diff options
-rw-r--r-- | accounts/gkleen@sif/libvirt/default.nix | 98 | ||||
-rw-r--r-- | flake.lock | 36 | ||||
-rw-r--r-- | flake.nix | 4 | ||||
-rw-r--r-- | hosts/sif/default.nix | 77 | ||||
-rw-r--r-- | hosts/sif/libvirt/default.nix | 2 |
5 files changed, 175 insertions, 42 deletions
diff --git a/accounts/gkleen@sif/libvirt/default.nix b/accounts/gkleen@sif/libvirt/default.nix index a5636ce2..14480d55 100644 --- a/accounts/gkleen@sif/libvirt/default.nix +++ b/accounts/gkleen@sif/libvirt/default.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { flakeInputs, lib, ... }: | 1 | { flakeInputs, lib, pkgs, ... }: |
2 | 2 | ||
3 | with lib; | 3 | with lib; |
4 | with flakeInputs.nixVirt.lib; | 4 | with flakeInputs.nixVirt.lib; |
@@ -15,7 +15,7 @@ with flakeInputs.nixVirt.lib; | |||
15 | memory = { count = 16; unit = "GiB"; }; | 15 | memory = { count = 16; unit = "GiB"; }; |
16 | storage_vol = "/home/gkleen/.local/share/libvirt/images/lmmirzm-vmrz01.qcow2"; | 16 | storage_vol = "/home/gkleen/.local/share/libvirt/images/lmmirzm-vmrz01.qcow2"; |
17 | nvram_path = "/home/gkleen/.local/share/libvirt/lmmirzm-vmrz01.nvram"; | 17 | nvram_path = "/home/gkleen/.local/share/libvirt/lmmirzm-vmrz01.nvram"; |
18 | virtio_drive = true; | 18 | virtio_drive = false; |
19 | virtio_video = false; | 19 | virtio_video = false; |
20 | install_virtio = false; | 20 | install_virtio = false; |
21 | }) { | 21 | }) { |
@@ -23,6 +23,12 @@ with flakeInputs.nixVirt.lib; | |||
23 | { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } | 23 | { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } |
24 | ]; | 24 | ]; |
25 | vcpu.count = 4; | 25 | vcpu.count = 4; |
26 | cpu = { | ||
27 | mode = "host-model"; | ||
28 | feature = [ | ||
29 | { name = "vmx"; policy = "require"; } | ||
30 | ]; | ||
31 | }; | ||
26 | os.bootmenu.enable = true; | 32 | os.bootmenu.enable = true; |
27 | devices.graphics = { | 33 | devices.graphics = { |
28 | listen.type = "address"; | 34 | listen.type = "address"; |
@@ -33,7 +39,7 @@ with flakeInputs.nixVirt.lib; | |||
33 | model.type = "e1000e"; | 39 | model.type = "e1000e"; |
34 | type = "bridge"; | 40 | type = "bridge"; |
35 | mac.address = "52:54:00:b9:f3:ed"; | 41 | mac.address = "52:54:00:b9:f3:ed"; |
36 | source.bridge = "gre-0971"; | 42 | source.bridge = "rz-0971"; |
37 | }; | 43 | }; |
38 | devices.channel = [ | 44 | devices.channel = [ |
39 | { | 45 | { |
@@ -44,6 +50,81 @@ with flakeInputs.nixVirt.lib; | |||
44 | devices.tpm.model = "tpm-tis"; | 50 | devices.tpm.model = "tpm-tis"; |
45 | }); | 51 | }); |
46 | } | 52 | } |
53 | { definition = domain.writeXML (recursiveUpdate (domain.templates.linux { | ||
54 | name = "vmrz02"; | ||
55 | uuid = "daefc4b0-c48d-4b9d-a85d-7bd56eb068d0"; | ||
56 | memory = { count = 8; unit = "GiB"; }; | ||
57 | storage_vol = "/home/gkleen/.local/share/libvirt/images/vmrz02.qcow2"; | ||
58 | virtio_video = true; | ||
59 | }) { | ||
60 | os = { | ||
61 | loader = | ||
62 | { | ||
63 | readonly = true; | ||
64 | type = "pflash"; | ||
