fix: remove faulty agenix directory early and only if necessary

chore: change default microvm naming scheme to <host>-<name>
2023-05-21 01:29:54 +02:00 · 2023-05-21 01:29:54 +02:00 · 88f1ac54b8
commit 88f1ac54b8
parent 43b2bd1982
9 changed files with 30 additions and 29 deletions
--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@ -48,6 +48,7 @@
    # TODO needed for boot false

    # When installing a microvm, make sure that its persitent zfs dataset exists
+    # TODO make this an activation function before mounting stuff.
    systemd.services."install-microvm-${vmName}".preStart = let
      poolDataset = "${vmCfg.zfs.pool}/${vmCfg.zfs.dataset}";
    in
@ -60,8 +61,11 @@
    microvm.vms.${vmName} = let
      node =
        (import ../nix/generate-node.nix inputs)
-        "${nodeName}-microvm-${vmName}" {
+        # TODO This is duplicated three times. This is microvm naming #1
+        "${nodeName}-${vmName}"
+        {
          inherit (vmCfg) system;
+          # TODO make this configurable (or even disableable)
          config = nodePath + "/microvms/${vmName}";
        };
      mac = net.mac.addPrivate vmCfg.id cfg.networking.baseMac;
@ -282,7 +286,11 @@ in {
    vms = mkOption {
      default = {};
      description = "Defines the actual vms and handles the necessary base setup for them.";
-      type = types.attrsOf (types.submodule ({config, ...}: {
+      type = types.attrsOf (types.submodule ({
+        name,
+        config,
+        ...
+      }: {
        options = {
          id = mkOption {
            type =
@ -362,11 +370,13 @@ in {

            dataset = mkOption {
              type = types.str;
+              default = "safe/vms/${name}";
              description = mdDoc "The host's dataset that should be used for this vm's state (will automatically be created, parent dataset must exist)";
            };

            mountpoint = mkOption {
              type = types.str;
+              default = "/persist/vms/${name}";
              description = mdDoc "The host's mountpoint for the vm's dataset (will be shared via virtofs as /persist in the vm)";
            };
          };
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -46,6 +46,7 @@
      associatedServerNodes
      externalPeerName
      externalPeerNamesRaw
+      networkCidrs
      peerPresharedKeyPath
      peerPresharedKeySecret
      peerPrivateKeyPath
@ -124,9 +125,7 @@
        assertion = isClient -> ((wgCfgOf wgCfg.client.via).server.host != null);
        message = "${assertionPrefix}: The specified via node '${wgCfg.client.via}' must be a wireguard server.";
      }
-      # TODO externalPeers != {} -> ip forwarding
-      # TODO no overlapping cidrs in (external peers + peers using via = this).
-      # TODO no overlapping cidrs between server nodes
+      # TODO at least 3 network participants and (externalPeers != {} or someone has via set to us) -> ip forwarding
    ];

    networking.firewall.allowedUDPPorts =
@ -314,16 +313,6 @@ in {
            type = types.bool;
            description = mdDoc "Whether to keep this connection alive using PersistentKeepalive. Set to false only for networks where client and server IPs are stable.";
          };
-
-          # TODO one option for allowing it, but also one to allow defining two
-          # profiles / interfaces that can be activated manually.
-          #routeAllTraffic = mkOption {
-          #  default = false;
-          #  type = types.bool;
-          #  description = mdDoc ''
-          #    Whether to allow routing all traffic through the via server.
-          #  '';
-          #};
        };

        priority = mkOption {