Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Flake: add microvm

Browse Source
This commit is contained in:
David Crompton
2025-04-01 18:51:28 +00:00
parent d5e663c6d8
commit d24f3fc198
4 changed files with 122 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
flake.lock generated
View File

@@ -36,6 +36,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@@ -127,6 +145,28 @@
"url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git" "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
} }
}, },
"microvm": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1743083165,
"narHash": "sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "773d5a04e2e10ca7b412270dea11276a496e1b61",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -185,6 +225,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"lix-module": "lix-module", "lix-module": "lix-module",
"me-emacs": "me-emacs", "me-emacs": "me-emacs",
"microvm": "microvm",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@@ -208,6 +249,22 @@
"type": "github" "type": "github"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1733308308,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main",
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 792,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@@ -237,6 +294,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

5
flake.nix
View File

@@ -12,9 +12,11 @@
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
microvm.url = "github:astro/microvm.nix";
microvm.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module }@inputs: let outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm }@inputs: let
overlays = import ./overlays/default.nix inputs; overlays = import ./overlays/default.nix inputs;
modules = import ./modules/default.nix inputs; modules = import ./modules/default.nix inputs;
@@ -68,6 +70,7 @@
./machines/pericyte/configuration.nix ./machines/pericyte/configuration.nix
modules.sops modules.sops
# lix-module.nixosModules.default # lix-module.nixosModules.default
microvm.nixosModules.host
]; ];
}; };
}; };

2
machines/pericyte/configuration.nix
View File

@@ -3,6 +3,8 @@
./hardware-configuration.nix ./hardware-configuration.nix
"${inputs.nixpkgs}/nixos/modules/profiles/headless.nix" "${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
"${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix" "${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
./microvm-configuration.nix
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];

44
machines/pericyte/microvm-configuration.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, ... }: {
networking.useNetworkd = true;
systemd.network.netdevs."10-microvm".netdevConfig = {
Kind = "bridge";
Name = "microvm";
};
systemd.network.networks."10-microvm" = {
matchConfig.Name = "microvm";
networkConfig = {
DHCPServer = true;
IPv6SendRA = true;
};
addresses = [ {
addressConfig.Address = "10.1.0.1/24";
} {
addressConfig.Address = "fd12:3456:789a::1/64";
} ];
ipv6Prefixes = [ {
ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
} ];
};
systemd.network.networks."11-microvm" = {
matchConfig.Name = "vm-*";
# Attach to the bridge that was configured above
networkConfig.Bridge = "microvm";
};
# Allow inbound traffic for the DHCP server
networking.firewall.allowedUDPPorts = [ 67 ];
networking.nat = {
enable = true;
# NAT66 exists and works. But if you have a proper subnet in
# 2000::/3 you should route that and remove this setting:
enableIPv6 = true;
# Change this to the interface with upstream Internet access
externalInterface = "ens3";
# The bridge where you want to provide Internet access
internalInterfaces = [ "microvm" ];
};
}