65 | path = "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd"; | ||
66 | }; | ||
67 | nvram = | ||
68 | { | ||
69 | template = "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.ms.fd"; | ||
70 | path = "/home/gkleen/.local/share/libvirt/vmrz02.nvram"; | ||
71 | }; | ||
72 | bootmenu.enable = true; | ||
73 | }; | ||
74 | qemu-commandline.env = [ | ||
75 | { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } | ||
76 | ]; | ||
77 | vcpu.count = 4; | ||
78 | cpu = { | ||
79 | mode = "host-model"; | ||
80 | feature = [ | ||
81 | { name = "vmx"; policy = "require"; } | ||
82 | ]; | ||
83 | }; | ||
84 | devices.graphics = { | ||
85 | listen.type = "address"; | ||
86 | gl.enable = false; | ||
87 | }; | ||
88 | devices.video.model.acceleration.accel3d = false; | ||
89 | devices.interface = [ | ||
90 | { | ||
91 | model.type = "virtio"; | ||
92 | type = "bridge"; | ||
93 | mac.address = "52:54:00:ec:d8:9d"; | ||
94 | source.bridge = "rz-0971"; | ||
95 | } | ||
96 | { | ||
97 | model.type = "virtio"; | ||
98 | type = "bridge"; | ||
99 | mac.address = "52:54:00:5e:f5:38"; | ||
100 | source.bridge = "rz-2403"; | ||
101 | } | ||
102 | ]; | ||
103 | devices.channel = [ | ||
104 | { | ||
105 | type = "unix"; | ||
106 | target = { type = "virtio"; name = "org.qemu.guest_agent.0"; }; | ||
107 | } | ||
108 | { | ||
109 | type = "spicevmc"; | ||
110 | target = { type = "virtio"; name = "com.redhat.spice.0"; }; | ||
111 | } | ||
112 | { | ||
113 | type = "spiceport"; | ||
114 | target = { type = "virtio"; name = "org.spice-space.webdav.0"; }; | ||
115 | source.channel = "org.spice-space.webdav.0"; | ||
116 | } | ||
117 | ]; | ||
118 | devices.tpm = { | ||
119 | model = "tpm-tis"; | ||
120 | backend = | ||
121 | { | ||
122 | type = "emulator"; | ||
123 | version = "2.0"; | ||
124 | }; | ||
125 | }; | ||
126 | }); | ||
127 | } | ||
47 | ]; | 128 | ]; |
48 | pools = [ | 129 | pools = [ |
49 | { definition = pool.writeXML { | 130 | { definition = pool.writeXML { |
@@ -67,6 +148,17 @@ with flakeInputs.nixVirt.lib; | |||
67 | }; | 148 | }; |
68 | }; | 149 | }; |
69 | } | 150 | } |
151 | { definition = volume.writeXML { | ||
152 | type = "file"; | ||
153 | name = "vmrz02.qcow2"; | ||
154 | capacity = { count = 256; unit = "GB"; }; | ||
155 | target = { | ||
156 | path = "/home/gkleen/.local/share/libvirt/images/vmrz02.qcow2"; | ||
157 | format.type = "qcow2"; | ||
158 | features.lazy_refcounts = {}; | ||
159 | }; | ||
160 | }; | ||
161 | } | ||
70 | ]; | 162 | ]; |
71 | } | 163 | } |
72 | ]; | 164 | ]; |
@@ -431,20 +431,20 @@ | |||
431 | "inputs": { | 431 | "inputs": { |
432 | "nixpkgs": [ | 432 | "nixpkgs": [ |
433 | "nixpkgs" | 433 | "nixpkgs" |
434 | ], | 434 | ] |
435 | "nixpkgs-ovmf": "nixpkgs-ovmf" | ||
436 | }, | 435 | }, |
437 | "locked": { | 436 | "locked": { |
438 | "lastModified": 1712439808, | 437 | "lastModified": 1729962349, |
439 | "narHash": "sha256-QoONoZPBpNTw5cia05QSvDlaxXo3moKAJQOw7c5hMXA=", | 438 | "narHash": "sha256-IJXoaJ8s8nXkFjdrgg6tsytR/gEhztoTYXRRVtR5NTQ=", |
440 | "rev": "9f1cdca730d92461075709e867c1e9ad93d58a8d", | 439 | "owner": "AshleyYakeley", |
