[modules] vpn use hostName as fallback name

[fanny] disable mounting root datasets and add encrypted swap
Improve microvm docs
2024-12-17 11:24:27 +01:00 · 2024-12-17 11:24:27 +01:00 · 2024-12-17 11:24:27 +01:00
4 changed files with 24 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ result
 *.qcow2
 .direnv/
 book/
+fanny-efi-vars.fd
--- a/doc/src/anleitung/microvm.md
+++ b/doc/src/anleitung/microvm.md
@@ -23,18 +23,21 @@ In order to test persistent microvms locally we need to create them using the ``
 This is necessary to be able to mount persistent /etc and /var volumes on those hosts.  
 Do the following:

+Prepare your host by including `microvm.nixosModules.host` in your `flake.nix` [Microvm Docs](https://astro.github.io/microvm.nix/host.html)
+
+
 ```bash
-# go into our repo and start the default dev shell (or us direnv)
+# go into our repo and start the default dev shell (or use direnv)
 nix develop .#

 # create a microvm on your host (on the example of durruti)
 sudo microvm -c durruti -f git+file:///home/username/path/to/infrastructure/repo

 # start the vm
-sudo systemctl start microvm@durruti.serivce
+sudo systemctl start microvm@durruti.service

 # this may fail, if so we most probably need to create /var /etc manually, then restart
-sudo mkdir /var/lib/microvms/durruti/{var, etc}
+sudo mkdir -p /var/lib/microvms/durruti/{var,etc}

 # now you can for example get the rsa host key from /var/lib/microvms/durruti/etc/ssh/

--- a/machines/modules/disko/fanny.nix
+++ b/machines/modules/disko/fanny.nix
@@ -17,6 +17,13 @@
                mountOptions = [ "umask=0077" ];
              };
            };
+            encryptedSwap = {
+              size = "8G"; #set to 100M for testing
+              content =  {
+                type = "swap";
+                randomEncryption = true;
+              };
+            };
            zfs = {
              size = "100%";
              content = {
@@ -70,6 +77,7 @@
        # Workaround: cannot import 'zroot': I/O error in disko tests
        options.cachefile = "none";
        rootFsOptions = {
+          mountpoint = "none";
          compression = "zstd";
          "com.sun:auto-snapshot" = "false";
        };
@@ -114,6 +122,7 @@
      storage = {
        type = "zpool";
        mode = "mirror";
+        rootFsOptions = { mountpoint = "none"; };

        datasets = {
          encrypted = {
--- a/machines/modules/malobeo/wireguard.nix
+++ b/machines/modules/malobeo/wireguard.nix
@@ -5,7 +5,7 @@ with lib;
 let
  cfg = config.services.malobeo.vpn;
  peers = import ./peers.nix;
-  myPeer = peers.${cfg.name};
+  myPeer = if cfg.name == "" then peers.${config.networking.hostName} else peers.${cfg.name};

  peerList = builtins.filter (peer: peer.role != myPeer.role) (builtins.attrValues peers);
  peerListWithEndpoint = map (host:
@@ -14,7 +14,12 @@ let
    else
      host
  ) peerList;
-  filteredPeerlist = map (host: builtins.removeAttrs host [ "role" "ips" "listenPort" "publicIp" ] ) peerListWithEndpoint;
+  filteredPeerlist = map (host: builtins.removeAttrs host [ 
+    "role" 
+    "ips" 
+    "listenPort" 
+    "publicIp" 
+  ] ) peerListWithEndpoint;
 in
 {
  options = {
@@ -29,7 +34,7 @@ in
        default = "";
        type = types.str;
        description = ''
-          Name of the host in peers.nix
+          Name of the host in peers.nix, if empty uses hostname
        '';
      };
Author	SHA1	Message	Date
kalipso	c53efb04bc	[modules] vpn use hostName as fallback name All checks were successful Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m46s Details Evaluate Hydra Jobs / eval-hydra-jobs (pull_request) Successful in 4m44s Details	2024-12-17 11:24:27 +01:00
ahtlon	13d1f68bc2	[fanny] disable mounting root datasets and add encrypted swap	2024-12-17 11:24:27 +01:00
ahtlon	8969789dc0	Improve microvm docs	2024-12-17 11:24:27 +01:00