[nix] mv vm overwrites to host_builder

2025-01-22 12:21:33 +01:00
parent 4eea2de7ec
commit 0f3591d111
1 changed files with 2 additions and 81 deletions
--- a/outputs.nix
+++ b/outputs.nix
@@ -15,86 +15,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
    pkgs-unstable = nixpkgs-unstable.legacyPackages."${system}";
    pkgs = nixpkgs.legacyPackages."${system}";
-    vmMicroVMOverwrites = hostname: options: {
+    utils = import ./machines/modules/host_builder.nix ( inputs // { inherit inputs; self = self; });
      microvm = {
        mem = pkgs.lib.mkForce 4096;
        hypervisor = pkgs.lib.mkForce "qemu";
        socket = pkgs.lib.mkForce null;
        shares = pkgs.lib.mkForce ([
          {
            tag = "ro-store";
            source = "/nix/store";
            mountPoint = "/nix/.ro-store";
          }
        ] ++ pkgs.lib.optionals (options.varPath != "") [
          {
            source = "${options.varPath}";
            securityModel = "mapped";
            mountPoint = "/var";
            tag = "var";
          }
        ]);
        interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{
          type = "user";
          id = "eth0";
          mac = "02:23:de:ad:be:ef";
        }]);
      };
      fileSystems = {
        "/".fsType = pkgs.lib.mkForce "tmpfs";
        # prometheus uses a memory mapped file which doesnt seem supported by 9p shares
        # therefore we mount a tmpfs inside the datadir
        "/var/lib/prometheus2/data" = pkgs.lib.mkIf (hostname == "overwatch" && options.varPath != "") (pkgs.lib.mkForce {
          fsType = pkgs.lib.mkForce "tmpfs";
        });
      };
      boot.isContainer = pkgs.lib.mkForce false;
      services.timesyncd.enable = false;
      users.users.root.password = "";
      services.getty.helpLine = ''
        Log in as "root" with an empty password.
        Use "reboot" to shut qemu down.
      '';
    };
    vmDiskoOverwrites = {
      boot.initrd = {
        secrets = pkgs.lib.mkForce {};
        network.ssh.enable = pkgs.lib.mkForce false;
      };
      malobeo.disks.enable = pkgs.lib.mkForce false;
      networking.hostId = "a3c3101f";
    };
    vmSopsOverwrites = host: {
      sops.defaultSopsFile = pkgs.lib.mkForce ./machines/${host}/dummy.yaml;
      environment.etc = {
        devHostKey = {
          source = ./machines/secrets/devkey_ed25519;
          mode = "0600";
        };
      };
      services.openssh.hostKeys = [{
        path = "/etc/devHostKey";
        type = "ed25519";
      }];
    };
    buildVM = host: networking: sopsDummy: disableDisko: varPath: (self.nixosConfigurations.${host}.extendModules {
        modules = [
          (vmMicroVMOverwrites host { withNetworking = networking; varPath = "${varPath}"; })
          (if sopsDummy then (vmSopsOverwrites host) else {})
          (if disableDisko then vmDiskoOverwrites else {})
        ] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [
          microvm.nixosModules.microvm
        ];
      }).config.microvm.declaredRunner;
  in
  {
    devShells.default =
@@ -130,7 +51,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
      scripts.run-vm = self.packages.${system}.run-vm;
    };
-    vmBuilder = buildVM;
+    vmBuilder = utils.buildVM;
    packages = {
      docs = pkgs.stdenv.mkDerivation {