🚧 wip: progress on p1 + changed provider to virtualbox

Signed-off-by: xtrm <oss@xtrm.me>
2025-08-11 20:12:53 +02:00 · 2025-03-04 19:51:09 +01:00
parent 0fb19bbbe0
commit 8c1eeab749
7 changed files with 108 additions and 13 deletions
--- a/.envrc
+++ b/.envrc
@ -1 +1,2 @@
 use flake
+watch_file shell.nix
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .direnv/
+.vagrant/
--- a/flake.nix
+++ b/flake.nix
@ -17,7 +17,10 @@
      devShells = forAllSystems (
        system:
        let
-          pkgs = import nixpkgs { inherit system; };
+          pkgs = import nixpkgs { 
+            inherit system;
+            config.allowUnfree = true;
+          };
        in
        {
          default = (import ./shell.nix) { inherit pkgs; };
--- a/p1/Vagrantfile
+++ b/p1/Vagrantfile
@ -0,0 +1,44 @@
+# -*- mode: ruby -*-
+#
+# vi: set ft=ruby :
+
+def environ(key, default)
+  ENV[key] || default
+end
+
+IOT_LOGIN = environ("IOT_LOGIN", "kiroussa")
+IOT_PROVIDER = environ("IOT_PROVIDER", "virtualbox")
+XDG_RUNTIME_DIR = environ("XDG_RUNTIME_DIR", "unknown")
+if XDG_RUNTIME_DIR == "unknown"
+  raise "XDG_RUNTIME_DIR is not set"
+end
+
+#   Here are the expected specifications:
+# • The machine names must be the login of someone of your team. The hostname
+# of the first machine must be followed by the capital letter S (like Server). The
+# hostname of the second machine must be followed by SW (like ServerWorker).
+# • Have a dedicated IP on the eth1 interface. The IP of the first machine (Server)
+# will be 192.168.56.110, and the IP of the second machine (ServerWorker) will be
+# 192.168.56.111.
+# • Be able to connect with SSH on both machines with no password.
+
+Vagrant.configure("2") do |config|
+  config.vagrant.plugins = []
+
+  config.vm.network "private_network", ip: "192.168.56.100"
+  config.vm.box = "debian/jessie64"
+  config.vm.provider "#{IOT_PROVIDER}" do |provider|
+    provider.cpus = 1
+    provider.memory = 1024
+  end
+
+  config.vm.define "#{IOT_LOGIN}S" do |server|
+    server.vm.hostname = "#{IOT_LOGIN}S"
+    server.vm.network "private_network", ip: "192.168.56.110"
+  end
+
+  config.vm.define "#{IOT_LOGIN}SW" do |serverworker|
+    serverworker.vm.hostname = "#{IOT_LOGIN}SW"
+    serverworker.vm.network "private_network", ip: "192.168.56.111"
+  end
+end
--- a/shell.nix
+++ b/shell.nix
@ -4,6 +4,11 @@

 pkgs.mkShell {
  nativeBuildInputs = with pkgs; [
+    # Tools
+    vagrant
+    kubectl
+
+    # Virtual Machine
    nixos-generators
  ];
 }
--- a/vm/configuration.nix
+++ b/vm/configuration.nix
@ -12,7 +12,6 @@
  ];

  networking.hostName = hostname;
-
  nixpkgs.config.allowUnfree = true;

  # Since `fileSystems` is ignored by nixos-generators, we need to be creative
@ -24,6 +23,7 @@
    script = ''
      mkdir -p /iot
      /run/wrappers/bin/mount -t 9p -o trans=virtio,version=9p2000.L host0 /iot
+      ${pkgs.bindfs}/bin/bindfs --map=1000/0:@100/@0 /iot /iot
    '';

    wantedBy = [ "multi-user.target" ];
@ -38,11 +38,36 @@
  users.users.root = {
    password = "toor";
    shell = pkgs.zsh;
+    extraGroups = [ "wheel" "libvirtd" ];
  };

  services = {
    getty.autologinUser = "root";
+    openssh = {
+      enable = true;
+      ports = [ 22 ];
+      settings = {
+        PermitRootLogin = "yes";
+        PasswordAuthentication = true;
+        AllowUsers = null;
+      };
+    };
+    xserver = {
+      enable = true;
+      xkb = {
+        layout = "fr";
+        variant = "us";
+      };
+      displayManager.gdm.enable = true;
+      desktopManager.gnome.enable = true;
+    };
+    libinput.enable = true;
  };
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+  virtualisation.virtualbox.host.enable = true;

  programs = {
    zsh = {
@ -56,6 +81,8 @@

  environment = {
    systemPackages = with pkgs; [
+      librewolf
+      bindfs
      vagrant
      git
      zip
--- a/vm/flake.nix
+++ b/vm/flake.nix
@ -27,17 +27,16 @@
      packages = forAllSystems (
        system:
        let
-          vm = nixos-generators.nixosGenerate {
-            inherit system;
-            specialArgs = {
-              inherit hostname;
+          generate-vm = modules:
+            nixos-generators.nixosGenerate {
+              inherit system, modules;
+              specialArgs = {
+                inherit hostname;
+              };
+              format = "vm";
            };
-            modules = [
-              ./configuration.nix
-            ];
-            format = "vm";
-          };
-        in
+          vm = generate-vm [ ./configuration.nix ];
+        in 
        {
          inherit vm;
          default = vm;
@ -58,7 +57,22 @@
              script = pkgs.writeShellScriptBin "${scriptName}" ''
                ${selfPkgs.vm}/bin/run-${hostname}-vm \
                  -enable-kvm \
-                  -virtfs local,path=$(${pkgs.coreutils}/bin/pwd)/..,mount_tag=host0,security_model=passthrough,id=host0
+                  -virtfs local,path=$(${pkgs.coreutils}/bin/pwd)/..,mount_tag=host0,security_model=mapped-xattr,id=host0
+              '';
+            in
+            {
+              type = "app";
+              program = "${script}/bin/${scriptName}";
+            };
+
+          vm-nodisplay =
+            let
+              scriptName = "run-${hostname}-vm-nodisplay";
+              script = pkgs.writeShellScriptBin "${scriptName}" ''
+                ${selfPkgs.vm}/bin/run-${hostname}-vm \
+                  -enable-kvm \
+                  -nographic \
+                  -virtfs local,path=$(${pkgs.coreutils}/bin/pwd)/..,mount_tag=host0,security_model=mapped-xattr,id=host0
              '';
            in
            {