feat: wip: add container backend to guests

2025-10-11 07:10:39 +02:00 · 2023-12-17 02:04:20 +01:00 · 2023-12-17 02:04:20 +01:00 · abb8330d86
commit abb8330d86
parent 83f1908e21
23 changed files with 256 additions and 208 deletions
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -43,17 +43,13 @@
  # TODO track my github stats
  # services.telegraf.extraConfig.inputs.github = {};

-  meta.microvms.commonImports = [
-    ../../modules
-    ./microvms/common.nix
-  ];
-
  #guests.adguardhome = {
  #  backend = "microvm";
  #  microvm = {
  #    system = "x86_64-linux";
-  #    autostart = true;
+  #    macvtapInterface = "lan";
  #  };
+  #  autostart = true;
  #  zfs = {
  #    enable = true;
  #    pool = "rpool";
@ -62,53 +58,47 @@
  #};

  guests = let
-    mkMicrovm = system: module: {
-      backend = "microvm";
-      microvm = {
-        system = "x86_64-linux";
-        autostart = true;
-      };
-      zfs = {
-        enable = true;
-        pool = "rpool";
-      };
-      modules = [
-        ../../modules
-        module
-      ];
-    };
-  in {
-    adguardhome = mkMicrovm "x86_64-linux" ./guests/adguardhome.nix;
-  };
-
-  meta.microvms.vms = let
-    defaultConfig = name: {
-      system = "x86_64-linux";
+    mkGuest = mainModule: {
      autostart = true;
      zfs = {
        enable = true;
        pool = "rpool";
      };
      modules = [
-        # XXX: this could be interpolated in-place but statix has a bug https://github.com/nerdypepper/statix/issues/75
-        (./microvms + "/${name}.nix")
-        {node.secretsDir = ./secrets + "/${name}";}
+        ../../modules
+        ./guests/common.nix
+        ({config, ...}: {node.secretsDir = ./secrets + "/${config.node.name}";})
+        mainModule
      ];
    };
+
+    mkMicrovm = system: mainModule:
+      mkGuest mainModule
+      // {
+        backend = "microvm";
+        microvm = {
+          system = "x86_64-linux";
+          macvtapInterface = "lan";
+        };
+      };
+
+    mkContainer = mainModule:
+      mkGuest mainModule
+      // {
+        backend = "container";
+        container.macvlan = "lan";
+      };
  in
-    lib.mkIf (!minimal) (
-      lib.genAttrs [
-        "adguardhome"
-        "forgejo"
-        "grafana"
-        "influxdb"
-        "kanidm"
-        "loki"
-        "paperless"
-        "vaultwarden"
-      ]
-      defaultConfig
-    );
+    lib.mkIf (!minimal) {
+      adguardhome = mkContainer ./guests/adguardhome.nix;
+      forgejo = mkContainer ./guests/forgejo.nix;
+      grafana = mkContainer ./guests/grafana.nix;
+      influxdb = mkContainer ./guests/influxdb.nix;
+      kanidm = mkContainer ./guests/kanidm.nix;
+      loki = mkContainer ./guests/loki.nix;
+      paperless = mkContainer ./guests/paperless.nix;
+      vaultwarden = mkContainer ./guests/vaultwarden.nix;
+    };

  #ddclient = defineVm;
  #samba+wsdd = defineVm;
--- a/hosts/ward/microvms/adguardhome.nix
+++ b/hosts/ward/microvms/adguardhome.nix
--- a/hosts/ward/microvms/common.nix
+++ b/hosts/ward/microvms/common.nix
--- a/hosts/ward/microvms/forgejo.nix
+++ b/hosts/ward/microvms/forgejo.nix
--- a/hosts/ward/microvms/grafana.nix
+++ b/hosts/ward/microvms/grafana.nix
--- a/hosts/ward/microvms/immich.nix
+++ b/hosts/ward/microvms/immich.nix
--- a/hosts/ward/microvms/influxdb.nix
+++ b/hosts/ward/microvms/influxdb.nix
--- a/hosts/ward/microvms/kanidm.nix
+++ b/hosts/ward/microvms/kanidm.nix
--- a/hosts/ward/microvms/loki.nix
+++ b/hosts/ward/microvms/loki.nix
--- a/hosts/ward/microvms/paperless.nix
+++ b/hosts/ward/microvms/paperless.nix
@ -6,9 +6,8 @@
  sentinelCfg = nodes.sentinel.config;
  paperlessDomain = "paperless.${sentinelCfg.repo.secrets.local.personalDomain}";
 in {
-  microvm.mem = 1024 * 12;
-  # XXX: increase once real hardware is used
-  microvm.vcpu = 4;
+  # XXX: remove microvm.mem = 1024 * 12;
+  # XXX: remove microvm.vcpu = 4;

  meta.wireguard-proxy.sentinel.allowedTCPPorts = [
    config.services.paperless.port
--- a/hosts/ward/microvms/vaultwarden.nix
+++ b/hosts/ward/microvms/vaultwarden.nix
--- a/hosts/ward/kea.nix
+++ b/hosts/ward/kea.nix
@ -45,12 +45,12 @@ in {
              data = net.cidr.host 1 lanCidrv4;
            }
          ];
-          reservations = [
-            {
-              hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;
-              ip-address = dnsIp;
-            }
-          ];
+          # TODO reservations = [
+          # TODO   {
+          # TODO     hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;
+          # TODO     ip-address = dnsIp;
+          # TODO   }
+          # TODO ];
        }
      ];
    };
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@ -124,11 +124,6 @@ in {
    };
  };

-  meta.microvms.networking = {
-    baseMac = config.repo.secrets.local.networking.interfaces.lan.mac;
-    macvtapInterface = "lan";
-  };
-
  # Allow accessing influx
  meta.wireguard.proxy-sentinel.client.via = "sentinel";
 }