[microvm] differentiate between stable and unstable nixpkgs

finally i hope....

doc/src/SUMMARY.md

@@ -14,4 +14,5 @@
     - [How-to]()
         - [Sops](./anleitung/sops.md)            
         - [Updates](./anleitung/updates.md)
-        - [Rollbacks](./anleitung/rollback.md)
+        - [Rollbacks](./anleitung/rollback.md)
+        - [MicroVM](./anleitung/microvm.md)

doc/src/anleitung/microvm.md

@@ -0,0 +1,52 @@
+### Declaring a MicroVM
+
+The hosts nixosSystems modules should be declared using the ```makeMicroVM``` helper function.
+Use durruti as orientation:
+``` nix
+    modules = makeMicroVM "durruti" "10.0.0.5" [
+      ./durruti/configuration.nix
+    ];
+```
+
+"durruti" is the hostname.  
+"10.0.0.5" is the IP assigned to its tap interface.  
+
+### Testing MicroVMs locally
+MicroVMs can be built and run easily on your local host.
+For durruti this is done by:
+``` bash
+sudo nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner
+```
+
+It seems to be necessary to run this as root so that the according tap interface can be created.
+To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below.
+
+### Host Setup
+
+#### Network Bridge
+To provide network access to the VMs a bridge interface needs to be created on your host.
+For that:
+- Add the infrastructure flake as input to your hosts flake  
+- Add ```inputs.malobeo.nixosModules.malobeo``` to your hosts imports
+- enable the host bridge: ```services.malobeo.microvm.enableHostBridge = true;```
+
+If you want to provide Internet access to the VM it is necessary to create a nat.
+This could be done like this:
+``` nix
+networking.nat = {
+  enable = true;
+  internalInterfaces = [ "microvm" ];
+  externalInterface = "eth0"; #change to your interface name
+};
+```
+#### Auto Deploy VMs
+By default no MicroVMs will be initialized on the host - this should be done using the microvm commandline tool.
+But since we want to always deploy certain VMs it can be configured using the ```malobeo.microvm.deployHosts``` option.
+VMs configured using this option will be initialized and autostarted at boot.
+Updating still needs to be done imperative, or by enabling autoupdates.nix
+
+The following example would init and autostart durruti and gitea:
+``` nix
+malobeo.microvm.deployHosts = [ "durruti" "gitea" ];
+```
+

machines/modules/malobeo/microvm_host.nix

@@ -1,4 +1,4 @@
-{ config, lib, options, pkgs, ... }:
+{ config, self, lib, inputs, options, pkgs, ... }:
 
 with lib;
 
@@ -13,12 +13,39 @@ in
         type = types.bool;
         description = lib.mdDoc "Setup bridge device for microvms.";
       };
+
+      enableHostBridgeUnstable = mkOption {
+        default = false;
+        type = types.bool;
+        description = lib.mdDoc "Setup bridge device for microvms.";
+      };
+
+      deployHosts = mkOption {
+        default = [];
+        type = types.listOf types.str;
+        description = ''
+          List hostnames of MicroVMs that should be automatically initializes and autostart
+        '';
+      };
     };
   };
 
-  config = mkIf cfg.enableHostBridge
+
-  { 
+  imports = [
-    systemd.network = {
+    inputs.microvm.nixosModules.host
+  ];
+
+  config = { 
+    assertions = [
+      {
+        assertion = !(cfg.enableHostBridgeUnstable && cfg.enableHostBridge);
+        message = ''
+          Only enableHostBridge or enableHostBridgeUnstable! Not Both!
+        '';
+      }
+    ];
+
+    systemd.network = mkIf (cfg.enableHostBridge || cfg.enableHostBridgeUnstable) {
       enable = true;
       # create a bride device that all the microvms will be connected to
       netdevs."10-microvm".netdevConfig = {
@@ -32,14 +59,11 @@ in
           DHCPServer = true;
           IPv6SendRA = true;
         };
-        addresses = [ {
+        addresses = if cfg.enableHostBridgeUnstable then [
-          Address = "10.0.0.1/24";
+          { Address = "10.0.0.1/24"; }
-        } {
+        ] else [
-          Address = "fd12:3456:789a::1/64";
+          { addressConfig.Address = "10.0.0.1/24"; }
-        } ];
+        ];
-        ipv6Prefixes = [ {
-          Prefix = "fd12:3456:789a::/64";
-        } ];
       };
 
       # connect the vms to the bridge
@@ -47,6 +71,19 @@ in
         matchConfig.Name = "vm-*";
         networkConfig.Bridge = "microvm";
       };
-    };
+    }; 
+
+    microvm.vms = 
+    let
+      # Map the values to each hostname to then generate a Attrs using listToAttrs
+      mapperFunc = name: { inherit name; value = {
+          # Host build-time reference to where the MicroVM NixOS is defined
+          # under nixosConfigurations
+          flake = inputs.malobeo; 
+          # Specify from where to let `microvm -u` update later on
+          updateFlake = "git+https://git.dynamicdiscord.de/kalipso/infrastructure?ref=microvm";
+        }; };
+    in
+    builtins.listToAttrs (map mapperFunc cfg.deployHosts);
   };
 }

outputs.nix

@@ -41,7 +41,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     apps = {
       docs = {
         type = "app";
-        program = builtins.toString (pkgs.writeScript "docs" ''
+        program = builtins.toString (pkgs.writeShellScript "docs" ''
           ${pkgs.mdbook}/bin/mdbook serve --open ./doc
         '');
       };