feat: add microvm module to simplify setup

2023-05-08 17:13:40 +02:00 · 2023-05-08 17:13:40 +02:00 · d842d25eb9
commit d842d25eb9
parent 72a34cac01
8 changed files with 99 additions and 28 deletions
--- a/flake.lock
+++ b/flake.lock
@ -258,7 +258,7 @@
      },
      "locked": {
        "lastModified": 1682972682,
-        "narHash": "sha256-IYInF92rLqqVk/dyugT2QVbVeEfYx1rbBJjbUlRD8oE=",
+        "narHash": "sha256-+XyTwr4jZuDlT5l/0LynDVtvdWj8WmAwDEP/2rZ+1hk=",
        "type": "git",
        "url": "file:///root/projects/microvm.nix"
      },
--- a/flake.nix
+++ b/flake.nix
@ -105,7 +105,16 @@
      };

      colmena = import ./nix/colmena.nix inputs;
-      inherit ((colmena.lib.makeHive self.colmena).introspect (x: x)) nodes;
+      colmenaNodes = ((colmena.lib.makeHive self.colmena).introspect (x: x)).nodes;
+      microvmNodes =
+        nixpkgs.lib.concatMapAttrs (
+          nodeName: nodeAttrs:
+            nixpkgs.lib.mapAttrs'
+            (n: nixpkgs.lib.nameValuePair "${nodeName}-microvm-${n}")
+            (self.colmenaNodes.${nodeName}.config.microvm.vms or {})
+        )
+        self.colmenaNodes;
+      nodes = self.colmenaNodes // self.microvmNodes;

      # Collect installer packages
      inherit
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -11,6 +11,7 @@
    ./xdg.nix

    ../../../modules/wireguard.nix
+    ../../../modules/microvms.nix
  ];

  home-manager = {
--- a/hosts/common/core/system.nix
+++ b/hosts/common/core/system.nix
@ -2,6 +2,7 @@
  inputs,
  lib,
  nodeName,
+  nodePath,
  ...
 }: {
  # IP address math library
@ -30,7 +31,7 @@
    # current system due to yubikey availability.
    forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
    hostPubkey = let
-      pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
+      pubkeyPath = "${nodePath}/secrets/host.pub";
    in
      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
      pubkeyPath;
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -2,7 +2,6 @@
  config,
  inputs,
  lib,
-  microvm,
  nixos-hardware,
  pkgs,
  ...
@ -11,8 +10,6 @@
    nixos-hardware.common-cpu-intel
    nixos-hardware.common-pc-ssd

-    microvm.host
-
    ../common/core
    ../common/hardware/intel.nix
    ../common/hardware/physical.nix
@ -28,21 +25,7 @@

  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];

-  microvm.vms = {
-    test = let
-      node =
-        (import ../../nix/generate-node.nix inputs)
-        "ward-microvm-test" {
-          system = "x86_64-linux";
-          config = ./microvms/test;
-        };
-    in {
-      inherit (node) pkgs specialArgs;
-      config = {
-        inherit (node) imports;
-      };
-    };
-  };
+  extra.microvms.test.system = "x86_64-linux";

  #services.authelia.instances.main = {
  #  enable = true;
--- a/hosts/ward/microvms/test/default.nix
+++ b/hosts/ward/microvms/test/default.nix
@ -8,8 +8,6 @@
  ...
 }: {
  imports = [
-    microvm.microvm
-
    ../../../common/core

    ../../../../users/root
--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@ -0,0 +1,78 @@
+{
+  inputs,
+  config,
+  lib,
+  nodeName,
+  nodePath,
+  microvm,
+  pkgs,
+  ...
+}: let
+  inherit
+    (lib)
+    mapAttrs
+    mdDoc
+    mkDefault
+    mkForce
+    mkIf
+    mkOption
+    types
+    ;
+
+  cfg = config.extra.microvms;
+
+  defineMicrovm = vmName: vmCfg: let
+    node =
+      (import ../nix/generate-node.nix inputs)
+      "${nodeName}-microvm-${vmName}" {
+        inherit (vmCfg) system;
+        config = nodePath + "/microvms/${vmName}";
+      };
+  in {
+    inherit (node) pkgs specialArgs;
+    config = {
+      imports = [microvm.microvm] ++ node.imports;
+
+      microvm = {
+        hypervisor = mkDefault "cloud-hypervisor";
+
+        # Share the nix-store of the host
+        shares = [
+          {
+            source = "/nix/store";
+            mountPoint = "/nix/.ro-store";
+            tag = "ro-store";
+            proto = "virtiofs";
+          }
+        ];
+      };
+
+      # TODO change once microvms are compatible with stage-1 systemd
+      boot.initrd.systemd.enable = mkForce false;
+    };
+  };
+in {
+  imports = [microvm.host];
+
+  options.extra.microvms = mkOption {
+    default = {};
+    description = "Provides a base configuration for MicroVMs.";
+    type = types.attrsOf (types.submodule {
+      options = {
+        system = mkOption {
+          type = types.str;
+          description = mdDoc "The system that this microvm should use";
+        };
+      };
+    });
+  };
+
+  config = {
+    microvm = {
+      host.enable = cfg != {};
+      declarativeUpdates = true;
+      restartIfChanged = true;
+      vms = mkIf (cfg != {}) (mapAttrs defineMicrovm cfg);
+    };
+  };
+}
--- a/nix/generate-node.nix
+++ b/nix/generate-node.nix
@ -14,21 +14,22 @@
 } @ inputs: let
  inherit (nixpkgs.lib) optionals;
 in
-  nodeName: nodeMeta: {
+  nodeName: nodeMeta: let
+    nodePath = nodeMeta.config or (../hosts + "/${nodeName}");
+  in {
    inherit (nodeMeta) system;
    pkgs = self.pkgs.${nodeMeta.system};
    specialArgs = {
      inherit (nixpkgs) lib;
      inherit (self) extraLib nodes stateVersion;
-      inherit inputs;
-      inherit nodeName;
+      inherit inputs nodeName nodePath;
      secrets = self.secrets.content;
-      nodeSecrets = self.secrets.content.nodes.${nodeName};
+      nodeSecrets = self.secrets.content.nodes.${nodeName} or {};
      nixos-hardware = nixos-hardware.nixosModules;
      microvm = microvm.nixosModules;
    };
    imports = [
-      (nodeMeta.config or (../hosts + "/${nodeName}"))
+      nodePath # default module
      agenix.nixosModules.default
      agenix-rekey.nixosModules.default
      disko.nixosModules.disko