diff options
| -rw-r--r-- | accounts/gkleen@sif/libvirt/default.nix | 98 | ||||
| -rw-r--r-- | flake.lock | 36 | ||||
| -rw-r--r-- | flake.nix | 4 | ||||
| -rw-r--r-- | hosts/sif/default.nix | 77 | ||||
| -rw-r--r-- | hosts/sif/libvirt/default.nix | 2 | 
5 files changed, 175 insertions, 42 deletions
| diff --git a/accounts/gkleen@sif/libvirt/default.nix b/accounts/gkleen@sif/libvirt/default.nix index a5636ce2..14480d55 100644 --- a/accounts/gkleen@sif/libvirt/default.nix +++ b/accounts/gkleen@sif/libvirt/default.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { flakeInputs, lib, ... }: | 1 | { flakeInputs, lib, pkgs, ... }: | 
| 2 | 2 | ||
| 3 | with lib; | 3 | with lib; | 
| 4 | with flakeInputs.nixVirt.lib; | 4 | with flakeInputs.nixVirt.lib; | 
| @@ -15,7 +15,7 @@ with flakeInputs.nixVirt.lib; | |||
| 15 | memory = { count = 16; unit = "GiB"; }; | 15 | memory = { count = 16; unit = "GiB"; }; | 
| 16 | storage_vol = "/home/gkleen/.local/share/libvirt/images/lmmirzm-vmrz01.qcow2"; | 16 | storage_vol = "/home/gkleen/.local/share/libvirt/images/lmmirzm-vmrz01.qcow2"; | 
| 17 | nvram_path = "/home/gkleen/.local/share/libvirt/lmmirzm-vmrz01.nvram"; | 17 | nvram_path = "/home/gkleen/.local/share/libvirt/lmmirzm-vmrz01.nvram"; | 
| 18 | virtio_drive = true; | 18 | virtio_drive = false; | 
| 19 | virtio_video = false; | 19 | virtio_video = false; | 
| 20 | install_virtio = false; | 20 | install_virtio = false; | 
| 21 | }) { | 21 | }) { | 
| @@ -23,6 +23,12 @@ with flakeInputs.nixVirt.lib; | |||
| 23 | { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } | 23 | { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } | 
| 24 | ]; | 24 | ]; | 
| 25 | vcpu.count = 4; | 25 | vcpu.count = 4; | 
| 26 | cpu = { | ||
| 27 | mode = "host-model"; | ||
| 28 | feature = [ | ||
| 29 | { name = "vmx"; policy = "require"; } | ||
| 30 | ]; | ||
| 31 | }; | ||
| 26 | os.bootmenu.enable = true; | 32 | os.bootmenu.enable = true; | 
| 27 | devices.graphics = { | 33 | devices.graphics = { | 
| 28 | listen.type = "address"; | 34 | listen.type = "address"; | 
| @@ -33,7 +39,7 @@ with flakeInputs.nixVirt.lib; | |||
| 33 | model.type = "e1000e"; | 39 | model.type = "e1000e"; | 
| 34 | type = "bridge"; | 40 | type = "bridge"; | 
| 35 | mac.address = "52:54:00:b9:f3:ed"; | 41 | mac.address = "52:54:00:b9:f3:ed"; | 
| 36 | source.bridge = "gre-0971"; | 42 | source.bridge = "rz-0971"; | 
| 37 | }; | 43 | }; | 
| 38 | devices.channel = [ | 44 | devices.channel = [ | 
| 39 | { | 45 | { | 
| @@ -44,6 +50,81 @@ with flakeInputs.nixVirt.lib; | |||
| 44 | devices.tpm.model = "tpm-tis"; | 50 | devices.tpm.model = "tpm-tis"; | 
| 45 | }); | 51 | }); | 
| 46 | } | 52 | } | 
| 53 | { definition = domain.writeXML (recursiveUpdate (domain.templates.linux { | ||
| 54 | name = "vmrz02"; | ||
| 55 | uuid = "daefc4b0-c48d-4b9d-a85d-7bd56eb068d0"; | ||
| 56 | memory = { count = 8; unit = "GiB"; }; | ||
| 57 | storage_vol = "/home/gkleen/.local/share/libvirt/images/vmrz02.qcow2"; | ||
| 58 | virtio_video = true; | ||
| 59 | }) { | ||
| 60 | os = { | ||
| 61 | loader = | ||
| 62 | { | ||
| 63 | readonly = true; | ||
| 64 | type = "pflash"; | ||
| 65 | path = "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd"; | ||
