From 209e5f2a8f6cfa21bbacf20d9fb94f4eae339359 Mon Sep 17 00:00:00 2001 From: baritone Date: Tue, 4 Mar 2025 16:51:18 +0100 Subject: [PATCH] vms almost working --- modules/microvm.nix | 39 ++++++++++++++++++++-- modules/networking-metal.nix | 4 +-- modules/networking-shared.nix | 3 +- services/sonarr.nix | 62 +++++++++++++++++++++++++---------- 4 files changed, 85 insertions(+), 23 deletions(-) diff --git a/modules/microvm.nix b/modules/microvm.nix index d198b14..eb47e9b 100644 --- a/modules/microvm.nix +++ b/modules/microvm.nix @@ -1,3 +1,38 @@ -{...}: { - microvm.hyprvisor = "cloud-hyprvisor"; +{ + config, + lib, + ... +}: let + attrSets = lib.lists.imap1 (i: v: { + name = v; + index = i; + }) (builtins.attrNames config.microvm.vms); +in { + config.microvm.hyprvisor = "cloud-hyprvisor"; + + systemd.network.networks = builtins.listToAttrs attrSet ({ + name, + index, + }: { + name = "30-vm${name}"; + value = { + matchConfig.Name = "vm${name}"; + address = [ + "10.0.0.0/32" + ]; + routes = [ + { + Destination = "10.0.0.${toString index}/32"; + } + ]; + networkConfig = {IPv4Forwarding = true;}; + }; + }); + + # NAT (make vms accessible in host) + networking.nat = { + enable = true; + internalIps = ["10.0.0.0/24"]; + externalInterface = "enp2s0"; + }; } diff --git a/modules/networking-metal.nix b/modules/networking-metal.nix index b472032..c5a0309 100644 --- a/modules/networking-metal.nix +++ b/modules/networking-metal.nix @@ -1,8 +1,8 @@ {...}: { networking.useDHCP = false; - networking.wakeOnLan.enable = true; - networking.enp2s0.wakeOnLan.policy = "magic"; + # networking.wakeOnLan.enable = true; + # networking.interfaces.enp2s0.wakeOnLan.policy = "magic"; networking.interfaces.enp2s0 = { ipv4.addresses = [ diff --git a/modules/networking-shared.nix b/modules/networking-shared.nix index d57c44b..780ae06 100755 --- a/modules/networking-shared.nix +++ b/modules/networking-shared.nix @@ -1,7 +1,8 @@ {hostname ? "server"}: {...}: { networking.hostName = hostname; networking.hostId = "2ead098f"; - networking.networkmanager.enable = true; + networking.networkmanager.enable = false; + networking.useNetworkd = true; networking.firewall = { enable = true; allowedTCPPorts = []; diff --git a/services/sonarr.nix b/services/sonarr.nix index d81d40c..9fb08ca 100644 --- a/services/sonarr.nix +++ b/services/sonarr.nix @@ -1,16 +1,20 @@ {lib, ...}: let host = "127.0.0.1"; port = 8989; + vm-index = 1; + vm-mac = "00:00:00:00:00:01"; in { config.microvm.autostart = ["sonarr"]; config.system.activationScripts.makeSonarrDir = lib.stringAfter ["var"] '' mkdir -p /var/lib/sonarr + chmod -R microvm /var/lib/sonarr ''; config.microvm.vms."sonarr" = { config = { system.stateVersion = "24.11"; + # Storage share configuration microvm.shares = [ { tag = "ro-store"; @@ -21,33 +25,55 @@ in { tag = "data-dir"; source = "/var/lib/sonarr"; mountPoint = "/var/lib/sonarr"; + proto = "virtiofs"; } ]; + + # VM Networking microvm.interfaces = [ { + id = "vm${toString vm-index}"; type = "tap"; - - # interface name on the host - id = "vm-sonarr"; - - # Ethernet address of the MicroVM's interface, not the host's - # - # Locally administered have one of 2/6/A/E in the second nibble. - mac = "02:00:00:00:00:01"; + mac = vm-mac; } ]; - - services.sonarr = { - enable = true; - openFirewall = true; # Hide sonarr behind firewall + networking.useNetworkd = true; + systemd.network.networks."10-eth" = { + matchConfig.MACAddress = vm-mac; + address = [ + "10.0.0.${toString vm-index}/32" + ]; + routes = [ + # Host Route + { + Destination = "10.0.0.0/32"; + GatewayOnLink = true; + } + # Default route + { + Destination = "0.0.0.0/0"; + Gateway = "10.0.0.0"; + GatewayOnLink = true; + } + ]; + networkConfig = { + DNS = [ + "9.9.9.9" + "8.8.8.8" + "8.8.4.4" + ]; + }; }; - services.nginx.virtualHosts."sonarr.spoodythe.one" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}"; - }; + # Service + services.sonarr = { + enable = true; + openFirewall = true; + }; + + # Debug user + users.users."root" = { + password = "1234"; }; }; };