feat: allow microvms to override configPath

2023-05-23 01:09:37 +02:00 · 2023-05-23 01:09:37 +02:00 · cc2397669d
commit cc2397669d
parent f65b217a92
7 changed files with 74 additions and 53 deletions
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -10,6 +10,8 @@
    ./system.nix
    ./xdg.nix

+    ../../../users/root
+
    ../../../modules/interface-naming.nix
    ../../../modules/microvms.nix
    ../../../modules/wireguard.nix
@ -22,6 +24,13 @@
    verbose = true;
  };

+  # If the host defines microvms, ensure that this core module and
+  # some boilerplate is imported automatically.
+  extra.microvms.commonImports = [
+    ./.
+    {home-manager.users.root.home.minimal = true;}
+  ];
+
  # Required even when using home-manager's zsh module since the /etc/profile load order
  # is partly controlled by this. See nix-community/home-manager#3681.
  programs.zsh.enable = true;
--- a/hosts/nom/default.nix
+++ b/hosts/nom/default.nix
@ -22,7 +22,6 @@
    ../common/yubikey.nix
    ../common/zfs.nix

-    ../../users/root
    ../../users/myuser

    ./fs.nix
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -15,8 +15,6 @@
    ../common/efi.nix
    ../common/zfs.nix

-    ../../users/root
-
    ./fs.nix
    ./net.nix
  ];
@ -35,15 +33,22 @@
    };
  in {
    test = defineVm 11;
+
+    #nginx = defineVm 12;
+    #kanidm = defineVm 13;
+    #gitea = defineVm 14;
+    #vaultwarden = defineVm 15;
+    #samba = defineVm 16;
+    #fasten-health = defineVm 17;
+    #immich = defineVm 18;
+    #paperless = defineVm 19;
+
+    #kanidm = defineVm 12 // {
+    #  configPath = ./vm-test.nix;
+    #};
  };

  microvm.vms.test.config = {
-    imports = [
-      ../common/core
-      ../../users/root
-    ];
-
-    home-manager.users.root.home.minimal = true;
    rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXXjI6uB26xOF0DPy/QyLladoGIKfAtofyqPgIkCH/g";
  };
 }
--- a/hosts/zackbiene/default.nix
+++ b/hosts/zackbiene/default.nix
@ -13,8 +13,6 @@
    #../common/initrd-ssh.nix
    ../common/zfs.nix

-    ../../users/root
-
    ./fs.nix
    ./net.nix

--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@ -89,24 +89,8 @@
      };

    microvm.vms.${vmName} = let
-      # Loads configuration from a subfolder of this nodes configuration, if it exists.
-      configPath =
-        if nodePath == null
-        then null
-        else nodePath + "/microvms/${vmName}";
-
-      node =
-        (import ../nix/generate-node.nix inputs)
-        vmCfg.nodeName
-        {
-          inherit (vmCfg) system;
-          # Load configPath, if it exists.
-          ${
-            if configPath != null && builtins.pathExists configPath
-            then "config"
-            else null
-          } =
-            configPath;
+      node = import ../nix/generate-node.nix inputs vmCfg.nodeName {
+        inherit (vmCfg) system configPath;
      };
      mac = net.mac.addPrivate vmCfg.id cfg.networking.baseMac;
    in {
@ -265,6 +249,12 @@ in {
  ];

  options.extra.microvms = {
+    commonImports = mkOption {
+      type = types.listOf types.unspecified;
+      default = [];
+      description = mdDoc "Modules to import on all microvms.";
+    };
+
    networking = {
      baseMac = mkOption {
        type = net.types.mac;
@ -353,6 +343,26 @@ in {
            '';
          };

+          configPath = mkOption {
+            type = types.nullOr types.path;
+            default =
+              if nodePath != null && builtins.pathExists (nodePath + "/microvms/${name}")
+              then nodePath + "/microvms/${name}"
+              else null;
+            description = mdDoc ''
+              The main configuration directory for this microvm. If not-null, the given
+              directory will automatically be imported as system configuration. It will
+              become the nodePath for the microvm meaning that some machine-specific files
+              may be referenced there automatically (for example host.pub).
+
+              This can also be set to a file, which will then simply be used as the main
+              import for configuration, without setting a nodePath.
+
+              By default this will be set to the current node's <nodePath>/microvms/<vmname>
+              if the current nodePath is non-null and the directory exists.
+            '';
+          };
+
          id = mkOption {
            type =
              types.addCheck types.int (x: x > 1)
--- a/nix/colmena.nix
+++ b/nix/colmena.nix
@ -12,7 +12,7 @@
  nixosNodes = filterAttrs (_: x: x.type == "nixos") self.hosts;
  nodes =
    mapAttrs
-    (n: v: import ./generate-node.nix inputs n ({config = ../hosts/${n};} // v))
+    (n: v: import ./generate-node.nix inputs n ({configPath = ../hosts/${n};} // v))
    nixosNodes;
 in
  {
--- a/nix/generate-node.nix
+++ b/nix/generate-node.nix
@ -11,31 +11,31 @@
  nixos-nftables-firewall,
  nixpkgs,
  ...
-} @ inputs: let
-  inherit (nixpkgs.lib) optionals;
-  pathOrNull = x:
-    if builtins.isPath x
-    then x
-    else null;
-in
-  nodeName: nodeMeta: {
+} @ inputs: nodeName: {configPath ? null, ...} @ nodeMeta: let
+  inherit (nixpkgs.lib) optional pathIsDirectory;
+in {
  inherit (nodeMeta) system;
  pkgs = self.pkgs.${nodeMeta.system};
  specialArgs = {
    inherit (nixpkgs) lib;
    inherit (self) extraLib nodes stateVersion;
    inherit inputs nodeName;
-      nodePath = pathOrNull (nodeMeta.config or null);
+    # Only set the nodePath if it is an actual directory
+    nodePath =
+      if builtins.isPath configPath && pathIsDirectory configPath
+      then configPath
+      else null;
    nixos-hardware = nixos-hardware.nixosModules;
    microvm = microvm.nixosModules;
  };
-    imports = [
-      (nodeMeta.config or {})
+  imports =
+    [
      agenix.nixosModules.default
      agenix-rekey.nixosModules.default
      disko.nixosModules.disko
      home-manager.nixosModules.default
      impermanence.nixosModules.impermanence
      nixos-nftables-firewall.nixosModules.default
-    ];
-  }
+    ]
+    ++ optional (configPath != null) configPath;
+}