[sops] test sharing hostkey with vm

2025-01-18 20:27:57 +01:00
parent 68b3da7df8
commit 36ec5f5837
1 changed files with 45 additions and 0 deletions
--- a/outputs.nix
+++ b/outputs.nix
@@ -101,6 +101,51 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
        }).config.microvm.declaredRunner;
    })
    { }
+    (builtins.attrNames self.nixosConfigurations) //
+
+    builtins.foldl'
+    (result: host:
+      let
+        inherit (self.nixosConfigurations.${host}) config;
+      in
+      result // {
+        # boot any machine in a microvm
+        "${host}-vm-withssh" = (self.nixosConfigurations.${host}.extendModules {
+          modules = [{
+            microvm = {
+              mem = pkgs.lib.mkForce 4096;
+              hypervisor = pkgs.lib.mkForce "qemu";
+              socket = pkgs.lib.mkForce null;
+              shares = pkgs.lib.mkForce [
+                {
+                  tag = "ro-store";
+                  source = "/nix/store";
+                  mountPoint = "/nix/.ro-store";
+                }
+                {
+                  source = "/etc/ssh";
+                  mountPoint = "/etc/ssh";
+                  tag = "etcssh";
+                }
+              ];
+            };
+            boot.isContainer = pkgs.lib.mkForce false;
+            users.users.root.password = "";
+            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
+            fileSystems."/etc/ssh" = {
+              depends = [ "/etc" ];
+              neededForBoot = true;
+            };
+            services.getty.helpLine = ''
+              Log in as "root" with an empty password.
+              Use "reboot" to shut qemu down.
+            '';
+          }] ++ pkgs.lib.optionals (! config ? microvm) [
+            microvm.nixosModules.microvm
+          ];
+        }).config.microvm.declaredRunner;
+    })
+    { }
    (builtins.attrNames self.nixosConfigurations);

    apps = {