From 807d2007fa7995cae5d591a0a50a8b64a5ef5f00 Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 14 Nov 2024 14:36:32 +0100 Subject: [PATCH 01/18] [nixpkgs] add microvm.nix --- flake.lock | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 2 ++ 2 files changed, 75 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index b4c528b..999afbf 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,24 @@ "url": "https://git.dynamicdiscord.de/kalipso/ep3-bs.nix" } }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -61,6 +79,28 @@ "type": "github" } }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1731240174, + "narHash": "sha256-HYu+bPoV3UILhwc4Ar5iQ7aF+DuQWHXl4mljN6Bwq6A=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "dd89404e1885b8d7033106f3898eaef8db660cb2", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1729386149, @@ -182,6 +222,7 @@ "ep3-bs": "ep3-bs", "home-manager": "home-manager", "mfsync": "mfsync", + "microvm": "microvm", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -212,6 +253,22 @@ "type": "github" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1729945407, + "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", + "ref": "refs/heads/main", + "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", + "revCount": 764, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -257,6 +314,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tasklist": { "inputs": { "nixpkgs": [ @@ -315,7 +387,7 @@ }, "utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1726560853, diff --git a/flake.nix b/flake.nix index 68c262c..c02f881 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,8 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; mfsync.url = "github:k4lipso/mfsync"; + microvm.url = "github:astro/microvm.nix"; + microvm.inputs.nixpkgs.follows = "nixpkgs"; utils = { url = "github:numtide/flake-utils"; -- 2.51.2 From d1afbe9f1408d89f047b6fa1f575b0e989d88f83 Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 14 Nov 2024 14:37:02 +0100 Subject: [PATCH 02/18] [durruti] make durruti microvm Networking still needs to be done but the vm boots using ```nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner``` --- machines/configuration.nix | 9 ++++++++- machines/durruti/configuration.nix | 1 - 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/machines/configuration.nix b/machines/configuration.nix index 4509ea8..685f501 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -40,6 +40,13 @@ let } ]; defaultModules = baseModules; + + defaultMicroVMModules = [ + inputs.microvm.nixosModules.microvm + { + microvm.hypervisor = "qemu"; + } + ] ++ defaultModules; in { louise = nixosSystem { @@ -53,7 +60,7 @@ in durruti = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; - modules = defaultModules ++ [ + modules = defaultMicroVMModules ++ [ ./durruti/configuration.nix ]; }; diff --git a/machines/durruti/configuration.nix b/machines/durruti/configuration.nix index 9b458a8..70c6837 100644 --- a/machines/durruti/configuration.nix +++ b/machines/durruti/configuration.nix @@ -5,7 +5,6 @@ with lib; { sops.defaultSopsFile = ./secrets.yaml; - boot.isContainer = true; networking = { hostName = mkDefault "durruti"; useDHCP = false; -- 2.51.2 From 05ec7004ad96363e7a6182a2d53414557107fff3 Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 18 Nov 2024 22:55:03 +0100 Subject: [PATCH 03/18] [microvm] setup network, allow adding bridge interface to host --- machines/configuration.nix | 25 +++++++++++++++++++++ machines/durruti/host_config.nix | 38 ++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/machines/configuration.nix b/machines/configuration.nix index 685f501..08f1cd4 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -62,6 +62,31 @@ in specialArgs.inputs = inputs; modules = defaultMicroVMModules ++ [ ./durruti/configuration.nix + + { + microvm = { + interfaces = [ + { + type = "tap"; + id = "vm-test1"; + mac = "02:00:00:00:00:01"; + } + ]; + }; + + systemd.network.enable = true; + + systemd.network.networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + Address = ["10.0.0.3/24" "2001:db8::b/64"]; + Gateway = "10.0.0.1"; + DNS = ["1.1.1.1"]; + IPv6AcceptRA = true; + DHCP = "no"; + }; + }; + } ]; }; diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index c846990..4f77ba8 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -19,6 +19,14 @@ in default = ""; description = lib.mdDoc "ip of nix container provided for malo"; }; + + microvm = { + enableHostBridge = mkOption { + default = false; + type = types.bool; + description = lib.mdDoc "Setup bridge device for microvms."; + }; + }; }; }; @@ -45,5 +53,35 @@ in locations."/".proxyPass = "http://${cfg.host_ip}:80"; }; + systemd.network = mkIf cfg.microvm.enableHostBridge { + enable = true; + # create a bride device that all the microvms will be connected to + netdevs."10-microvm".netdevConfig = { + Kind = "bridge"; + Name = "microvm"; + }; + + networks."10-microvm" = { + matchConfig.Name = "microvm"; + networkConfig = { + DHCPServer = true; + IPv6SendRA = true; + }; + addresses = [ { + Address = "10.0.0.1/24"; + } { + Address = "fd12:3456:789a::1/64"; + } ]; + ipv6Prefixes = [ { + Prefix = "fd12:3456:789a::/64"; + } ]; + }; + + # connect the vms to the bridge + networks."11-microvm" = { + matchConfig.Name = "vm-*"; + networkConfig.Bridge = "microvm"; + }; + }; }; } -- 2.51.2 From edb9dcb28b877f2265690bb6e954495835829bb9 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 19 Nov 2024 12:59:11 +0100 Subject: [PATCH 04/18] [microvm] split module files --- machines/modules/malobeo/microvm_host.nix | 52 +++++++++++++++++++++++ outputs.nix | 5 ++- 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 machines/modules/malobeo/microvm_host.nix diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix new file mode 100644 index 0000000..e730488 --- /dev/null +++ b/machines/modules/malobeo/microvm_host.nix @@ -0,0 +1,52 @@ +{ config, lib, options, pkgs, ... }: + +with lib; + +let + cfg = config.services.malobeo.microvm; +in +{ + options = { + services.malobeo.microvm = { + enableHostBridge = mkOption { + default = false; + type = types.bool; + description = lib.mdDoc "Setup bridge device for microvms."; + }; + }; + }; + + config = mkIf cfg.enableHostBridge + { + systemd.network = { + enable = true; + # create a bride device that all the microvms will be connected to + netdevs."10-microvm".netdevConfig = { + Kind = "bridge"; + Name = "microvm"; + }; + + networks."10-microvm" = { + matchConfig.Name = "microvm"; + networkConfig = { + DHCPServer = true; + IPv6SendRA = true; + }; + addresses = [ { + Address = "10.0.0.1/24"; + } { + Address = "fd12:3456:789a::1/64"; + } ]; + ipv6Prefixes = [ { + Prefix = "fd12:3456:789a::/64"; + } ]; + }; + + # connect the vms to the bridge + networks."11-microvm" = { + matchConfig.Name = "vm-*"; + networkConfig.Bridge = "microvm"; + }; + }; + }; +} diff --git a/outputs.nix b/outputs.nix index 042216d..c9bbcf0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -52,7 +52,10 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems inherit inputs; }); - nixosModules.malobeo = import ./machines/durruti/host_config.nix; + nixosModules.malobeo.imports = [ + ./machines/durruti/host_config.nix + ./machines/modules/malobeo/microvm_host.nix + ]; hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) ( let -- 2.51.2 From be194e42938574846744a29a17f7ca03b113177d Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 19 Nov 2024 13:03:47 +0100 Subject: [PATCH 05/18] [microvm] rm duplicate option --- machines/durruti/host_config.nix | 39 -------------------------------- 1 file changed, 39 deletions(-) diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index 4f77ba8..418bbeb 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -19,14 +19,6 @@ in default = ""; description = lib.mdDoc "ip of nix container provided for malo"; }; - - microvm = { - enableHostBridge = mkOption { - default = false; - type = types.bool; - description = lib.mdDoc "Setup bridge device for microvms."; - }; - }; }; }; @@ -52,36 +44,5 @@ in enableACME= true; locations."