[nix] add run-vm script

outputs.nix

@@ -14,6 +14,60 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
   let
     pkgs-unstable = nixpkgs-unstable.legacyPackages."${system}";
     pkgs = nixpkgs.legacyPackages."${system}";
+
+    vmMicroVMOverwrites = options: {
+      microvm = {
+        mem = pkgs.lib.mkForce 4096;
+        hypervisor = pkgs.lib.mkForce "qemu";
+        socket = pkgs.lib.mkForce null;
+        shares = pkgs.lib.mkForce [
+          {
+            tag = "ro-store";
+            source = "/nix/store";
+            mountPoint = "/nix/.ro-store";
+          }
+        ];
+        interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{
+          type = "user";
+          id = "eth0";
+          mac = "02:23:de:ad:be:ef";
+        }]);
+      };
+
+      boot.initrd.network.ssh.enable = pkgs.lib.mkForce false;
+      boot.isContainer = pkgs.lib.mkForce false;
+      users.users.root.password = "";
+      fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
+      services.getty.helpLine = ''
+        Log in as "root" with an empty password.
+        Use "reboot" to shut qemu down.
+      '';
+    };
+
+    vmSopsOverwrites = host: {
+      sops.defaultSopsFile = pkgs.lib.mkForce ./machines/${host}/dummy.yaml;
+
+      environment.etc = {
+        devHostKey = {
+          source = ./machines/secrets/devkey_ed25519;
+          mode = "0600";
+        };
+      };
+
+      services.openssh.hostKeys = [{
+        path = "/etc/devHostKey";
+        type = "ed25519";
+      }];
+    };
+
+    buildVM = host: networking: sopsDummy: (self.nixosConfigurations.${host}.extendModules {
+        modules = [
+          (vmMicroVMOverwrites { withNetworking = networking; })
+          (if sopsDummy then (vmSopsOverwrites host) else {})
+        ] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [
+          microvm.nixosModules.microvm
+        ];
+      }).config.microvm.declaredRunner;
   in
   {
     devShells.default =
@@ -38,14 +92,19 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
         pkgs.mdbook
         microvmpkg.microvm
       ];
+
       packages = builtins.map (pkgName: self.legacyPackages."${pkgs.system}".scripts.${pkgName}) installed;
       shellHook = ''echo "Available scripts: ${builtins.concatStringsSep " " installed}"'';
     };
+
     legacyPackages = {
       scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
       scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
+      scripts.run-vm = self.packages.${system}.run-vm;
     };
 
+    vmBuilder = buildVM;
+
     packages = {
       docs = pkgs.stdenv.mkDerivation {
         name = "malobeo-docs";
@@ -63,91 +122,44 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
           cp -r ./book/* $dest
         '';
       };
-    } //
 
-    builtins.foldl'
+      run-vm = pkgs.writeShellScriptBin "run-vm" ''
-    (result: host:
+        usage() {
-      let
+            echo "Usage: run-vm <hostname> [--networking] [--dummy-secrets]"
-        inherit (self.nixosConfigurations.${host}) config;
+            echo "ATTENTION: This script must be run from the flakes root directory"
-      in
+            echo "--networking setup interfaces. requires root and hostbridge enabled on the host"
-      result // {
+            echo "--dummy-secrets deploy dummy sops secrets"
-        # boot any machine in a microvm
+            exit 1
-        "${host}-vm" = (self.nixosConfigurations.${host}.extendModules {
+        }
-          modules = [{
-            microvm = {
-              mem = pkgs.lib.mkForce 4096;
-              hypervisor = pkgs.lib.mkForce "qemu";
-              socket = pkgs.lib.mkForce null;
-              shares = pkgs.lib.mkForce [{
-                tag = "ro-store";
-                source = "/nix/store";
-                mountPoint = "/nix/.ro-store";
-              }];
-            };
-            boot.isContainer = pkgs.lib.mkForce false;
-            users.users.root.password = "";
-            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
-            services.getty.helpLine = ''
-              Log in as "root" with an empty password.
-              Use "reboot" to shut qemu down.
-            '';
-          }] ++ pkgs.lib.optionals (! config ? microvm) [
-            microvm.nixosModules.microvm
-          ];
-        }).config.microvm.declaredRunner;
-    })
-    { }
-    (builtins.attrNames self.nixosConfigurations) //
         
-    builtins.foldl'
+        # check at least one arg was given
-    (result: host:
+        if [ "$#" -lt 1 ]; then
-      let
+            usage
-        inherit (self.nixosConfigurations.${host}) config;
+        fi
-      in
-      result // {
-        # boot any machine in a microvm
-        "${host}-vm-withsops" = (self.nixosConfigurations.${host}.extendModules {
-          modules = [{
-            sops.defaultSopsFile = pkgs.lib.mkForce ./machines/${host}/dummy.yaml;
         
-            environment.etc = {
+        HOSTNAME=$1
-              devHostKey = {
-                source = ./machines/secrets/devkey_ed25519;
-                mode = "0600";
-              };
-            };
         
-            services.openssh.hostKeys = [{
+        # Optionale Argumente
-              path = "/etc/devHostKey";
+        NETWORK=false
-              type = "ed25519";
+        DUMMY_SECRETS=false
-            }];
         
-            microvm = {
+        # check argws
-              mem = pkgs.lib.mkForce 4096;
+        shift
-              hypervisor = pkgs.lib.mkForce "qemu";
+        while [[ "$#" -gt 0 ]]; do
-              socket = pkgs.lib.mkForce null;
+            case $1 in
-              shares = pkgs.lib.mkForce [
+                --networking) NETWORK=true ;;
-                {
+                --dummy-secrets) DUMMY_SECRETS=true ;;
-                  tag = "ro-store";
+                *) echo "Unknown argument: $1"; usage ;;
-                  source = "/nix/store";
+            esac
-                  mountPoint = "/nix/.ro-store";
+            shift
-                }
+        done
-              ];
+        echo "starting host $HOSTNAME"
-            };
+        echo "enable networking: $NETWORK"
-            boot.isContainer = pkgs.lib.mkForce false;
+        echo "deploy dummy secrets: $DUMMY_SECRETS"
-            users.users.root.password = "";
+        
-            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
+        ${pkgs.nix}/bin/nix run --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS)"
-            services.getty.helpLine = ''
+      '';
-              Log in as "root" with an empty password.
+    };
-              Use "reboot" to shut qemu down.
-            '';
-          }] ++ pkgs.lib.optionals (! config ? microvm) [
-            microvm.nixosModules.microvm
-          ];
-        }).config.microvm.declaredRunner;
-    })
-    { }
-    (builtins.attrNames self.nixosConfigurations);
 
     apps = {
       docs = {
@@ -156,9 +168,14 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
           ${pkgs.mdbook}/bin/mdbook serve --open ./doc
         '');
       };
+
+      run-vm = {
+        type = "app";
+        program = self.packages.${system}.run-vm;
+      };
     };
 
-  })) // rec {
+  })) // {
     nixosConfigurations = import ./machines/configuration.nix (inputs // {
       inherit inputs;
       self = self;