| 66 | }; | ||
| 67 | nvram = | ||
| 68 | { | ||
| 69 | template = "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.ms.fd"; | ||
| 70 | path = "/home/gkleen/.local/share/libvirt/vmrz02.nvram"; | ||
| 71 | }; | ||
| 72 | bootmenu.enable = true; | ||
| 73 | }; | ||
| 74 | qemu-commandline.env = [ | ||
| 75 | { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } | ||
| 76 | ]; | ||
| 77 | vcpu.count = 4; | ||
| 78 | cpu = { | ||
| 79 | mode = "host-model"; | ||
| 80 | feature = [ | ||
| 81 | { name = "vmx"; policy = "require"; } | ||
| 82 | ]; | ||
| 83 | }; | ||
| 84 | devices.graphics = { | ||
| 85 | listen.type = "address"; | ||
| 86 | gl.enable = false; | ||
| 87 | }; | ||
| 88 | devices.video.model.acceleration.accel3d = false; | ||
| 89 | devices.interface = [ | ||
| 90 | { | ||
| 91 | model.type = "virtio"; | ||
| 92 | type = "bridge"; | ||
| 93 | mac.address = "52:54:00:ec:d8:9d"; | ||
| 94 | source.bridge = "rz-0971"; | ||
| 95 | } | ||
| 96 | { | ||
| 97 | model.type = "virtio"; | ||
| 98 | type = "bridge"; | ||
| 99 | mac.address = "52:54:00:5e:f5:38"; | ||
| 100 | source.bridge = "rz-2403"; | ||
| 101 | } | ||
| 102 | ]; | ||
| 103 | devices.channel = [ | ||
| 104 | { | ||
| 105 | type = "unix"; | ||
| 106 | target = { type = "virtio"; name = "org.qemu.guest_agent.0"; }; | ||
| 107 | } | ||
| 108 | { | ||
| 109 | type = "spicevmc"; | ||
| 110 | target = { type = "virtio"; name = "com.redhat.spice.0"; }; | ||
| 111 | } | ||
| 112 | { | ||
| 113 | type = "spiceport"; | ||
| 114 | target = { type = "virtio"; name = "org.spice-space.webdav.0"; }; | ||
| 115 | source.channel = "org.spice-space.webdav.0"; | ||
| 116 | } | ||
| 117 | ]; | ||
| 118 | devices.tpm = { | ||
| 119 | model = "tpm-tis"; | ||
| 120 | backend = | ||
| 121 | { | ||
| 122 | type = "emulator"; | ||
| 123 | version = "2.0"; | ||
| 124 | }; | ||
| 125 | }; | ||
| 126 | }); | ||
| 127 | } | ||
| 47 | ]; | 128 | ]; | 
| 48 | pools = [ | 129 | pools = [ | 
| 49 | { definition = pool.writeXML { | 130 | { definition = pool.writeXML { | 
| @@ -67,6 +148,17 @@ with flakeInputs.nixVirt.lib; | |||
| 67 | }; | 148 | }; | 
| 68 | }; | 149 | }; | 
| 69 | } | 150 | } | 
| 151 | { definition = volume.writeXML { | ||
| 152 | type = "file"; | ||
| 153 | name = "vmrz02.qcow2"; | ||
| 154 | capacity = { count = 256; unit = "GB"; }; | ||
| 155 | target = { | ||
| 156 | path = "/home/gkleen/.local/share/libvirt/images/vmrz02.qcow2"; | ||
| 157 | format.type = "qcow2"; | ||
| 158 | features.lazy_refcounts = {}; | ||
| 159 | }; | ||
| 160 | }; | ||
| 161 | } | ||
| 70 | ]; | 162 | ]; | 
| 71 | } | 163 | } | 
| 72 | ]; | 164 | ]; | 
| @@ -431,20 +431,20 @@ | |||
| 431 | "inputs": { | 431 | "inputs": { | 
| 432 | "nixpkgs": [ | 432 | "nixpkgs": [ | 
| 433 | "nixpkgs" | 433 | "nixpkgs" | 
| 434 | ], | 434 | ] | 
| 435 | "nixpkgs-ovmf": "nixpkgs-ovmf" | ||
| 436 | }, | 435 | }, | 
| 437 | "locked": { | 436 | "locked": { | 
| 438 | "lastModified": 1712439808, | 437 | "lastModified": 1729962349, | 
| 439 | "narHash": "sha256-QoONoZPBpNTw5cia05QSvDlaxXo3moKAJQOw7c5hMXA=", | 438 | "narHash": "sha256-IJXoaJ8s8nXkFjdrgg6tsytR/gEhztoTYXRRVtR5NTQ=", | 
| 440 | "rev": "9f1cdca730d92461075709e867c1e9ad93d58a8d", | 439 | "owner": "AshleyYakeley", | 
