[sops] test sharing hostkey with vm

machines/infradocs/configuration.nix

@@ -14,6 +14,30 @@ with lib;
     ../modules/sshd.nix
   ];
 
+  networking.firewall.allowedTCPPorts = [ 9002 ];
+
+  services.prometheus = {
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" "processes" ];
+        port = 9002;
+      };
+    };
+  };
+
+  services.promtail = {
+    enable = true;
+    configFile = import ../modules/malobeo/promtail_config.nix { 
+      lokiAddress = "10.0.0.13";
+      logNginx = true;
+      config = config;
+      pkgs = pkgs;
+    };
+  };
+
+  users.users.promtail.extraGroups = [ "nginx" "systemd-journal" ];
+
   system.stateVersion = "22.11"; # Did you read the comment?
 }
 

outputs.nix

@@ -73,11 +73,13 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
               mem = pkgs.lib.mkForce 4096;
               hypervisor = pkgs.lib.mkForce "qemu";
               socket = pkgs.lib.mkForce null;
-              shares = pkgs.lib.mkForce [{
+              shares = pkgs.lib.mkForce [
-                tag = "ro-store";
+                {
-                source = "/nix/store";
+                  tag = "ro-store";
-                mountPoint = "/nix/.ro-store";
+                  source = "/nix/store";
-              }];
+                  mountPoint = "/nix/.ro-store";
+                }
+              ];
             };
             boot.isContainer = pkgs.lib.mkForce false;
             users.users.root.password = "";
@@ -92,6 +94,51 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
         }).config.microvm.declaredRunner;
     })
     { }
+    (builtins.attrNames self.nixosConfigurations) //
+
+    builtins.foldl'
+    (result: host:
+      let
+        inherit (self.nixosConfigurations.${host}) config;
+      in
+      result // {
+        # boot any machine in a microvm
+        "${host}-vm-withssh" = (self.nixosConfigurations.${host}.extendModules {
+          modules = [{
+            microvm = {
+              mem = pkgs.lib.mkForce 4096;
+              hypervisor = pkgs.lib.mkForce "qemu";
+              socket = pkgs.lib.mkForce null;
+              shares = pkgs.lib.mkForce [
+                {
+                  tag = "ro-store";
+                  source = "/nix/store";
+                  mountPoint = "/nix/.ro-store";
+                }
+                {
+                  source = "/etc/ssh";
+                  mountPoint = "/etc/ssh";
+                  tag = "etcssh";
+                }
+              ];
+            };
+            boot.isContainer = pkgs.lib.mkForce false;
+            users.users.root.password = "";
+            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
+            fileSystems."/etc/ssh" = {
+              depends = [ "/etc" ];
+              neededForBoot = true;
+            };
+            services.getty.helpLine = ''
+              Log in as "root" with an empty password.
+              Use "reboot" to shut qemu down.
+            '';
+          }] ++ pkgs.lib.optionals (! config ? microvm) [
+            microvm.nixosModules.microvm
+          ];
+        }).config.microvm.declaredRunner;
+    })
+    { }
     (builtins.attrNames self.nixosConfigurations);
 
     apps = {