From cc2397669dd33ae785fcb85d6183dcc702ba5501 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Tue, 23 May 2023 01:09:37 +0200
Subject: [PATCH] feat: allow microvms to override configPath

---
 hosts/common/core/default.nix |  9 +++++++
 hosts/nom/default.nix         |  1 -
 hosts/ward/default.nix        | 21 +++++++++------
 hosts/zackbiene/default.nix   |  2 --
 modules/microvms.nix          | 48 +++++++++++++++++++++--------------
 nix/colmena.nix               |  2 +-
 nix/generate-node.nix         | 44 ++++++++++++++++----------------
 7 files changed, 74 insertions(+), 53 deletions(-)

diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
index dfff921..ebdc209 100644
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -10,6 +10,8 @@
     ./system.nix
     ./xdg.nix
 
+    ../../../users/root
+
     ../../../modules/interface-naming.nix
     ../../../modules/microvms.nix
     ../../../modules/wireguard.nix
@@ -22,6 +24,13 @@
     verbose = true;
   };
 
+  # If the host defines microvms, ensure that this core module and
+  # some boilerplate is imported automatically.
+  extra.microvms.commonImports = [
+    ./.
+    {home-manager.users.root.home.minimal = true;}
+  ];
+
   # Required even when using home-manager's zsh module since the /etc/profile load order
   # is partly controlled by this. See nix-community/home-manager#3681.
   programs.zsh.enable = true;
diff --git a/hosts/nom/default.nix b/hosts/nom/default.nix
index 66aa57e..077bc29 100644
--- a/hosts/nom/default.nix
+++ b/hosts/nom/default.nix
@@ -22,7 +22,6 @@
     ../common/yubikey.nix
     ../common/zfs.nix
 
-    ../../users/root
     ../../users/myuser
 
     ./fs.nix
diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix
index ec90811..844a0e3 100644
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@@ -15,8 +15,6 @@
     ../common/efi.nix
     ../common/zfs.nix
 
-    ../../users/root
-
     ./fs.nix
     ./net.nix
   ];
@@ -35,15 +33,22 @@
     };
   in {
     test = defineVm 11;
+
+    #nginx = defineVm 12;
+    #kanidm = defineVm 13;
+    #gitea = defineVm 14;
+    #vaultwarden = defineVm 15;
+    #samba = defineVm 16;
+    #fasten-health = defineVm 17;
+    #immich = defineVm 18;
+    #paperless = defineVm 19;
+
+    #kanidm = defineVm 12 // {
+    #  configPath = ./vm-test.nix;
+    #};
   };
 
   microvm.vms.test.config = {
-    imports = [
-      ../common/core
-      ../../users/root
-    ];
-
-    home-manager.users.root.home.minimal = true;
     rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXXjI6uB26xOF0DPy/QyLladoGIKfAtofyqPgIkCH/g";
   };
 }
diff --git a/hosts/zackbiene/default.nix b/hosts/zackbiene/default.nix
index 7666d4c..9f1fe06 100644
--- a/hosts/zackbiene/default.nix
+++ b/hosts/zackbiene/default.nix
@@ -13,8 +13,6 @@
     #../common/initrd-ssh.nix
     ../common/zfs.nix
 
-    ../../users/root
-
     ./fs.nix
     ./net.nix
 
diff --git a/modules/microvms.nix b/modules/microvms.nix
index 48bf1e8..e6df39c 100644
--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@@ -89,25 +89,9 @@
       };
 
     microvm.vms.${vmName} = let
-      # Loads configuration from a subfolder of this nodes configuration, if it exists.
-      configPath =
-        if nodePath == null
-        then null
-        else nodePath + "/microvms/${vmName}";
-
-      node =
-        (import ../nix/generate-node.nix inputs)
-        vmCfg.nodeName
-        {
-          inherit (vmCfg) system;
-          # Load configPath, if it exists.
-          ${
-            if configPath != null && builtins.pathExists configPath
-            then "config"
-            else null
-          } =
-            configPath;
-        };
+      node = import ../nix/generate-node.nix inputs vmCfg.nodeName {
+        inherit (vmCfg) system configPath;
+      };
       mac = net.mac.addPrivate vmCfg.id cfg.networking.baseMac;
     in {
       # Allow children microvms to know which node is their parent
@@ -265,6 +249,12 @@ in {
   ];
 
   options.extra.microvms = {
+    commonImports = mkOption {
+      type = types.listOf types.unspecified;
+      default = [];
+      description = mdDoc "Modules to import on all microvms.";
+    };
+
     networking = {
       baseMac = mkOption {
         type = net.types.mac;
@@ -353,6 +343,26 @@ in {
             '';
           };
 