/".proxyPass = "http://${cfg.host_ip}:80"; }; - - systemd.network = mkIf cfg.microvm.enableHostBridge { - enable = true; - # create a bride device that all the microvms will be connected to - netdevs."10-microvm".netdevConfig = { - Kind = "bridge"; - Name = "microvm"; - }; - - networks."10-microvm" = { - matchConfig.Name = "microvm"; - networkConfig = { - DHCPServer = true; - IPv6SendRA = true; - }; - addresses = [ { - Address = "10.0.0.1/24"; - } { - Address = "fd12:3456:789a::1/64"; - } ]; - ipv6Prefixes = [ { - Prefix = "fd12:3456:789a::/64"; - } ]; - }; - - # connect the vms to the bridge - networks."11-microvm" = { - matchConfig.Name = "vm-*"; - networkConfig.Bridge = "microvm"; - }; - }; }; } -- 2.51.2 From 63c36f6add52db80f2e66acb66b3e55604afa761 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 19 Nov 2024 13:31:09 +0100 Subject: [PATCH 06/18] [microvm] put vm creation into function --- machines/configuration.nix | 54 ++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 29 deletions(-) diff --git a/machines/configuration.nix b/machines/configuration.nix index 08f1cd4..f62f7bd 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -41,12 +41,33 @@ let ]; defaultModules = baseModules; - defaultMicroVMModules = [ + makeMicroVM = hostName: ipv4Addr: modules: [ inputs.microvm.nixosModules.microvm { - microvm.hypervisor = "qemu"; + microvm = { + hypervisor = "qemu"; + interfaces = [ + { + type = "tap"; + id = "vm-${hostName}"; + mac = "02:00:00:00:00:01"; + } + ]; + }; + + systemd.network.enable = true; + + systemd.network.networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + Address = [ "${ipv4Addr}/24" ]; + Gateway = "10.0.0.1"; + DNS = ["1.1.1.1"]; + DHCP = "no"; + }; + }; } - ] ++ defaultModules; + ] ++ defaultModules ++ modules; in { louise = nixosSystem { @@ -60,33 +81,8 @@ in durruti = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; - modules = defaultMicroVMModules ++ [ + modules = makeMicroVM "durruti" "10.0.0.5" [ ./durruti/configuration.nix - - { - microvm = { - interfaces = [ - { - type = "tap"; - id = "vm-test1"; - mac = "02:00:00:00:00:01"; - } - ]; - }; - - systemd.network.enable = true; - - systemd.network.networks."20-lan" = { - matchConfig.Type = "ether"; - networkConfig = { - Address = ["10.0.0.3/24" "2001:db8::b/64"]; - Gateway = "10.0.0.1"; - DNS = ["1.1.1.1"]; - IPv6AcceptRA = true; - DHCP = "no"; - }; - }; - } ]; }; -- 2.51.2 From 21310dcf3c315854c999c7233349a596396fddd5 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 19 Nov 2024 15:31:27 +0100 Subject: [PATCH 07/18] [docs] fix docs app exec format error --- outputs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.nix b/outputs.nix index c9bbcf0..3458614 100644 --- a/outputs.nix +++ b/outputs.nix @@ -41,7 +41,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems apps = { docs = { type = "app"; - program = builtins.toString (pkgs.writeScript "docs" '' + program = builtins.toString (pkgs.writeShellScript "docs" '' ${pkgs.mdbook}/bin/mdbook serve --open ./doc ''); }; -- 2.51.2 From 6456814319ee250478f6e778d50cdc6c76ce5e15 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 19 Nov 2024 15:43:23 +0100 Subject: [PATCH 08/18] [doc] add basic microvm documentation --- doc/src/SUMMARY.md | 3 ++- doc/src/anleitung/microvm.md | 39 ++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 doc/src/anleitung/microvm.md diff --git a/doc/src/SUMMARY.md b/doc/src/SUMMARY.md index 6792fa4..ce81bf8 100644 --- a/doc/src/SUMMARY.md +++ b/doc/src/SUMMARY.md @@ -13,4 +13,5 @@ - [TODO](./todo.md) - [How-to]() - [Updates](./anleitung/updates.md) - - [Rollbacks](./anleitung/rollback.md) \ No newline at end of file + - [Rollbacks](./anleitung/rollback.md) + - [MicroVM](./anleitung/microvm.md) diff --git a/doc/src/anleitung/microvm.md b/doc/src/anleitung/microvm.md new file mode 100644 index 0000000..f8c9005 --- /dev/null +++ b/doc/src/anleitung/microvm.md @@ -0,0 +1,39 @@ +### Declaring a MicroVM + +The hosts nixosSystems modules should be declared using the ```makeMicroVM``` helper function. +Use durruti as orientation: +``` nix + modules = makeMicroVM "durruti" "10.0.0.5" [ + ./durruti/configuration.nix + ]; +``` + +"durruti" is the hostname. +"10.0.0.5" is the IP assigned to its tap interface. + +### Testing MicroVMs locally +MicroVMs can be built and run easily on your local host. +For durruti this is done by: +``` bash +sudo nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner +``` + +It seems to be necessary to run this as root so that the according tap interface can be created. +To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below. + +### Host Setup +To provide network access to the VMs a bridge interface needs to be created on your host. +For that: +- Add the infrastructure flake as input to your hosts flake +- Add ```inputs.malobeo.nixosModules.malobeo``` to your hosts imports +- enable the host bridge: ```services.malobeo.microvm.enableHostBridge = true;``` + +If you want to provide Internet access to the VM it is necessary to create a nat. +This could be done like this: +``` nix +networking.nat = { + enable = true; + internalInterfaces = [ "microvm" ]; + externalInterface = "eth0"; #change to your interface name +}; +``` -- 2.51.2 From 1cecd2176310219311ae43a61eb9c4ebdd482be4 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 19 Nov 2024 15:10:13 +0100 Subject: [PATCH 09/18] [microvm] share read only nix store this reduces build times drastically --- machines/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/machines/configuration.nix b/machines/configuration.nix index f62f7bd..a2c2456 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -46,6 +46,11 @@ let { microvm = { hypervisor = "qemu"; + shares = [ { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } ]; interfaces = [ { type = "tap"; -- 2.51.2 From 1c66b6db8cd4b85a7c3df59b43fcc99a0f1716dd Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 13:00:21 +0100 Subject: [PATCH 10/18] [microvm] add microvm deployment option to host --- machines/modules/malobeo/microvm_host.nix | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index e730488..91797fe 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -13,6 +13,14 @@ in type = types.bool; description = lib.mdDoc "Setup bridge device for microvms."; }; + + deployHosts = mkOption { + default = []; + type = types.listOf string; + description = '' + List hostnames of MicroVMs that should be automatically initializes and autostart + ''; + }; }; }; @@ -48,5 +56,24 @@ in networkConfig.Bridge = "microvm"; }; }; + + imports = mkIf cfg.deployHosts != [] [ + inputs.microvm.nixosModules.host + ]; + + microvm.autostart = cfg.deployHosts; + microvm.vms = + let + # Map the values to each hostname to then generate a Attrs using listToAttrs + mapperFunc = name: { inherit name; value = { + # Host build-time reference to where the MicroVM NixOS is defined + # under nixosConfigurations + flake = self; + # Specify from where to let `microvm -u` update later on + updateFlake = "git+https://git.dynamicdiscord.de/kalipso/infrastructure?ref=microvm"; + }; }; + in + mkIf cfg.deployHosts != [] + builtins.listToAttrs (map mapperFunc cfg.deployHosts); }; } -- 2.51.2 From 9b014c5ff051f6cd326cb63f1eb3b21d6b065214 Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 13:02:54 +0100 Subject: [PATCH 11/18] [microvm] fix comparision --- machines/modules/malobeo/microvm_host.