diff --git a/.envrc b/.envrc index 6a92ae0..1019489 100644 --- a/.envrc +++ b/.envrc @@ -26,3 +26,5 @@ fi if rg 'TODO' -q ; then echo "There are $(rg 'TODO' | wc -l ) 'TODO'" fi + +export QEMU_NET_OPTS="hostfwd=tcp::10022-:22,hostfwd=tcp::10080-:80,hostfwd=tcp::10443-:443" diff --git a/.gitignore b/.gitignore index 121ff13..39a8227 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ results-* _* /logs mprocs.log +*.qcow2 diff --git a/base.nix b/base.nix index 07b073a..320d659 100644 --- a/base.nix +++ b/base.nix @@ -11,6 +11,17 @@ # nice to have if i just dump this flake into /etc/nixos on a clean install (ifExists ./configuration.nix ) (ifExists ./hardware-configuration.nix ) + + # TODO: move somewhere smart + { + options.virtualisation.isVmVariant = lib.mkOption { + type = lib.types.bool; + default = false; + }; + config.virtualisation.vmVariant = { + virtualisation.isVmVariant = true; + }; + } ]; nixpkgs.overlays = [ @@ -95,11 +106,24 @@ # no acme in VM mode: virtualisation.vmVariant = { - /* users.users.root.initialPassword = "root"; */ security.acme.defaults.server = "https://127.0.0.1"; security.acme.preliminarySelfsigned = true; }; + # set VM root password in VM mode + virtualisation.vmVariant = { + users.users.root.initialPassword = "root"; + }; + + # fix VM networking, disable static IPs + virtualisation.vmVariant = { + networking.interfaces = lib.mkForce {}; + networking.defaultGateway = lib.mkForce null; + networking.nameservers = lib.mkForce []; + networking.networkmanager.enable = lib.mkForce false; + networking.useDHCP = lib.mkForce true; + }; + # System fonts # Nice to have when X-forwading on headless machines fonts.fontDir.enable = true; # creates /run/current-system/sw/share/X11/fonts diff --git a/justfile b/justfile index 19c1224..9fca45a 100644 --- a/justfile +++ b/justfile @@ -39,6 +39,10 @@ build-no-remote-builders hostname="": build-vm hostname=`just _a_host`: nixos-rebuild build-vm --accept-flake-config --show-trace --flake .#"{{hostname}}" +build-vm-and-run $hostname=`just _a_host`: + @just build-vm "$hostname" + ./result/bin/run-"$hostname"-vm + test: sudo nixos-rebuild test --accept-flake-config --show-trace --flake . diff --git a/profiles/autossh-reverse-tunnels/default.nix b/profiles/autossh-reverse-tunnels/default.nix index 177a7da..a9cdb89 100644 --- a/profiles/autossh-reverse-tunnels/default.nix +++ b/profiles/autossh-reverse-tunnels/default.nix @@ -1,4 +1,7 @@ { config, pkgs, lib, ... }: + +lib.mkIf (!config.virtualisation.isVmVariant) + { # AutoSSH reverse tunnels diff --git a/profiles/domeneshop-dyndns.nix b/profiles/domeneshop-dyndns.nix index f69533c..8f39821 100644 --- a/profiles/domeneshop-dyndns.nix +++ b/profiles/domeneshop-dyndns.nix @@ -13,8 +13,8 @@ in example = [ config.networking.fqdn ]; }; }; - - config = lib.mkIf (cfg.targets != []) { + # don't run if local VM + config = lib.mkIf (cfg.targets != [] && !config.virtualisation.isVmVariant) { users.users.domeneshop.isSystemUser = true; users.users.domeneshop.group = "domeneshop"; diff --git a/profiles/http/docs/pdoc.nix b/profiles/http/docs/pdoc.nix index c14af93..dd16c6b 100644 --- a/profiles/http/docs/pdoc.nix +++ b/profiles/http/docs/pdoc.nix @@ -250,7 +250,12 @@ let ''; }; -in { +in + +# don't build if local vm +lib.mkIf (!config.virtualisation.isVmVariant) + +{ # Pdoc # Auto-generate API documentation for Python projects. diff --git a/profiles/http/services/flexget.nix b/profiles/http/services/flexget.nix index ee6f729..fc9668e 100644 --- a/profiles/http/services/flexget.nix +++ b/profiles/http/services/flexget.nix @@ -2,6 +2,10 @@ let cfg = config.services.flexget; in + +# TODO: run in VM mode if we run transmission in the same VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # Flexget diff --git