441 | "revCount": 284, | 440 | "repo": "NixVirt", |
442 | "type": "tarball", | 441 | "rev": "a95847465536bc8ebfcd677672141d79cd13ba3c", |
443 | "url": "https://api.flakehub.com/f/pinned/AshleyYakeley/NixVirt/0.5.0/018eb55e-7beb-75c5-919f-5b5b26136e06/source.tar.gz" | 442 | "type": "github" |
444 | }, | 443 | }, |
445 | "original": { | 444 | "original": { |
446 | "type": "tarball", | 445 | "owner": "AshleyYakeley", |
447 | "url": "https://flakehub.com/f/AshleyYakeley/NixVirt/%2A.tar.gz" | 446 | "repo": "NixVirt", |
447 | "type": "github" | ||
448 | } | 448 | } |
449 | }, | 449 | }, |
450 | "nixos-hardware": { | 450 | "nixos-hardware": { |
@@ -537,22 +537,6 @@ | |||
537 | "type": "github" | 537 | "type": "github" |
538 | } | 538 | } |
539 | }, | 539 | }, |
540 | "nixpkgs-ovmf": { | ||
541 | "locked": { | ||
542 | "lastModified": 1708984720, | ||
543 | "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", | ||
544 | "owner": "NixOS", | ||
545 | "repo": "nixpkgs", | ||
546 | "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", | ||
547 | "type": "github" | ||
548 | }, | ||
549 | "original": { | ||
550 | "owner": "NixOS", | ||
551 | "ref": "nixos-unstable", | ||
552 | "repo": "nixpkgs", | ||
553 | "type": "github" | ||
554 | } | ||
555 | }, | ||
556 | "nixpkgs-pgbackrest": { | 540 | "nixpkgs-pgbackrest": { |
557 | "locked": { | 541 | "locked": { |
558 | "lastModified": 1685566663, | 542 | "lastModified": 1685566663, |
@@ -180,7 +180,9 @@ | |||
180 | }; | 180 | }; |
181 | }; | 181 | }; |
182 | nixVirt = { | 182 | nixVirt = { |
183 | url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; | 183 | type = "github"; |
184 | owner = "AshleyYakeley"; | ||
185 | repo = "NixVirt"; | ||
184 | inputs.nixpkgs.follows = "nixpkgs"; | 186 | inputs.nixpkgs.follows = "nixpkgs"; |
185 | }; | 187 | }; |
186 | }; | 188 | }; |
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index a2eca749..1a2748e9 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
@@ -182,7 +182,7 @@ in { | |||
182 | netdevConfig = { | 182 | netdevConfig = { |
183 | Name = "wgrz"; | 183 | Name = "wgrz"; |
184 | Kind = "wireguard"; | 184 | Kind = "wireguard"; |
185 | MTUBytes = "1538"; | 185 | MTUBytes = "1558"; |
186 | }; | 186 | }; |
187 | wireguardConfig = { | 187 | wireguardConfig = { |
188 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv"; | 188 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv"; |
@@ -204,22 +204,50 @@ in { | |||
204 | MACAddress = "52:54:00:18:85:5b"; | 204 | MACAddress = "52:54:00:18:85:5b"; |
205 | }; | 205 | }; |
206 | }; | 206 | }; |
207 | gre-0971 = { | 207 | rz-gre-1 = { |
208 | netdevConfig = { | 208 | netdevConfig = { |
209 | Name = "gre-0971"; | 209 | Name = "rz-gre-1"; |
210 | Kind = "bridge"; | 210 | Kind = "gretap"; |
211 | MTUBytes = "1520"; | ||
212 | }; | ||
213 | tunnelConfig = { | ||
214 | Local = "10.200.116.128"; | ||
215 | Remote = "10.200.116.1"; | ||
216 | Independent = true; | ||
217 | }; | ||
218 | }; | ||
219 | rz-gre-1-0971 = { | ||