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index 91797fe..cee5604 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -57,7 +57,7 @@ in }; }; - imports = mkIf cfg.deployHosts != [] [ + imports = mkIf (lib.length cfg.deployHosts != 0) [ inputs.microvm.nixosModules.host ]; @@ -73,7 +73,7 @@ in updateFlake = "git+https://git.dynamicdiscord.de/kalipso/infrastructure?ref=microvm"; }; }; in - mkIf cfg.deployHosts != [] + mkIf (lib.length cfg.deployHosts != 0) builtins.listToAttrs (map mapperFunc cfg.deployHosts); }; } -- 2.51.2 From 812eb102a98d6c23937af6e0262c8e6d37def1b5 Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 13:07:12 +0100 Subject: [PATCH 12/18] [microvm] fix type --- machines/modules/malobeo/microvm_host.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index cee5604..fc1c816 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -16,7 +16,7 @@ in deployHosts = mkOption { default = []; - type = types.listOf string; + type = types.listOf types.str; description = '' List hostnames of MicroVMs that should be automatically initializes and autostart ''; -- 2.51.2 From 342759246f36c9a8bdce21ba5340af496a5d12a8 Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 13:42:31 +0100 Subject: [PATCH 13/18] [microvm] fix errors within module still checking if list is empty does not work as expected -.- --- machines/modules/malobeo/microvm_host.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index fc1c816..d7cdc55 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -1,9 +1,10 @@ -{ config, lib, options, pkgs, ... }: +{ config, self, lib, inputs, options, pkgs, ... }: with lib; let cfg = config.services.malobeo.microvm; + hostsEmpty = length cfg.deployHosts == 0; in { options = { @@ -24,6 +25,11 @@ in }; }; + + imports = [ + inputs.microvm.nixosModules.host + ]; + config = mkIf cfg.enableHostBridge { systemd.network = { @@ -57,10 +63,6 @@ in }; }; - imports = mkIf (lib.length cfg.deployHosts != 0) [ - inputs.microvm.nixosModules.host - ]; - microvm.autostart = cfg.deployHosts; microvm.vms = let @@ -68,12 +70,11 @@ in mapperFunc = name: { inherit name; value = { # Host build-time reference to where the MicroVM NixOS is defined # under nixosConfigurations - flake = self; + flake = inputs.malobeo; # Specify from where to let `microvm -u` update later on updateFlake = "git+https://git.dynamicdiscord.de/kalipso/infrastructure?ref=microvm"; }; }; in - mkIf (lib.length cfg.deployHosts != 0) builtins.listToAttrs (map mapperFunc cfg.deployHosts); }; } -- 2.51.2 From 100ddf2cd4a651c55915aa08089c1cd7127549cd Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 14:23:10 +0100 Subject: [PATCH 14/18] [microvm] separate enableHostBridge from deployHosts --- machines/modules/malobeo/microvm_host.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index d7cdc55..dae2e89 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.malobeo.microvm; - hostsEmpty = length cfg.deployHosts == 0; in { options = { @@ -56,6 +55,8 @@ in } ]; }; + } // mkIf (!hostEmpty) { + # connect the vms to the bridge networks."11-microvm" = { matchConfig.Name = "vm-*"; -- 2.51.2 From 39972efc7c55b9ddf009a9855a40c222d0d0e81d Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 14:55:24 +0100 Subject: [PATCH 15/18] [docs] update microvm docu --- doc/src/anleitung/microvm.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/src/anleitung/microvm.md b/doc/src/anleitung/microvm.md index f8c9005..86f13c5 100644 --- a/doc/src/anleitung/microvm.md +++ b/doc/src/anleitung/microvm.md @@ -22,6 +22,8 @@ It seems to be necessary to run this as root so that the according tap interface To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below. ### Host Setup + +#### Network Bridge To provide network access to the VMs a bridge interface needs to be created on your host. For that: - Add the infrastructure flake as input to your hosts flake @@ -37,3 +39,14 @@ networking.nat = { externalInterface = "eth0"; #change