From 25b28a4ff56c0fc9561b559ad3c2c0b76cc0d4cf Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 18 Nov 2024 20:59:28 +0100 Subject: ... --- accounts/gkleen@sif/libvirt/default.nix | 98 ++++++++++++++++++++++++++++++++- flake.lock | 36 ++++-------- flake.nix | 4 +- hosts/sif/default.nix | 77 ++++++++++++++++++++++---- hosts/sif/libvirt/default.nix | 2 +- 5 files changed, 175 insertions(+), 42 deletions(-) diff --git a/accounts/gkleen@sif/libvirt/default.nix b/accounts/gkleen@sif/libvirt/default.nix index a5636ce2..14480d55 100644 --- a/accounts/gkleen@sif/libvirt/default.nix +++ b/accounts/gkleen@sif/libvirt/default.nix @@ -1,4 +1,4 @@ -{ flakeInputs, lib, ... }: +{ flakeInputs, lib, pkgs, ... }: with lib; with flakeInputs.nixVirt.lib; @@ -15,7 +15,7 @@ with flakeInputs.nixVirt.lib; memory = { count = 16; unit = "GiB"; }; storage_vol = "/home/gkleen/.local/share/libvirt/images/lmmirzm-vmrz01.qcow2"; nvram_path = "/home/gkleen/.local/share/libvirt/lmmirzm-vmrz01.nvram"; - virtio_drive = true; + virtio_drive = false; virtio_video = false; install_virtio = false; }) { @@ -23,6 +23,12 @@ with flakeInputs.nixVirt.lib; { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } ]; vcpu.count = 4; + cpu = { + mode = "host-model"; + feature = [ + { name = "vmx"; policy = "require"; } + ]; + }; os.bootmenu.enable = true; devices.graphics = { listen.type = "address"; @@ -33,7 +39,7 @@ with flakeInputs.nixVirt.lib; model.type = "e1000e"; type = "bridge"; mac.address = "52:54:00:b9:f3:ed"; - source.bridge = "gre-0971"; + source.bridge = "rz-0971"; }; devices.channel = [ { @@ -44,6 +50,81 @@ with flakeInputs.nixVirt.lib; devices.tpm.model = "tpm-tis"; }); } + { definition = domain.writeXML (recursiveUpdate (domain.templates.linux { + name = "vmrz02"; + uuid = "daefc4b0-c48d-4b9d-a85d-7bd56eb068d0"; + memory = { count = 8; unit = "GiB"; }; + storage_vol = "/home/gkleen/.local/share/libvirt/images/vmrz02.qcow2"; + virtio_video = true; + }) { + os = { + loader = + { + readonly = true; + type = "pflash"; + path = "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd"; + }; + nvram = + { + template = "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.ms.fd"; + path = "/home/gkleen/.local/share/libvirt/vmrz02.nvram"; + }; + bootmenu.enable = true; + }; + qemu-commandline.env = [ + { name = "SPICE_DEBUG_ALLOW_MC"; value = "1"; } + ]; + vcpu.count = 4; + cpu = { + mode = "host-model"; + feature = [ + { name = "vmx"; policy = "require"; } + ]; + }; + devices.graphics = { + listen.type = "address"; + gl.enable = false; + }; + devices.video.model.acceleration.accel3d = false; + devices.interface = [ + { + model.type = "virtio"; + type = "bridge"; + mac.address = "52:54:00:ec:d8:9d"; + source.bridge = "rz-0971"; + } + { + model.type = "virtio"; + type = "bridge"; + mac.address = "52:54:00:5e:f5:38"; + source.bridge = "rz-2403"; + } + ]; + devices.channel = [ + { + type = "unix"; + target = { type = "virtio"; name = "org.qemu.guest_agent.0"; }; + } + { + type = "spicevmc"; + target = { type = "virtio"; name = "com.redhat.spice.0"; }; + } + { + type = "spiceport"; + target = { type = "virtio"; name = "org.spice-space.webdav.0"; }; + source.channel = "org.spice-space.webdav.0"; + } + ]; + devices.tpm = { + model = "tpm-tis"; + backend = + { + type = "emulator"; + version = "2.0"; + }; + }; + }); + } ]; pools = [ { definition = pool.writeXML { @@ -67,6 +148,17 @@ with flakeInputs.nixVirt.lib; }; }; } + { definition = volume.writeXML { + type = "file"; + name = "vmrz02.qcow2"; + capacity = { count = 256; unit = "GB"; }; + target = { + path = "/home/gkleen/.local/share/libvirt/images/vmrz02.qcow2"; + format.type = "qcow2"; + features.lazy_refcounts = {}; + }; + }; + } ]; } ]; diff --git a/flake.lock b/flake.lock index 2bef2351..02fd0911 100644 --- a/flake.lock +++ b/flake.lock @@ -431,20 +431,20 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-ovmf": "nixpkgs-ovmf" + ] }, "locked": { - "lastModified": 1712439808, - "narHash": "sha256-QoONoZPBpNTw5cia05QSvDlaxXo3moKAJQOw7c5hMXA=", - "rev": "9f1cdca730d92461075709e867c1e9ad93d58a8d", - "revCount": 284, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/AshleyYakeley/NixVirt/0.5.0/018eb55e-7beb-75c5-919f-5b5b26136e06/source.tar.gz" + "lastModified": 1729962349, + "narHash": "sha256-IJXoaJ8s8nXkFjdrgg6tsytR/gEhztoTYXRRVtR5NTQ=", + "owner": "AshleyYakeley", + "repo": "NixVirt", + "rev": "a95847465536bc8ebfcd677672141d79cd13ba3c", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/AshleyYakeley/NixVirt/%2A.tar.gz" + "owner": "AshleyYakeley", + "repo": "NixVirt", + "type": "github" } }, "nixos-hardware": { @@ -537,22 +537,6 @@ "type": "github" } }, - "nixpkgs-ovmf": { - "locked": { - "lastModified": 1708984720, - "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-pgbackrest": { "locked": { "lastModified": 1685566663, diff --git a/flake.nix b/flake.nix index fc60e599..b13bb021 100644 --- a/flake.nix +++ b/flake.nix @@ -180,7 +180,9 @@ }; }; nixVirt = { - url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + type = "github"; + owner = "AshleyYakeley"; + repo = "NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; }; }; diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index a2eca749..1a2748e9 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -182,7 +182,7 @@ in { netdevConfig = { Name = "wgrz"; Kind = "wireguard"; - MTUBytes = "1538"; + MTUBytes = "1558"; }; wireguardConfig = { PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv"; @@ -204,22 +204,50 @@ in { MACAddress = "52:54:00:18:85:5b"; }; }; - gre-0971 = { + rz-gre-1 = { netdevConfig = { - Name = "gre-0971"; - Kind = "bridge"; + Name = "rz-gre-1"; + Kind = "gretap"; + MTUBytes = "1520"; + }; + tunnelConfig = { + Local = "10.200.116.128"; + Remote = "10.200.116.1"; + Independent = true; + }; + }; + rz-gre-1-0971 = { + netdevConfig = { + Name = "rz-gre-1-0971"; + Kind = "vlan"; MTUBytes = "1500"; }; + vlanConfig = { + Id = 971; + }; }; - gre-0971-1 = { + rz-gre-1-2403 = { netdevConfig = { - Name = "gre-0971-1"; - Kind = "gretap"; + Name = "rz-gre-1-2403"; + Kind = "vlan"; MTUBytes = "1500"; }; - tunnelConfig = { - Local = "10.116.200.128"; - Remote = "10.116.200.1"; + vlanConfig = { + Id = 2403; + }; + }; + rz-0971 = { + netdevConfig = { + Name = "rz-0971"; + Kind = "bridge"; + MTUBytes = "1500"; + }; + }; + rz-2403 = { + netdevConfig = { + Name = "rz-2403"; + Kind = "bridge"; + MTUBytes = "1500"; }; }; }; @@ -265,7 +293,7 @@ in { LLMNR = false; MulticastDNS = false; DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"]; - Tunnel = "gre-0971-1"; + # Tunnel = "rz-gre-1"; }; }; virbr0 = { @@ -280,6 +308,33 @@ in { MulticastDNS = false; }; }; + rz-gre-1 = { + name = "rz-gre-1"; + matchConfig = { + Name = "rz-gre-1"; + }; + networkConfig = { + VLAN = [ "rz-gre-1-0971" "rz-gre-1-2403" ]; + }; + }; + rz-gre-1-0971 = { + name = "rz-gre-1-0971"; + matchConfig = { + Name = "rz-gre-1-0971"; + }; + networkConfig = { + Bridge = "rz-0971"; + }; + }; + rz-gre-1-2403 = { + name = "rz-gre-1-2403"; + matchConfig = { + Name = "rz-gre-1-2403"; + }; + networkConfig = { + Bridge = "rz-2403"; + }; + }; }; config.routeTables.wgrz = 1025; }; diff --git a/hosts/sif/libvirt/default.nix b/hosts/sif/libvirt/default.nix index b42fa8fc..d0be7dff 100644 --- a/hosts/sif/libvirt/default.nix +++ b/hosts/sif/libvirt/default.nix @@ -6,7 +6,7 @@ with flakeInputs.nixVirt.lib; config = { virtualisation.libvirtd = { qemu.swtpm.enable = true; - allowedBridges = ["virbr0" "gre-0971"]; + allowedBridges = ["virbr0" "rz-0971" "rz-2403"]; }; virtualisation.libvirt = { enable = true; -- cgit v1.2.3