feat: allow microvms to override configPath

hosts/common/core/default.nix

@@ -10,6 +10,8 @@
     ./system.nix
     ./xdg.nix
 
+    ../../../users/root
+
     ../../../modules/interface-naming.nix
     ../../../modules/microvms.nix
     ../../../modules/wireguard.nix
@@ -22,6 +24,13 @@
     verbose = true;
   };
 
+  # If the host defines microvms, ensure that this core module and
+  # some boilerplate is imported automatically.
+  extra.microvms.commonImports = [
+    ./.
+    {home-manager.users.root.home.minimal = true;}
+  ];
+
   # Required even when using home-manager's zsh module since the /etc/profile load order
   # is partly controlled by this. See nix-community/home-manager#3681.
   programs.zsh.enable = true;

hosts/nom/default.nix

@@ -22,7 +22,6 @@
     ../common/yubikey.nix
     ../common/zfs.nix
 
-    ../../users/root
     ../../users/myuser
 
     ./fs.nix

hosts/ward/default.nix

@@ -15,8 +15,6 @@
     ../common/efi.nix
     ../common/zfs.nix
 
-    ../../users/root
-
     ./fs.nix
     ./net.nix
   ];
@@ -35,15 +33,22 @@
     };
   in {
     test = defineVm 11;
+
+    #nginx = defineVm 12;
+    #kanidm = defineVm 13;
+    #gitea = defineVm 14;
+    #vaultwarden = defineVm 15;
+    #samba = defineVm 16;
+    #fasten-health = defineVm 17;
+    #immich = defineVm 18;
+    #paperless = defineVm 19;
+
+    #kanidm = defineVm 12 // {
+    #  configPath = ./vm-test.nix;
+    #};
   };
 
   microvm.vms.test.config = {
-    imports = [
-      ../common/core
-      ../../users/root
-    ];
-
-    home-manager.users.root.home.minimal = true;
     rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXXjI6uB26xOF0DPy/QyLladoGIKfAtofyqPgIkCH/g";
   };
 }

hosts/zackbiene/default.nix

@@ -13,8 +13,6 @@
     #../common/initrd-ssh.nix
     ../common/zfs.nix
 
-    ../../users/root
-
     ./fs.nix
     ./net.nix
 

modules/microvms.nix

@@ -89,25 +89,9 @@
       };
 
     microvm.vms.${vmName} = let
-      # Loads configuration from a subfolder of this nodes configuration, if it exists.
+      node = import ../nix/generate-node.nix inputs vmCfg.nodeName {
-      configPath =
+        inherit (vmCfg) system configPath;
-        if nodePath == null
+      };
-        then null
-        else nodePath + "/microvms/${vmName}";
-
-      node =
-        (import ../nix/generate-node.nix inputs)
-        vmCfg.nodeName
-        {
-          inherit (vmCfg) system;
-          # Load configPath, if it exists.
-          ${
-            if configPath != null && builtins.pathExists configPath
-            then "config"
-            else null
-          } =
-            configPath;
-        };
       mac = net.mac.addPrivate vmCfg.id cfg.networking.baseMac;
     in {
       # Allow children microvms to know which node is their parent
@@ -265,6 +249,12 @@ in {
   ];
 
   options.extra.microvms = {
+    commonImports = mkOption {
+      type = types.listOf types.unspecified;
+      default = [];
+      description = mdDoc "Modules to import on all microvms.";
+    };
+
     networking = {
       baseMac = mkOption {
         type = net.types.mac;
@@ -353,6 +343,26 @@ in {
             '';
           };
 
+          configPath = mkOption {
+            type = types.nullOr types.path;
+            default =
+              if nodePath != null && builtins.pathExists (nodePath + "/microvms/${name}")
+              then nodePath + "/microvms/${name}"
+              else null;
+            description = mdDoc ''
+              The main configuration directory for this microvm. If not-null, the given
+              directory will automatically be imported as system configuration. It will
+              become the nodePath for the microvm meaning that some machine-specific files
+              may be referenced there automatically (for example host.pub).
+
+              This can also be set to a file, which will then simply be used as the main
+              import for configuration, without setting a nodePath.
+
+              By default this will be set to the current node's <nodePath>/microvms/<vmname>
+              if the current nodePath is non-null and the directory exists.
+            '';
+          };
+
           id = mkOption {
             type =
               types.addCheck types.int (x: x > 1)

nix/colmena.nix

@@ -12,7 +12,7 @@
   nixosNodes = filterAttrs (_: x: x.type == "nixos") self.hosts;
   nodes =
     mapAttrs
-    (n: v: import ./generate-node.nix inputs n ({config = ../hosts/${n};} // v))
+    (n: v: import ./generate-node.nix inputs n ({configPath = ../hosts/${n};} // v))
     nixosNodes;
 in
   {

nix/generate-node.nix

@@ -11,31 +11,31 @@
   nixos-nftables-firewall,
   nixpkgs,
   ...
-} @ inputs: let
+} @ inputs: nodeName: {configPath ? null, ...} @ nodeMeta: let
-  inherit (nixpkgs.lib) optionals;
+  inherit (nixpkgs.lib) optional pathIsDirectory;
-  pathOrNull = x:
+in {
-    if builtins.isPath x
+  inherit (nodeMeta) system;
-    then x
+  pkgs = self.pkgs.${nodeMeta.system};
-    else null;
+  specialArgs = {
-in
+    inherit (nixpkgs) lib;
-  nodeName: nodeMeta: {
+    inherit (self) extraLib nodes stateVersion;
-    inherit (nodeMeta) system;
+    inherit inputs nodeName;
-    pkgs = self.pkgs.${nodeMeta.system};
+    # Only set the nodePath if it is an actual directory
-    specialArgs = {
+    nodePath =
-      inherit (nixpkgs) lib;
+      if builtins.isPath configPath && pathIsDirectory configPath
-      inherit (self) extraLib nodes stateVersion;
+      then configPath
-      inherit inputs nodeName;
+      else null;
-      nodePath = pathOrNull (nodeMeta.config or null);
+    nixos-hardware = nixos-hardware.nixosModules;
-      nixos-hardware = nixos-hardware.nixosModules;
+    microvm = microvm.nixosModules;
-      microvm = microvm.nixosModules;
+  };
-    };
+  imports =
-    imports = [
+    [
-      (nodeMeta.config or {})
       agenix.nixosModules.default
       agenix-rekey.nixosModules.default
       disko.nixosModules.disko
       home-manager.nixosModules.default
       impermanence.nixosModules.impermanence
       nixos-nftables-firewall.nixosModules.default
-    ];
+    ]
-  }
+    ++ optional (configPath != null) configPath;
+}