220 | netdevConfig = { | ||
221 | Name = "rz-gre-1-0971"; | ||
222 | Kind = "vlan"; | ||
211 | MTUBytes = "1500"; | 223 | MTUBytes = "1500"; |
212 | }; | 224 | }; |
225 | vlanConfig = { | ||
226 | Id = 971; | ||
227 | }; | ||
213 | }; | 228 | }; |
214 | gre-0971-1 = { | 229 | rz-gre-1-2403 = { |
215 | netdevConfig = { | 230 | netdevConfig = { |
216 | Name = "gre-0971-1"; | 231 | Name = "rz-gre-1-2403"; |
217 | Kind = "gretap"; | 232 | Kind = "vlan"; |
218 | MTUBytes = "1500"; | 233 | MTUBytes = "1500"; |
219 | }; | 234 | }; |
220 | tunnelConfig = { | 235 | vlanConfig = { |
221 | Local = "10.116.200.128"; | 236 | Id = 2403; |
222 | Remote = "10.116.200.1"; | 237 | }; |
238 | }; | ||
239 | rz-0971 = { | ||
240 | netdevConfig = { | ||
241 | Name = "rz-0971"; | ||
242 | Kind = "bridge"; | ||
243 | MTUBytes = "1500"; | ||
244 | }; | ||
245 | }; | ||
246 | rz-2403 = { | ||
247 | netdevConfig = { | ||
248 | Name = "rz-2403"; | ||
249 | Kind = "bridge"; | ||
250 | MTUBytes = "1500"; | ||
223 | }; | 251 | }; |
224 | }; | 252 | }; |
225 | }; | 253 | }; |
@@ -265,7 +293,7 @@ in { | |||
265 | LLMNR = false; | 293 | LLMNR = false; |
266 | MulticastDNS = false; | 294 | MulticastDNS = false; |
267 | DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"]; | 295 | DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"]; |
268 | Tunnel = "gre-0971-1"; | 296 | # Tunnel = "rz-gre-1"; |
269 | }; | 297 | }; |
270 | }; | 298 | }; |
271 | virbr0 = { | 299 | virbr0 = { |
@@ -280,6 +308,33 @@ in { | |||
280 | MulticastDNS = false; | 308 | MulticastDNS = false; |
281 | }; | 309 | }; |
282 | }; | 310 | }; |
311 | rz-gre-1 = { | ||
312 | name = "rz-gre-1"; | ||
313 | matchConfig = { | ||
314 | Name = "rz-gre-1"; | ||
315 | }; | ||
316 | networkConfig = { | ||
317 | VLAN = [ "rz-gre-1-0971" "rz-gre-1-2403" ]; | ||
318 | }; | ||
319 | }; | ||
320 | rz-gre-1-0971 = { | ||
321 | name = "rz-gre-1-0971"; | ||
322 | matchConfig = { | ||
323 | Name = "rz-gre-1-0971"; | ||
324 | }; | ||
325 | networkConfig = { | ||
326 | Bridge = "rz-0971"; | ||
327 | }; | ||
328 | }; | ||
329 | rz-gre-1-2403 = { | ||
330 | name = "rz-gre-1-2403"; | ||
331 | matchConfig = { | ||
332 | Name = "rz-gre-1-2403"; | ||
333 | }; | ||
334 | networkConfig = { | ||
335 | Bridge = "rz-2403"; | ||
336 | }; | ||
337 | }; | ||
283 | }; | 338 | }; |
284 | config.routeTables.wgrz = 1025; | 339 | config.routeTables.wgrz = 1025; |
285 | }; | 340 | }; |
diff --git a/hosts/sif/libvirt/default.nix b/hosts/sif/libvirt/default.nix index b42fa8fc..d0be7dff 100644 --- a/hosts/sif/libvirt/default.nix +++ b/hosts/sif/libvirt/default.nix | |||
@@ -6,7 +6,7 @@ with flakeInputs.nixVirt.lib; | |||
6 | config = { | 6 | config = { |
7 | virtualisation.libvirtd = { | 7 | virtualisation.libvirtd = { |
8 | qemu.swtpm.enable = true; | 8 | qemu.swtpm.enable = true; |
9 | allowedBridges = ["virbr0" "gre-0971"]; | 9 | allowedBridges = ["virbr0" "rz-0971" "rz-2403"]; |
10 | }; | 10 | }; |
11 | virtualisation.libvirt = { | 11 | virtualisation.libvirt = { |
12 | enable = true; | 12 | enable = true; |