From 8c1eeab7497252d34d1e124e9273f1c02dff3d9a Mon Sep 17 00:00:00 2001 From: xtrm Date: Tue, 4 Mar 2025 19:51:09 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20wip:=20progress=20on=20p1=20+=20?= =?UTF-8?q?changed=20provider=20to=20virtualbox?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xtrm --- .envrc | 1 + .gitignore | 1 + flake.nix | 5 ++++- p1/Vagrantfile | 44 ++++++++++++++++++++++++++++++++++++++++++++ shell.nix | 5 +++++ vm/configuration.nix | 29 ++++++++++++++++++++++++++++- vm/flake.nix | 36 +++++++++++++++++++++++++----------- 7 files changed, 108 insertions(+), 13 deletions(-) create mode 100644 p1/Vagrantfile diff --git a/.envrc b/.envrc index 3550a30..2e59796 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,2 @@ use flake +watch_file shell.nix diff --git a/.gitignore b/.gitignore index 9b42106..eff4b4c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .direnv/ +.vagrant/ diff --git a/flake.nix b/flake.nix index 7b15aad..39b8470 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,10 @@ devShells = forAllSystems ( system: let - pkgs = import nixpkgs { inherit system; }; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; in { default = (import ./shell.nix) { inherit pkgs; }; diff --git a/p1/Vagrantfile b/p1/Vagrantfile new file mode 100644 index 0000000..7488b53 --- /dev/null +++ b/p1/Vagrantfile @@ -0,0 +1,44 @@ +# -*- mode: ruby -*- +# +# vi: set ft=ruby : + +def environ(key, default) + ENV[key] || default +end + +IOT_LOGIN = environ("IOT_LOGIN", "kiroussa") +IOT_PROVIDER = environ("IOT_PROVIDER", "virtualbox") +XDG_RUNTIME_DIR = environ("XDG_RUNTIME_DIR", "unknown") +if XDG_RUNTIME_DIR == "unknown" + raise "XDG_RUNTIME_DIR is not set" +end + +# Here are the expected specifications: +# • The machine names must be the login of someone of your team. The hostname +# of the first machine must be followed by the capital letter S (like Server). The +# hostname of the second machine must be followed by SW (like ServerWorker). +# • Have a dedicated IP on the eth1 interface. The IP of the first machine (Server) +# will be 192.168.56.110, and the IP of the second machine (ServerWorker) will be +# 192.168.56.111. +# • Be able to connect with SSH on both machines with no password. + +Vagrant.configure("2") do |config| + config.vagrant.plugins = [] + + config.vm.network "private_network", ip: "192.168.56.100" + config.vm.box = "debian/jessie64" + config.vm.provider "#{IOT_PROVIDER}" do |provider| + provider.cpus = 1 + provider.memory = 1024 + end + + config.vm.define "#{IOT_LOGIN}S" do |server| + server.vm.hostname = "#{IOT_LOGIN}S" + server.vm.network "private_network", ip: "192.168.56.110" + end + + config.vm.define "#{IOT_LOGIN}SW" do |serverworker| + serverworker.vm.hostname = "#{IOT_LOGIN}SW" + serverworker.vm.network "private_network", ip: "192.168.56.111" + end +end diff --git a/shell.nix b/shell.nix index daf6226..8db9779 100644 --- a/shell.nix +++ b/shell.nix @@ -4,6 +4,11 @@ pkgs.mkShell { nativeBuildInputs = with pkgs; [ + # Tools + vagrant + kubectl + + # Virtual Machine nixos-generators ]; } diff --git a/vm/configuration.nix b/vm/configuration.nix index 4afa1ad..d514d06 100644 --- a/vm/configuration.nix +++ b/vm/configuration.nix @@ -12,7 +12,6 @@ ]; networking.hostName = hostname; - nixpkgs.config.allowUnfree = true; # Since `fileSystems` is ignored by nixos-generators, we need to be creative @@ -24,6 +23,7 @@ script = '' mkdir -p /iot /run/wrappers/bin/mount -t 9p -o trans=virtio,version=9p2000.L host0 /iot + ${pkgs.bindfs}/bin/bindfs --map=1000/0:@100/@0 /iot /iot ''; wantedBy = [ "multi-user.target" ]; @@ -38,11 +38,36 @@ users.users.root = { password = "toor"; shell = pkgs.zsh; + extraGroups = [ "wheel" "libvirtd" ]; }; services = { getty.autologinUser = "root"; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PermitRootLogin = "yes"; + PasswordAuthentication = true; + AllowUsers = null; + }; + }; + xserver = { + enable = true; + xkb = { + layout = "fr"; + variant = "us"; + }; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + libinput.enable = true; }; + hardware.graphics = { + enable = true; + enable32Bit = true; + }; + virtualisation.virtualbox.host.enable = true; programs = { zsh = { @@ -56,6 +81,8 @@ environment = { systemPackages = with pkgs; [ + librewolf + bindfs vagrant git zip diff --git a/vm/flake.nix b/vm/flake.nix index 1cfb2c5..df96b24 100644 --- a/vm/flake.nix +++ b/vm/flake.nix @@ -27,17 +27,16 @@ packages = forAllSystems ( system: let - vm = nixos-generators.nixosGenerate { - inherit system; - specialArgs = { - inherit hostname; + generate-vm = modules: + nixos-generators.nixosGenerate { + inherit system, modules; + specialArgs = { + inherit hostname; + }; + format = "vm"; }; - modules = [ - ./configuration.nix - ]; - format = "vm"; - }; - in + vm = generate-vm [ ./configuration.nix ]; + in { inherit vm; default = vm; @@ -58,7 +57,22 @@ script = pkgs.writeShellScriptBin "${scriptName}" '' ${selfPkgs.vm}/bin/run-${hostname}-vm \ -enable-kvm \ - -virtfs local,path=$(${pkgs.coreutils}/bin/pwd)/..,mount_tag=host0,security_model=passthrough,id=host0 + -virtfs local,path=$(${pkgs.coreutils}/bin/pwd)/..,mount_tag=host0,security_model=mapped-xattr,id=host0 + ''; + in + { + type = "app"; + program = "${script}/bin/${scriptName}"; + }; + + vm-nodisplay = + let + scriptName = "run-${hostname}-vm-nodisplay"; + script = pkgs.writeShellScriptBin "${scriptName}" '' + ${selfPkgs.vm}/bin/run-${hostname}-vm \ + -enable-kvm \ + -nographic \ + -virtfs local,path=$(${pkgs.coreutils}/bin/pwd)/..,mount_tag=host0,security_model=mapped-xattr,id=host0 ''; in {