Separate microvm and LXC config

This commit is contained in:
Théo Barnouin 2024-10-16 14:33:27 +02:00
parent 6d8ea1ede4
commit 63ee06c308
3 changed files with 105 additions and 76 deletions

View file

@ -1,78 +1,7 @@
{ inputs, lib, config, microvm, ... }:
let
cfg = config.services.vm;
in
{ inputs, ... }:
{
options.services.vm = {
enable = lib.mkEnableOption "Enable minimal config";
hostname = lib.mkOption {
type = lib.types.str;
description = "The VM hostname";
};
vm_ip = lib.mkOption {
type = lib.types.str;
description = "The VM IP address";
};
macAddr = lib.mkOption {
type = lib.types.str;
description = "The VM MAC Address";
};
vm_mem = lib.mkOption {
type = lib.types.int;
description = "The VM memory count";
default = 0;
};
vm_cpu = lib.mkOption {
type = lib.types.int;
description = "The VM CPU count";
default = 1;
};
};
config = lib.mkIf cfg.enable {
microvm = {
vcpu = cfg.vm_cpu;
balloonMem = cfg.vm_mem;
volumes = [
{
mountPoint = "/var";
image = "/var/lib/microvms/${cfg.hostname}/var.img";
size = 8192;
}
imports = [
./microvm.nix
./lxc.nix
];
shares = [
{
proto = "virtiofs";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
{
proto = "virtiofs";
tag = "${cfg.hostname}-env";
source = "/var/lib/microvms/${cfg.hostname}/env";
mountPoint = "/run/secrets/${cfg.hostname}";
}
];
interfaces = [ {
type = "tap";
id = "vm-${cfg.hostname}";
mac = "${cfg.macAddr}";
} ];
hypervisor = "qemu";
socket = "control.socket";
};
systemd.network.enable = true;
systemd.network.networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = ["${cfg.vm_ip}/24"];
Gateway = "192.168.1.254";
DNS = ["192.168.1.254"];
IPv6AcceptRA = true;
DHCP = "no";
};
};
};
}

19
systems/lxc.nix Normal file
View file

@ -0,0 +1,19 @@
{ inputs, lib, config, modulesPath, ... }:
let
cfg = config.services.vm;
in
{
options.services.ct = {
enable = lib.mkEnableOption "Enable LXC container config";
};
config = lib.mkIf cfg.enable {
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
};
}

81
systems/microvm.nix Normal file
View file

@ -0,0 +1,81 @@
{ inputs, lib, config, microvm, modulesPath, ... }:
let
cfg = config.services.vm;
in
{
options.services.ct = {
enable = lib.mkEnableOption "Enable LXC container config";
};
options.services.vm = {
enable = lib.mkEnableOption "Enable NixOS microvm config";
hostname = lib.mkOption {
type = lib.types.str;
description = "The VM hostname";
};
vm_ip = lib.mkOption {
type = lib.types.str;
description = "The VM IP address";
};
macAddr = lib.mkOption {
type = lib.types.str;
description = "The VM MAC Address";
};
vm_mem = lib.mkOption {
type = lib.types.int;
description = "The VM memory count";
default = 0;
};
vm_cpu = lib.mkOption {
type = lib.types.int;
description = "The VM CPU count";
default = 1;
};
};
config = lib.mkIf cfg.enable {
microvm = {
vcpu = cfg.vm_cpu;
balloonMem = cfg.vm_mem;
volumes = [
{
mountPoint = "/var";
image = "/var/lib/microvms/${cfg.hostname}/var.img";
size = 8192;
}
];
shares = [
{
proto = "virtiofs";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
{
proto = "virtiofs";
tag = "${cfg.hostname}-env";
source = "/var/lib/microvms/${cfg.hostname}/env";
mountPoint = "/run/secrets/${cfg.hostname}";
}
];
interfaces = [ {
type = "tap";
id = "vm-${cfg.hostname}";
mac = "${cfg.macAddr}";
} ];
hypervisor = "qemu";
socket = "control.socket";
};
systemd.network.enable = true;
systemd.network.networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = ["${cfg.vm_ip}/24"];
Gateway = "192.168.1.254";
DNS = ["192.168.1.254"];
IPv6AcceptRA = true;
DHCP = "no";
};
};
};
}