[sops] test sharing hostkey with vm

2025-01-18 20:27:57 +01:00
parent 68b3da7df8
commit 36ec5f5837
1 changed files with 45 additions and 0 deletions
--- a/outputs.nix
+++ b/outputs.nix
@@ -101,6 +101,51 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
        }).config.microvm.declaredRunner;
    })
    { }
    (builtins.attrNames self.nixosConfigurations) //
    builtins.foldl'
    (result: host:
      let
        inherit (self.nixosConfigurations.${host}) config;
      in
      result // {
        # boot any machine in a microvm
        "${host}-vm-withssh" = (self.nixosConfigurations.${host}.extendModules {
          modules = [{
            microvm = {
              mem = pkgs.lib.mkForce 4096;
              hypervisor = pkgs.lib.mkForce "qemu";
              socket = pkgs.lib.mkForce null;
              shares = pkgs.lib.mkForce [
                {
                  tag = "ro-store";
                  source = "/nix/store";
                  mountPoint = "/nix/.ro-store";
                }
                {
                  source = "/etc/ssh";
                  mountPoint = "/etc/ssh";
                  tag = "etcssh";
                }
              ];
            };
            boot.isContainer = pkgs.lib.mkForce false;
            users.users.root.password = "";
            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
            fileSystems."/etc/ssh" = {
              depends = [ "/etc" ];
              neededForBoot = true;
            };
            services.getty.helpLine = ''
              Log in as "root" with an empty password.
              Use "reboot" to shut qemu down.
            '';
          }] ++ pkgs.lib.optionals (! config ? microvm) [
            microvm.nixosModules.microvm
          ];
        }).config.microvm.declaredRunner;
    })
    { }
    (builtins.attrNames self.nixosConfigurations);
    apps = {