From 5496ce53003017164199207255eb5c4c4133d19d Mon Sep 17 00:00:00 2001 From: tbarnouin Date: Tue, 17 Sep 2024 14:48:19 +0200 Subject: [PATCH] Add second hypervisor --- flake.nix | 67 ++++++++++- hosts/nixmox-curiosity/configuration.nix | 105 ++++++++++++++++++ .../hardware-configuration.nix | 49 ++++++++ hosts/nixmox-curiosity/home.nix | 97 ++++++++++++++++ 4 files changed, 312 insertions(+), 6 deletions(-) create mode 100644 hosts/nixmox-curiosity/configuration.nix create mode 100644 hosts/nixmox-curiosity/hardware-configuration.nix create mode 100644 hosts/nixmox-curiosity/home.nix diff --git a/flake.nix b/flake.nix index da1739f..b6efeec 100644 --- a/flake.nix +++ b/flake.nix @@ -14,25 +14,24 @@ outputs = inputs@{ self, nixpkgs, home-manager, microvm, ... }: let - hostName = "nixmox-perseverance"; system = "x86_64-linux"; username = "tbarnouin"; proxy_host = "192.168.1.40"; in { nixosConfigurations = { - ${hostName} = nixpkgs.lib.nixosSystem { + nixmox-perseverance = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./hosts/${hostName}/configuration.nix + ./hosts/nixmox-perseverance/configuration.nix { - networking.hostName = hostName; + networking.hostName = nixmox-perseverance; } home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.${username} = import ./hosts/${hostName}/home.nix; + home-manager.users.${username} = import ./hosts/nixmox-perseverance/home.nix; } microvm.nixosModules.host { @@ -68,7 +67,42 @@ specialArgs = { inherit inputs; inherit username; - inherit hostName; + inherit proxy_host; + inherit system; + }; + }; + nixmox-curiosity = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + ./hosts/nixmox-curiosity/configuration.nix + { + networking.hostName = nixmox-curiosity; + } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.${username} = import ./hosts/nixmox-curiosity/home.nix; + } + microvm.nixosModules.host + { + microvm = { + autostart = [ + "jellyfin" + ]; + vms = { + jellyfin = { + flake = self; + updateFlake = "git+file:///etc/nixos"; + }; + }; + }; + } + ]; + + specialArgs = { + inherit inputs; + inherit username; inherit proxy_host; inherit system; }; @@ -92,6 +126,27 @@ } ]; }; + jellyfin = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + microvm.nixosModules.microvm + "${inputs.self}/systems" + "${inputs.self}/services" + { + services.vm_jellyfin = { + enable = true; + }; + services.vm = { + enable = true; + hostname = "jellyfin"; + vm_ip = "192.168.1.42"; + vm_cpu = 4; + vm_mem = 8192; + macAddr = "02:00:00:00:00:42"; + }; + } + ]; + }; redis = nixpkgs.lib.nixosSystem { inherit system; modules = [ diff --git a/hosts/nixmox-curiosity/configuration.nix b/hosts/nixmox-curiosity/configuration.nix new file mode 100644 index 0000000..c78d4ac --- /dev/null +++ b/hosts/nixmox-curiosity/configuration.nix @@ -0,0 +1,105 @@ +{ config, lib, pkgs, ... }: + +{ imports = [ ./hardware-configuration.nix ]; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ "@wheel" ]; + auto-optimise-store = true; + }; + gc = { + automatic = true; + dates = "daily"; + options = "--delete older-than 3d"; + }; + }; + + security.sudo.wheelNeedsPassword = false; + + networking= { + useNetworkd = true; + firewall.allowedTCPPorts = [ 22 ]; + }; + + systemd.network = { + enable = true; + netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + }; + networks = { + "10-lan" = { + matchConfig.Name = ["ens18" "vm-*"]; + networkConfig = { + Bridge = "br0"; + }; + }; + "10-lan-bridge" = { + matchConfig.Name = "br0"; + networkConfig = { + Address = ["192.168.1.67/24"]; + Gateway = "192.168.1.254"; + DNS = ["192.168.1.254"]; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + + time.timeZone = "Europe/Paris"; + i18n.defaultLocale = "fr_FR.UTF-8"; + console = { + useXkbConfig = true; # use xkb.options in tty. + }; + + users.users = { + tbarnouin = { + isNormalUser = true; + description = "Théo Barnouin"; + extraGroups = [ + "networkmanager" + "wheel" + "libvirtd" + "docker" + "render" + "video" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" + ]; + }; + root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + vim + htop + wget + curl + git + neofetch + libvirt + qemu_kvm + nmap + ]; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + X11Forwarding = false; + PermitRootLogin = "prohibit-password"; + }; + }; + + system.stateVersion = "24.05"; # Did you read the comment? + +} diff --git a/hosts/nixmox-curiosity/hardware-configuration.nix b/hosts/nixmox-curiosity/hardware-configuration.nix new file mode 100644 index 0000000..ae708dc --- /dev/null +++ b/hosts/nixmox-curiosity/hardware-configuration.nix @@ -0,0 +1,49 @@ +{ lib, system, ... }: + +{ + boot = { + # use latest kernel + # kernelPackages = pkgs.linuxPackages_latest; + supportedFilesystems = [ "ext4" "btrfs" "xfs" "fat" "vfat" "cifs" "nfs" ]; + growPartition = true; + kernelModules = [ "kvm-intel" ]; + kernelParams = lib.mkForce [ ]; + + loader = { + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + efiInstallAsRemovable = true; + }; + timeout = lib.mkForce 3; + }; + + initrd = { + availableKernelModules = [ "9p" "9pnet_virtio" "ata_piix" "uhci_hcd" "virtio_blk" "virtio_mmio" "virtio_net" "virtio_pci" "virtio_scsi" ]; + kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; + }; + + tmp.cleanOnBoot = true; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/nixos"; + autoResize = true; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; + }; + + services.fstrim = { + enable = true; + interval = "weekly"; + }; + + nixpkgs.hostPlatform = lib.mkDefault system; +} diff --git a/hosts/nixmox-curiosity/home.nix b/hosts/nixmox-curiosity/home.nix new file mode 100644 index 0000000..e88fe0b --- /dev/null +++ b/hosts/nixmox-curiosity/home.nix @@ -0,0 +1,97 @@ +{ config, pkgs, ... }: +{ + home = { + username = "tbarnouin"; + stateVersion = "24.05"; + sessionPath = [ + "$HOME/.local/bin" + ]; + file.".ssh/authorized_keys".text = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos + ''; + }; + programs = { + git = { + enable = true; + }; + vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ + vim-airline + vim-airline-themes + vim-bufferline + vim-markdown + tabular + ]; + settings = { + expandtab = true; + ignorecase = true; + smartcase = true; + number = true; + shiftwidth = 2; + tabstop = 2; + }; + extraConfig = '' + set nocompatible + filetype on + filetype plugin on + filetype indent on + syntax on + set nobackup + set showcmd + set showmode + set showmatch + set hlsearch + set wrap + set linebreak + set textwidth=0 + set wrapmargin=0 + set scrolloff=15 + + highlight ExtraWhitespace ctermbg=red guibg=red + autocmd BufWritePre * :%s/\s\+$//e + + inoremap " "" + inoremap \' \'\' + inoremap ( () + inoremap [ [] + inoremap { {} + + let g:vim_markdown_folding_disabled = 1 + let g:mkdp_auto_start = 1 + let g:mkdp_auto_close = 1 + let g:airline_theme='molokai' + ''; + }; + zsh = { + enable = true; + shellAliases = { + ll = "ls -l"; + lla = "ls -lah"; + terraform = "tofu"; + # Nixos + update = "sudo nixos-rebuild switch"; + upgrade = "sudo nix-channel --update && sudo nixos-rebuild switch --upgrade"; + }; + oh-my-zsh = { + enable = true; + plugins = + [ + "git" + "terraform" + "sudo" + "docker" + "pip" + "python" + "pyenv" + "pipenv" + ]; + theme = "bira"; + }; + }; + tmux = { + enable = true; + mouse = true; + }; + }; +}