[sops] test sharing hostkey with vm

[infradocs] provide stats
2025-01-18 20:27:57 +01:00 · 2025-01-18 20:01:27 +01:00
2 changed files with 76 additions and 5 deletions
--- a/machines/infradocs/configuration.nix
+++ b/machines/infradocs/configuration.nix
@@ -14,6 +14,30 @@ with lib;
    ../modules/sshd.nix
  ];

+  networking.firewall.allowedTCPPorts = [ 9002 ];
+
+  services.prometheus = {
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" "processes" ];
+        port = 9002;
+      };
+    };
+  };
+
+  services.promtail = {
+    enable = true;
+    configFile = import ../modules/malobeo/promtail_config.nix { 
+      lokiAddress = "10.0.0.13";
+      logNginx = true;
+      config = config;
+      pkgs = pkgs;
+    };
+  };
+
+  users.users.promtail.extraGroups = [ "nginx" "systemd-journal" ];
+
  system.stateVersion = "22.11"; # Did you read the comment?
 }

--- a/outputs.nix
+++ b/outputs.nix
@@ -73,11 +73,13 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
              mem = pkgs.lib.mkForce 4096;
              hypervisor = pkgs.lib.mkForce "qemu";
              socket = pkgs.lib.mkForce null;
-              shares = pkgs.lib.mkForce [{
-                tag = "ro-store";
-                source = "/nix/store";
-                mountPoint = "/nix/.ro-store";
-              }];
+              shares = pkgs.lib.mkForce [
+                {
+                  tag = "ro-store";
+                  source = "/nix/store";
+                  mountPoint = "/nix/.ro-store";
+                }
+              ];
            };
            boot.isContainer = pkgs.lib.mkForce false;
            users.users.root.password = "";
@@ -92,6 +94,51 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
        }).config.microvm.declaredRunner;
    })
    { }
+    (builtins.attrNames self.nixosConfigurations) //
+
+    builtins.foldl'
+    (result: host:
+      let
+        inherit (self.nixosConfigurations.${host}) config;
+      in
+      result // {
+        # boot any machine in a microvm
+        "${host}-vm-withssh" = (self.nixosConfigurations.${host}.extendModules {
+          modules = [{
+            microvm = {
+              mem = pkgs.lib.mkForce 4096;
+              hypervisor = pkgs.lib.mkForce "qemu";
+              socket = pkgs.lib.mkForce null;
+              shares = pkgs.lib.mkForce [
+                {
+                  tag = "ro-store";
+                  source = "/nix/store";
+                  mountPoint = "/nix/.ro-store";
+                }
+                {
+                  source = "/etc/ssh";
+                  mountPoint = "/etc/ssh";
+                  tag = "etcssh";
+                }
+              ];
+            };
+            boot.isContainer = pkgs.lib.mkForce false;
+            users.users.root.password = "";
+            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
+            fileSystems."/etc/ssh" = {
+              depends = [ "/etc" ];
+              neededForBoot = true;
+            };
+            services.getty.helpLine = ''
+              Log in as "root" with an empty password.
+              Use "reboot" to shut qemu down.
+            '';
+          }] ++ pkgs.lib.optionals (! config ? microvm) [
+            microvm.nixosModules.microvm
+          ];
+        }).config.microvm.declaredRunner;
+    })
+    { }
    (builtins.attrNames self.nixosConfigurations);

    apps = {
Author	SHA1	Message	Date
kalipso	e0a1a5abee	[sops] test sharing hostkey with vm All checks were successful Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 6m29s Details	2025-01-18 20:27:57 +01:00
kalipso	26829f9255	[infradocs] provide stats All checks were successful Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m55s Details Evaluate Hydra Jobs / eval-hydra-jobs (pull_request) Successful in 5m57s Details	2025-01-18 20:01:27 +01:00