to your interface name }; ``` +#### Auto Deploy VMs +By default no MicroVMs will be initialized on the host - this should be done using the microvm commandline tool. +But since we want to always deploy certain VMs it can be configured using the ```malobeo.microvm.deployHosts``` option. +VMs configured using this option will be initialized and autostarted at boot. +Updating still needs to be done imperative, or by enabling autoupdates.nix + +The following example would init and autostart durruti and gitea: +``` nix +malobeo.microvm.deployHosts = [ "durruti" "gitea" ]; +``` + -- 2.51.2 From c8f562f477f56e0bad7977798cfa40c3d7737f64 Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 15:12:32 +0100 Subject: [PATCH 16/18] [microvm] mv mkIf down one layer --- machines/modules/malobeo/microvm_host.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index dae2e89..7ff90ac 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -29,9 +29,8 @@ in inputs.microvm.nixosModules.host ]; - config = mkIf cfg.enableHostBridge - { - systemd.network = { + config = { + systemd.network = mkIf cfg.enableHostBridge { enable = true; # create a bride device that all the microvms will be connected to netdevs."10-microvm".netdevConfig = { -- 2.51.2 From 06a1ec6b9ccb17ae61a1e1efa04dcef226ce3ead Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 15:25:57 +0100 Subject: [PATCH 17/18] [microvm] Fix conditionals within module finally i hope.... --- machines/modules/malobeo/microvm_host.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index 7ff90ac..0dbbafc 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -29,8 +29,8 @@ in inputs.microvm.nixosModules.host ]; - config = { - systemd.network = mkIf cfg.enableHostBridge { + config = mkIf cfg.enableHostBridge { + systemd.network = { enable = true; # create a bride device that all the microvms will be connected to netdevs."10-microvm".netdevConfig = { @@ -54,16 +54,13 @@ in } ]; }; - } // mkIf (!hostEmpty) { - # connect the vms to the bridge networks."11-microvm" = { matchConfig.Name = "vm-*"; networkConfig.Bridge = "microvm"; }; - }; + }; - microvm.autostart = cfg.deployHosts; microvm.vms = let # Map the values to each hostname to then generate a Attrs using listToAttrs -- 2.51.2 From 668ee72d1509cf2fa155939aec8e96ae377107aa Mon Sep 17 00:00:00 2001 From: kalipso Date: Thu, 21 Nov 2024 15:50:13 +0100 Subject: [PATCH 18/18] [microvm] differentiate between stable and unstable nixpkgs --- machines/modules/malobeo/microvm_host.nix | 32 ++++++++++++++++------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index 0dbbafc..8846a4b 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -14,6 +14,12 @@ in description = lib.mdDoc "Setup bridge device for microvms."; }; + enableHostBridgeUnstable = mkOption { + default = false; + type = types.bool; + description = lib.mdDoc "Setup bridge device for microvms."; + }; + deployHosts = mkOption { default = []; type = types.listOf types.str; @@ -29,8 +35,17 @@ in inputs.microvm.nixosModules.host ]; - config = mkIf cfg.enableHostBridge { - systemd.network = { + config = { + assertions = [ + { + assertion = !(cfg.enableHostBridgeUnstable && cfg.enableHostBridge); + message = '' + Only enableHostBridge or enableHostBridgeUnstable! Not Both! + ''; + } + ]; + + systemd.network = mkIf (cfg.enableHostBridge || cfg.enableHostBridgeUnstable) { enable = true; # create a bride device that all the microvms will be connected to netdevs."10-microvm".netdevConfig = { @@ -44,14 +59,11 @@ in DHCPServer = true; IPv6SendRA = true; }; - addresses = [ { - Address = "10.0.0.1/24"; - } { - Address = "fd12:3456:789a::1/64"; - } ]; - ipv6Prefixes = [ { - Prefix = "fd12:3456:789a::/64"; - } ]; + addresses = if cfg.enableHostBridgeUnstable then [ + { Address = "10.0.0.1/24"; } + ] else [ + { addressConfig.Address = "10.0.0.1/24"; } + ]; }; # connect the vms to the bridge -- 2.51.2