diff --git a/doc/src/SUMMARY.md b/doc/src/SUMMARY.md index 6792fa4..ce81bf8 100644 --- a/doc/src/SUMMARY.md +++ b/doc/src/SUMMARY.md @@ -13,4 +13,5 @@ - [TODO](./todo.md) - [How-to]() - [Updates](./anleitung/updates.md) - - [Rollbacks](./anleitung/rollback.md) \ No newline at end of file + - [Rollbacks](./anleitung/rollback.md) + - [MicroVM](./anleitung/microvm.md) diff --git a/doc/src/anleitung/microvm.md b/doc/src/anleitung/microvm.md new file mode 100644 index 0000000..f8c9005 --- /dev/null +++ b/doc/src/anleitung/microvm.md @@ -0,0 +1,39 @@ +### Declaring a MicroVM + +The hosts nixosSystems modules should be declared using the ```makeMicroVM``` helper function. +Use durruti as orientation: +``` nix + modules = makeMicroVM "durruti" "10.0.0.5" [ + ./durruti/configuration.nix + ]; +``` + +"durruti" is the hostname. +"10.0.0.5" is the IP assigned to its tap interface. + +### Testing MicroVMs locally +MicroVMs can be built and run easily on your local host. +For durruti this is done by: +``` bash +sudo nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner +``` + +It seems to be necessary to run this as root so that the according tap interface can be created. +To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below. + +### Host Setup +To provide network access to the VMs a bridge interface needs to be created on your host. +For that: +- Add the infrastructure flake as input to your hosts flake +- Add ```inputs.malobeo.nixosModules.malobeo``` to your hosts imports +- enable the host bridge: ```services.malobeo.microvm.enableHostBridge = true;``` + +If you want to provide Internet access to the VM it is necessary to create a nat. +This could be done like this: +``` nix +networking.nat = { + enable = true; + internalInterfaces = [ "microvm" ]; + externalInterface = "eth0"; #change to your interface name +}; +``` diff --git a/machines/configuration.nix b/machines/configuration.nix index f62f7bd..3939721 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -94,4 +94,12 @@ in ./lucia/hardware_configuration.nix ]; }; + + gitea = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + modules = makeMicroVM "gitea" "10.0.0.6" [ + ./gitea/configuration.nix + ]; + }; } diff --git a/machines/gitea/configuration.nix b/machines/gitea/configuration.nix new file mode 100644 index 0000000..2ea0141 --- /dev/null +++ b/machines/gitea/configuration.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, inputs, ... }: + +with lib; + +{ + #sops.defaultSopsFile = ./secrets.yaml; + + networking = { + hostName = mkDefault "gitea"; + useDHCP = false; + nameservers = [ "1.1.1.1" ]; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + services.gitea = { + enable = true; + appName = "malobeo git instance"; + + settings.server = { + DOMAIN = "git.malobeo.org"; + HTTP_PORT = 3001; + SSH_PORT = 22; + ROOT_URL = "https://git.malobeo.org/"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 3001 ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/outputs.nix b/outputs.nix index c9bbcf0..3458614 100644 --- a/outputs.nix +++ b/outputs.nix @@ -41,7 +41,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems apps = { docs = { type = "app"; - program = builtins.toString (pkgs.writeScript "docs" '' + program = builtins.toString (pkgs.writeShellScript "docs" '' ${pkgs.mdbook}/bin/mdbook serve --open ./doc ''); };