a/profiles/http/services/garage/gunktrunk.nix b/profiles/http/services/garage/gunktrunk.nix index 96db4a9..fbe5ec7 100644 --- a/profiles/http/services/garage/gunktrunk.nix +++ b/profiles/http/services/garage/gunktrunk.nix @@ -4,6 +4,9 @@ let cfg = config.services.garage; in +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # gunktrunk diff --git a/profiles/http/services/jellyfin.nix b/profiles/http/services/jellyfin.nix index 35ca536..79d9e4b 100644 --- a/profiles/http/services/jellyfin.nix +++ b/profiles/http/services/jellyfin.nix @@ -1,4 +1,8 @@ { config, pkgs, lib, inputs, mkDomain, ... }: + +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # Jellyfin diff --git a/profiles/http/services/navidrome.nix b/profiles/http/services/navidrome.nix index 753483d..7517794 100644 --- a/profiles/http/services/navidrome.nix +++ b/profiles/http/services/navidrome.nix @@ -1,4 +1,8 @@ { config, pkgs, lib, mkDomain, ... }: + +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # Navidrome # Music Server and Streamer compatible with Subsonic/Airsonic diff --git a/profiles/http/services/plex.nix b/profiles/http/services/plex.nix index 1bb389b..678f7e2 100644 --- a/profiles/http/services/plex.nix +++ b/profiles/http/services/plex.nix @@ -1,4 +1,8 @@ { config, pkgs, lib, inputs, mkDomain, ... }: + +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # Plex diff --git a/profiles/http/services/polaris.nix b/profiles/http/services/polaris.nix index 6c769c4..44409d0 100644 --- a/profiles/http/services/polaris.nix +++ b/profiles/http/services/polaris.nix @@ -17,7 +17,7 @@ settings.album_art_pattern = "([Cc]over|COVER|[Ff]older|FOLDER|[Ff]ront|FRONT)\.(jpeg|JPEG|jpg|JPG|png|PNG|bmp|BMP|gif|GIF)"; #"(?i)(cover|folder|front)\.(jpeg|jpg|png|bmp|gif)"; - mount_dirs = [ + mount_dirs = lib.mkIf (!config.virtualisation.isVmVariant) [ { name = "Albums"; source = "/mnt/reidun/Music/Albums"; } { name = "dojin.co"; source = "/mnt/reidun/Music/dojin.co"; } { name = "Vocaloid"; source = "/mnt/reidun/Music/Vocaloid"; } diff --git a/profiles/http/services/resilio.nix b/profiles/http/services/resilio.nix index 33ed3db..ea3b91d 100644 --- a/profiles/http/services/resilio.nix +++ b/profiles/http/services/resilio.nix @@ -1,4 +1,8 @@ { config, pkgs, lib, mkDomain, ... }: + +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # Resilio Sync # Automatically sync files via secure, distributed technology diff --git a/profiles/mounts/freon-nfs.nix b/profiles/mounts/freon-nfs.nix index b9a3205..6d65417 100644 --- a/profiles/mounts/freon-nfs.nix +++ b/profiles/mounts/freon-nfs.nix @@ -2,6 +2,9 @@ # TODO: use tailscale if enabled +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # TODO: wireguard #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ]; diff --git a/profiles/mounts/fridge-nfs.nix b/profiles/mounts/fridge-nfs.nix index 8391598..c40a427 100644 --- a/profiles/mounts/fridge-nfs.nix +++ b/profiles/mounts/fridge-nfs.nix @@ -1,4 +1,8 @@ { config, pkgs, lib, ... }: + +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ]; diff --git a/profiles/mounts/meconium-zfs.nix b/profiles/mounts/meconium-zfs.nix index aaad15e..e43333a 100644 --- a/profiles/mounts/meconium-zfs.nix +++ b/profiles/mounts/meconium-zfs.nix @@ -4,7 +4,11 @@ imports = [ ./common-zfs.nix ]; - # non legacy-mount - systemd.services.zfs-mount.enable = true; # default - boot.zfs.extraPools = [ "Meconium" ]; # import on boot + config = lib.mkIf (!config.virtualisation.isVmVariant) { + + # non legacy-mount + systemd.services.zfs-mount.enable = true; + boot.zfs.extraPools = [ "Meconium" ]; # import on boot + + }; } diff --git a/profiles/mounts/panorama-zfs.nix b/profiles/mounts/panorama-zfs.nix index 34c5270..c4bda4f 100644 --- a/profiles/mounts/panorama-zfs.nix +++ b/profiles/mounts/panorama-zfs.nix @@ -4,15 +4,19 @@ imports = [ ./common-zfs.nix ]; - # non legacy-mount - systemd.services.zfs-mount.enable = true; # default - boot.zfs.extraPools = [ "Panorama" ]; # import on boot + config = lib.mkIf (!config.virtualisation.isVmVariant) { - # todo: tailscale nfs mount + # non legacy-mount + systemd.services.zfs-mount.enable = true; + boot.zfs.extraPools = [ "Panorama" ]; # import on boot - # TODO: zrepl pull - # https://search.nixos.org/options?channel=unstable&query=services.zrepl - # https://github.com/NixOS/infra/blob/8be4953d68ce81455787cd60e82086022855a3c2/build/haumea/zrepl.nix#L20 + # todo: tailscale nfs mount + + # TODO: zrepl pull + # https://search.nixos.org/options?channel=unstable&query=services.zrepl + # https://github.com/NixOS/infra/blob/8be4953d68ce81455787cd60e82086022855a3c2/build/haumea/zrepl.nix#L20 + + # TODO: rsync pull + snapshot? + }; - # TODO: rsync pull + snapshot? } diff --git a/profiles/mounts/reidun-nfs.nix b/profiles/mounts/reidun-nfs.nix index bab7cec..c158018 100644 --- a/profiles/mounts/reidun-nfs.nix +++ b/profiles/mounts/reidun-nfs.nix @@ -2,6 +2,9 @@ # TODO: use tailscale if enabled +# don't mount if local VM +lib.mkIf (!config.virtualisation.isVmVariant) + { # TODO: wireguard #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ]; diff --git a/profiles/tailscale-inner.nix b/profiles/tailscale-inner.nix index 27b510a..a35728b 100644 --- a/profiles/tailscale-inner.nix +++ b/profiles/tailscale-inner.nix @@ -1,4 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: + +lib.mkIf (!config.virtualisation.isVmVariant) # DERP is a relay system that Tailscale uses when a direct connection cannot be established. # https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp diff --git a/profiles/tailscale-outer.nix b/profiles/tailscale-outer.nix index 5a2f37a..0a67815 100644 --- a/profiles/tailscale-outer.nix +++ b/profiles/tailscale-outer.nix @@ -1,4 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: + +lib.mkIf (!config.virtualisation.isVmVariant) # DERP is a relay system that Tailscale uses when a direct connection cannot be established. # https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp diff --git a/profiles/vpn-pbsds/tailscale.nix b/profiles/vpn-pbsds/tailscale.nix index 7da620f..213c20d 100644 --- a/profiles/vpn-pbsds/tailscale.nix +++ b/profiles/vpn-pbsds/tailscale.nix @@ -1,8 +1,14 @@ { config, pkgs, lib, ...}: + +# THIS IS NOT USED +# see tailscale-{inner,outer}.nix instead + let cfg = config.services.tailscale; - inherit (lib) mkIf getExe; in + +lib.mkIf (!config.virtualisation.isVmVariant) + { services.tailscale.enable = true; networking.firewall.checkReversePath = "loose"; @@ -10,7 +16,7 @@ in networking.firewall.allowedUDPPorts = [ cfg.port ]; /** / - systemd.services."tailscale-autoconnect" = mkIf cfg.enable { + systemd.services."tailscale-autoconnect" = lib.mkIf cfg.enable { serviceConfig.Type = "oneshot"; after = [ "network-pre.target" "tailscale.service" ]; wants = [ "network-pre.target" "tailscale.service" ]; @@ -18,12 +24,12 @@ in script = '' sleep 60 # Wait for tailscaled to settle - status="$(${getExe cfg.package} status -json | ${getExe pkgs.jq} -r .BackendState)" + status="$(${lib.getExe cfg.package} status -json | ${lib.getExe pkgs.jq} -r .BackendState)" if [ $status = "Running" ]; then exit 0 # already authenticated fi - #${getExe cfg.package} up -authkey tskey-examplekeyhere + #${lib.getExe cfg.package} up -authkey tskey-examplekeyhere ''; }; /**/ diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix index 200e217..bae5311 100644 --- a/users/pbsds/default.nix +++ b/users/pbsds/default.nix @@ -85,8 +85,4 @@ ]; }; - #virtualisation.vmVariant = { - # users.users."pbsds".initialHashedPassword = "TODO"; - #} - }