecessary.
   security.sudo.enable = false;

hosts/ward/default.nix

@@ -25,17 +25,18 @@
 
   boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];
 
-  extra.microvms = {
+  extra.microvms.vms = let
-    vms.test = {
+    defineVm = id: {
-      id = 11;
+      inherit id;
       system = "x86_64-linux";
       autostart = true;
       zfs = {
         enable = true;
         pool = "rpool";
-        dataset = "safe/vms/test";
-        mountpoint = "/persist/vms/test";
       };
     };
+  in {
+    test = defineVm 11;
+    #hi = defineVm 12;
   };
 }

modules/microvms.nix

@@ -48,6 +48,7 @@
     # TODO needed for boot false
 
     # When installing a microvm, make sure that its persitent zfs dataset exists
+    # TODO make this an activation function before mounting stuff.
     systemd.services."install-microvm-${vmName}".preStart = let
       poolDataset = "${vmCfg.zfs.pool}/${vmCfg.zfs.dataset}";
     in
@@ -60,8 +61,11 @@
     microvm.vms.${vmName} = let
       node =
         (import ../nix/generate-node.nix inputs)
-        "${nodeName}-microvm-${vmName}" {
+        # TODO This is duplicated three times. This is microvm naming #1
+        "${nodeName}-${vmName}"
+        {
           inherit (vmCfg) system;
+          # TODO make this configurable (or even disableable)
           config = nodePath + "/microvms/${vmName}";
         };
       mac = net.mac.addPrivate vmCfg.id cfg.networking.baseMac;
@@ -282,7 +286,11 @@ in {
     vms = mkOption {
       default = {};
       description = "Defines the actual vms and handles the necessary base setup for them.";
-      type = types.attrsOf (types.submodule ({config, ...}: {
+      type = types.attrsOf (types.submodule ({
+        name,
+        config,
+        ...
+      }: {
         options = {
           id = mkOption {
             type =
@@ -362,11 +370,13 @@ in {
 
             dataset = mkOption {
               type = types.str;
+              default = "safe/vms/${name}";
               description = mdDoc "The host's dataset that should be used for this vm's state (will automatically be created, parent dataset must exist)";
             };
 
             mountpoint = mkOption {
               type = types.str;
+              default = "/persist/vms/${name}";
               description = mdDoc "The host's mountpoint for the vm's dataset (will be shared via virtofs as /persist in the vm)";
             };
           };

modules/wireguard.nix

@@ -46,6 +46,7 @@
       associatedServerNodes
       externalPeerName
       externalPeerNamesRaw
+      networkCidrs
       peerPresharedKeyPath
       peerPresharedKeySecret
       peerPrivateKeyPath
@@ -124,9 +125,7 @@
         assertion = isClient -> ((wgCfgOf wgCfg.client.via).server.host != null);
         message = "${assertionPrefix}: The specified via node '${wgCfg.client.via}' must be a wireguard server.";
       }
-      # TODO externalPeers != {} -> ip forwarding
+      # TODO at least 3 network participants and (externalPeers != {} or someone has via set to us) -> ip forwarding
-      # TODO no overlapping cidrs in (external peers + peers using via = this).
-      # TODO no overlapping cidrs between server nodes
     ];
 
     networking.firewall.allowedUDPPorts =
@@ -314,16 +313,6 @@ in {
             type = types.bool;
             description = mdDoc "Whether to keep this connection alive using PersistentKeepalive. Set to false only for networks where client and server IPs are stable.";
           };
-
-          # TODO one option for allowing it, but also one to allow defining two
-          # profiles / interfaces that can be activated manually.
-          #routeAllTraffic = mkOption {
-          #  default = false;
-          #  type = types.bool;
-          #  description = mdDoc ''
-          #    Whether to allow routing all traffic through the via server.
-          #  '';
-          #};
         };
 
         priority = mkOption {

nix/secrets.nix

@@ -53,7 +53,8 @@
   # Returns all defined microvms with name and definition for a given node
   microvmDefsFor = nodeName:
     map
-    (microvmName: nameValuePair "${nodeName}-microvm-${microvmName}" ../hosts/${nodeName}/microvms/${microvmName})
+    # TODO This is duplicated three times. This is microvm naming #2
+    (microvmName: nameValuePair "${nodeName}-${microvmName}" ../hosts/${nodeName}/microvms/${microvmName})
     (microvmsFor nodeName);
   # A attrset mapping all microvm nodes to its definition folder
   microvms = listToAttrs (concatMap microvmDefsFor nodesWithMicrovms);