+          configPath = mkOption {
+            type = types.nullOr types.path;
+            default =
+              if nodePath != null && builtins.pathExists (nodePath + "/microvms/${name}")
+              then nodePath + "/microvms/${name}"
+              else null;
+            description = mdDoc ''
+              The main configuration directory for this microvm. If not-null, the given
+              directory will automatically be imported as system configuration. It will
+              become the nodePath for the microvm meaning that some machine-specific files
+              may be referenced there automatically (for example host.pub).
+
+              This can also be set to a file, which will then simply be used as the main
+              import for configuration, without setting a nodePath.
+
+              By default this will be set to the current node's <nodePath>/microvms/<vmname>
+              if the current nodePath is non-null and the directory exists.
+            '';
+          };
+
           id = mkOption {
             type =
               types.addCheck types.int (x: x > 1)
diff --git a/nix/colmena.nix b/nix/colmena.nix
index b24957e..46e8ef6 100644
--- a/nix/colmena.nix
+++ b/nix/colmena.nix
@@ -12,7 +12,7 @@
   nixosNodes = filterAttrs (_: x: x.type == "nixos") self.hosts;
   nodes =
     mapAttrs
-    (n: v: import ./generate-node.nix inputs n ({config = ../hosts/${n};} // v))
+    (n: v: import ./generate-node.nix inputs n ({configPath = ../hosts/${n};} // v))
     nixosNodes;
 in
   {
diff --git a/nix/generate-node.nix b/nix/generate-node.nix
index 0383cd8..cea8d1a 100644
--- a/nix/generate-node.nix
+++ b/nix/generate-node.nix
@@ -11,31 +11,31 @@
   nixos-nftables-firewall,
   nixpkgs,
   ...
-} @ inputs: let
-  inherit (nixpkgs.lib) optionals;
-  pathOrNull = x:
-    if builtins.isPath x
-    then x
-    else null;
-in
-  nodeName: nodeMeta: {
-    inherit (nodeMeta) system;
-    pkgs = self.pkgs.${nodeMeta.system};
-    specialArgs = {
-      inherit (nixpkgs) lib;
-      inherit (self) extraLib nodes stateVersion;
-      inherit inputs nodeName;
-      nodePath = pathOrNull (nodeMeta.config or null);
-      nixos-hardware = nixos-hardware.nixosModules;
-      microvm = microvm.nixosModules;
-    };
-    imports = [
-      (nodeMeta.config or {})
+} @ inputs: nodeName: {configPath ? null, ...} @ nodeMeta: let
+  inherit (nixpkgs.lib) optional pathIsDirectory;
+in {
+  inherit (nodeMeta) system;
+  pkgs = self.pkgs.${nodeMeta.system};
+  specialArgs = {
+    inherit (nixpkgs) lib;
+    inherit (self) extraLib nodes stateVersion;
+    inherit inputs nodeName;
+    # Only set the nodePath if it is an actual directory
+    nodePath =
+      if builtins.isPath configPath && pathIsDirectory configPath
+      then configPath
+      else null;
+    nixos-hardware = nixos-hardware.nixosModules;
+    microvm = microvm.nixosModules;
+  };
+  imports =
+    [
       agenix.nixosModules.default
       agenix-rekey.nixosModules.default
       disko.nixosModules.disko
       home-manager.nixosModules.default
       impermanence.nixosModules.impermanence
       nixos-nftables-firewall.nixosModules.default
-    ];
-  }
+    ]
+    ++ optional (configPath != null) configPath;
+}