| 441 | "revCount": 284, | 440 | "repo": "NixVirt", | 
| 442 | "type": "tarball", | 441 | "rev": "a95847465536bc8ebfcd677672141d79cd13ba3c", | 
| 443 | "url": "https://api.flakehub.com/f/pinned/AshleyYakeley/NixVirt/0.5.0/018eb55e-7beb-75c5-919f-5b5b26136e06/source.tar.gz" | 442 | "type": "github" | 
| 444 | }, | 443 | }, | 
| 445 | "original": { | 444 | "original": { | 
| 446 | "type": "tarball", | 445 | "owner": "AshleyYakeley", | 
| 447 | "url": "https://flakehub.com/f/AshleyYakeley/NixVirt/%2A.tar.gz" | 446 | "repo": "NixVirt", | 
| 447 | "type": "github" | ||
| 448 | } | 448 | } | 
| 449 | }, | 449 | }, | 
| 450 | "nixos-hardware": { | 450 | "nixos-hardware": { | 
| @@ -537,22 +537,6 @@ | |||
| 537 | "type": "github" | 537 | "type": "github" | 
| 538 | } | 538 | } | 
| 539 | }, | 539 | }, | 
| 540 | "nixpkgs-ovmf": { | ||
| 541 | "locked": { | ||
| 542 | "lastModified": 1708984720, | ||
| 543 | "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", | ||
| 544 | "owner": "NixOS", | ||
| 545 | "repo": "nixpkgs", | ||
| 546 | "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", | ||
| 547 | "type": "github" | ||
| 548 | }, | ||
| 549 | "original": { | ||
| 550 | "owner": "NixOS", | ||
| 551 | "ref": "nixos-unstable", | ||
| 552 | "repo": "nixpkgs", | ||
| 553 | "type": "github" | ||
| 554 | } | ||
| 555 | }, | ||
| 556 | "nixpkgs-pgbackrest": { | 540 | "nixpkgs-pgbackrest": { | 
| 557 | "locked": { | 541 | "locked": { | 
| 558 | "lastModified": 1685566663, | 542 | "lastModified": 1685566663, | 
| @@ -180,7 +180,9 @@ | |||
| 180 | }; | 180 | }; | 
| 181 | }; | 181 | }; | 
| 182 | nixVirt = { | 182 | nixVirt = { | 
| 183 | url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; | 183 | type = "github"; | 
| 184 | owner = "AshleyYakeley"; | ||
| 185 | repo = "NixVirt"; | ||
| 184 | inputs.nixpkgs.follows = "nixpkgs"; | 186 | inputs.nixpkgs.follows = "nixpkgs"; | 
| 185 | }; | 187 | }; | 
| 186 | }; | 188 | }; | 
| diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index a2eca749..1a2748e9 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -182,7 +182,7 @@ in { | |||
| 182 | netdevConfig = { | 182 | netdevConfig = { | 
| 183 | Name = "wgrz"; | 183 | Name = "wgrz"; | 
| 184 | Kind = "wireguard"; | 184 | Kind = "wireguard"; | 
| 185 | MTUBytes = "1538"; | 185 | MTUBytes = "1558"; | 
| 186 | }; | 186 | }; | 
| 187 | wireguardConfig = { | 187 | wireguardConfig = { | 
| 188 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv"; | 188 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv"; | 
| @@ -204,22 +204,50 @@ in { | |||
| 204 | MACAddress = "52:54:00:18:85:5b"; | 204 | MACAddress = "52:54:00:18:85:5b"; | 
| 205 | }; | 205 | }; | 
| 206 | }; | 206 | }; | 
| 207 | gre-0971 = { | 207 | rz-gre-1 = { | 
| 208 | netdevConfig = { | 208 | netdevConfig = { | 
| 209 | Name = "gre-0971"; | 209 | Name = "rz-gre-1"; | 
| 210 | Kind = "bridge"; | 210 | Kind = "gretap"; | 
| 211 | MTUBytes = "1520"; | ||
| 212 | }; | ||
| 213 | tunnelConfig = { | ||
| 214 | Local = "10.200.116.128"; | ||
| 215 | Remote = "10.200.116.1"; | ||
| 216 | Independent = true; | ||
| 217 | }; | ||
| 218 | }; | ||
| 219 | rz-gre-1-0971 = { | ||
| 220 | netdevConfig = { | ||
