unify virtualisation profile
This commit is contained in:
parent
0bfd296347
commit
762f67b21f
GPG Key ID:
FD266B810DF48DF2
@ -58,7 +58,6 @@ in {
|
||||
fileSystem = "zfs";
|
||||
};
|
||||
deviceSpecific.isServer = true;
|
||||
deviceSpecific.enableVirtualisation = true;
|
||||
deviceSpecific.vpn.tailscale.enable = true;
|
||||
# Tailscale auto-login
|
||||
services.headscale-auth.home-hypervisor = {
|
||||
|
||||
@ -1,61 +1,17 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
{ config, pkgs, lib, inputs, ... }: {
|
||||
imports = with inputs.self; [
|
||||
customProfiles.virtualisation
|
||||
];
|
||||
deviceSpecific.enableVirtualisation = true;
|
||||
|
||||
boot.kernelModules = [ "x_tables" ];
|
||||
|
||||
environment.systemPackages = [ pkgs.virtiofsd ];
|
||||
|
||||
virtualisation = {
|
||||
oci-containers.backend = lib.mkForce "podman";
|
||||
docker.enable = lib.mkForce false;
|
||||
podman = {
|
||||
enable = true;
|
||||
extraPackages = [ pkgs.zfs ];
|
||||
dockerSocket.enable = true;
|
||||
};
|
||||
containers.registries.search = [
|
||||
"docker.io" "gcr.io" "quay.io"
|
||||
];
|
||||
containers.storage.settings = {
|
||||
storage = {
|
||||
driver = "overlay";
|
||||
# driver = "zfs";
|
||||
graphroot = "/var/lib/podman/storage";
|
||||
runroot = "/run/containers/storage";
|
||||
};
|
||||
};
|
||||
lxd = {
|
||||
enable = true;
|
||||
zfsSupport = true;
|
||||
recommendedSysctlSettings = true;
|
||||
};
|
||||
lxc = {
|
||||
enable = true;
|
||||
lxcfs.enable = true;
|
||||
systemConfig = ''
|
||||
lxc.lxcpath = /var/lib/lxd/containers
|
||||
lxc.bdev.zfs.root = rpool/persistent/lxd
|
||||
'';
|
||||
};
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
qemu = {
|
||||
ovmf.enable = true;
|
||||
ovmf.packages = [
|
||||
pkgs.OVMFFull.fd
|
||||
];
|
||||
runAsRoot = false;
|
||||
};
|
||||
onBoot = "ignore";
|
||||
onShutdown = "shutdown";
|
||||
};
|
||||
};
|
||||
|
||||
security.unprivilegedUsernsClone = true;
|
||||
|
||||
home-manager.users.${config.mainuser} = {
|
||||
home.file.".config/containers/storage.conf".text = ''
|
||||
[storage]
|
||||
driver = "overlay"
|
||||
'';
|
||||
podman.defaultNetwork.settings.dns_enabled = lib.mkForce false;
|
||||
podman.extraPackages = [ pkgs.zfs ];
|
||||
spiceUSBRedirection.enable = lib.mkForce false;
|
||||
containers.storage.settings.storage.graphroot = lib.mkForce "/var/lib/podman/storage";
|
||||
};
|
||||
|
||||
users.users.${config.mainuser} = {
|
||||
@ -68,6 +24,4 @@
|
||||
startGid = 10000;
|
||||
}];
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
|
||||
}
|
||||
@ -13,32 +13,18 @@ with config.deviceSpecific; {
|
||||
podman = {
|
||||
enable = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
dockerSocket.enable = true;
|
||||
};
|
||||
containers.registries.search = [
|
||||
"docker.io" "gcr.io" "quay.io"
|
||||
];
|
||||
containers.storage.settings = {
|
||||
storage = {
|
||||
driver = "overlay2";
|
||||
driver = "overlay";
|
||||
graphroot = "/var/lib/containers/storage";
|
||||
runroot = "/run/containers/storage";
|
||||
};
|
||||
};
|
||||
lxd = lib.mkIf (!isContainer) {
|
||||
enable = true;
|
||||
zfsSupport = devInfo.fileSystem == "zfs";
|
||||
recommendedSysctlSettings = true;
|
||||
};
|
||||
lxc = {
|
||||
enable = true;
|
||||
lxcfs.enable = true;
|
||||
systemConfig = ''
|
||||
lxc.lxcpath = /var/lib/lxd/containers
|
||||
${if devInfo.fileSystem == "zfs" then ''
|
||||
lxc.bdev.zfs.root = rpool/persistent/lxd
|
||||
'' else ""}
|
||||
'';
|
||||
};
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
qemu = {
|
||||
@ -56,7 +42,7 @@ with config.deviceSpecific; {
|
||||
onShutdown = "shutdown";
|
||||
};
|
||||
|
||||
spiceUSBRedirection.enable = true;
|
||||
spiceUSBRedirection.enable = !isServer;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.virtiofsd ];
|
||||
@ -79,7 +65,7 @@ with config.deviceSpecific; {
|
||||
'';
|
||||
};
|
||||
|
||||
programs.extra-container.enable = true;
|
||||
programs.extra-container.enable = !isServer;
|
||||
programs.virt-manager.enable = !isServer;
|
||||
|
||||
persist.state.homeDirectories = [
|
||||
@ -90,14 +76,13 @@ with config.deviceSpecific; {
|
||||
"/var/lib/docker"
|
||||
"/var/lib/libvirt"
|
||||
"/var/lib/containers"
|
||||
"/var/lib/lxd"
|
||||
];
|
||||
|
||||
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
|
||||
|
||||
# cross compilation of aarch64 uefi currently broken
|
||||
# link existing extracted from fedora package
|
||||
system.activationScripts.aarch64-ovmf.text = ''
|
||||
system.activationScripts.aarch64-ovmf.text = lib.mkIf (!isServer) ''
|
||||
rm -f /run/libvirt/nix-ovmf/AAVMF_*
|
||||
mkdir -p /run/libvirt/nix-ovmf || true
|
||||
${pkgs.zstd}/bin/zstd -d ${../misc/AAVMF_CODE.fd.zst} -o /run/libvirt/nix-ovmf/AAVMF_CODE.fd
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user