| 221 | Name = "rz-gre-1-0971"; | ||
| 222 | Kind = "vlan"; | ||
| 211 | MTUBytes = "1500"; | 223 | MTUBytes = "1500"; | 
| 212 | }; | 224 | }; | 
| 225 | vlanConfig = { | ||
| 226 | Id = 971; | ||
| 227 | }; | ||
| 213 | }; | 228 | }; | 
| 214 | gre-0971-1 = { | 229 | rz-gre-1-2403 = { | 
| 215 | netdevConfig = { | 230 | netdevConfig = { | 
| 216 | Name = "gre-0971-1"; | 231 | Name = "rz-gre-1-2403"; | 
| 217 | Kind = "gretap"; | 232 | Kind = "vlan"; | 
| 218 | MTUBytes = "1500"; | 233 | MTUBytes = "1500"; | 
| 219 | }; | 234 | }; | 
| 220 | tunnelConfig = { | 235 | vlanConfig = { | 
| 221 | Local = "10.116.200.128"; | 236 | Id = 2403; | 
| 222 | Remote = "10.116.200.1"; | 237 | }; | 
| 238 | }; | ||
| 239 | rz-0971 = { | ||
| 240 | netdevConfig = { | ||
| 241 | Name = "rz-0971"; | ||
| 242 | Kind = "bridge"; | ||
| 243 | MTUBytes = "1500"; | ||
| 244 | }; | ||
| 245 | }; | ||
| 246 | rz-2403 = { | ||
| 247 | netdevConfig = { | ||
| 248 | Name = "rz-2403"; | ||
| 249 | Kind = "bridge"; | ||
| 250 | MTUBytes = "1500"; | ||
| 223 | }; | 251 | }; | 
| 224 | }; | 252 | }; | 
| 225 | }; | 253 | }; | 
| @@ -265,7 +293,7 @@ in { | |||
| 265 | LLMNR = false; | 293 | LLMNR = false; | 
| 266 | MulticastDNS = false; | 294 | MulticastDNS = false; | 
| 267 | DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"]; | 295 | DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"]; | 
| 268 | Tunnel = "gre-0971-1"; | 296 | # Tunnel = "rz-gre-1"; | 
| 269 | }; | 297 | }; | 
| 270 | }; | 298 | }; | 
| 271 | virbr0 = { | 299 | virbr0 = { | 
| @@ -280,6 +308,33 @@ in { | |||
| 280 | MulticastDNS = false; | 308 | MulticastDNS = false; | 
| 281 | }; | 309 | }; | 
| 282 | }; | 310 | }; | 
| 311 | rz-gre-1 = { | ||
| 312 | name = "rz-gre-1"; | ||
| 313 | matchConfig = { | ||
| 314 | Name = "rz-gre-1"; | ||
| 315 | }; | ||
| 316 | networkConfig = { | ||
| 317 | VLAN = [ "rz-gre-1-0971" "rz-gre-1-2403" ]; | ||
| 318 | }; | ||
| 319 | }; | ||
| 320 | rz-gre-1-0971 = { | ||
| 321 | name = "rz-gre-1-0971"; | ||
| 322 | matchConfig = { | ||
| 323 | Name = "rz-gre-1-0971"; | ||
| 324 | }; | ||
| 325 | networkConfig = { | ||
| 326 | Bridge = "rz-0971"; | ||
| 327 | }; | ||
| 328 | }; | ||
| 329 | rz-gre-1-2403 = { | ||
| 330 | name = "rz-gre-1-2403"; | ||
| 331 | matchConfig = { | ||
| 332 | Name = "rz-gre-1-2403"; | ||
| 333 | }; | ||
| 334 | networkConfig = { | ||
| 335 | Bridge = "rz-2403"; | ||
| 336 | }; | ||
| 337 | }; | ||
| 283 | }; | 338 | }; | 
| 284 | config.routeTables.wgrz = 1025; | 339 | config.routeTables.wgrz = 1025; | 
| 285 | }; | 340 | }; | 
| diff --git a/hosts/sif/libvirt/default.nix b/hosts/sif/libvirt/default.nix index b42fa8fc..d0be7dff 100644 --- a/hosts/sif/libvirt/default.nix +++ b/hosts/sif/libvirt/default.nix | |||
| @@ -6,7 +6,7 @@ with flakeInputs.nixVirt.lib; | |||
| 6 | config = { | 6 | config = { | 
| 7 | virtualisation.libvirtd = { | 7 | virtualisation.libvirtd = { | 
| 8 | qemu.swtpm.enable = true; | 8 | qemu.swtpm.enable = true; | 
| 9 | allowedBridges = ["virbr0" "gre-0971"]; | 9 | allowedBridges = ["virbr0" "rz-0971" "rz-2403"]; | 
| 10 | }; | 10 | }; | 
| 11 | virtualisation.libvirt = { | 11 | virtualisation.libvirt = { | 
| 12 | enable = true; | 12 | enable = true; | 
