AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

unify virtualisation profile

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-06-29 10:48:20 +03:00
parent 0bfd296347
commit 762f67b21f
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
3 changed files with 15 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
machines/Home-Hypervisor/default.nix
View File

@ -58,7 +58,6 @@ in {
fileSystem = "zfs"; fileSystem = "zfs";
}; };
deviceSpecific.isServer = true; deviceSpecific.isServer = true;
deviceSpecific.enableVirtualisation = true;
deviceSpecific.vpn.tailscale.enable = true; deviceSpecific.vpn.tailscale.enable = true;
# Tailscale auto-login # Tailscale auto-login
services.headscale-auth.home-hypervisor = { services.headscale-auth.home-hypervisor = {

66
machines/Home-Hypervisor/virtualisation.nix
View File

@ -1,61 +1,17 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, inputs, ... }: {
imports = with inputs.self; [
customProfiles.virtualisation
];
deviceSpecific.enableVirtualisation = true;
boot.kernelModules = [ "x_tables" ]; boot.kernelModules = [ "x_tables" ];
environment.systemPackages = [ pkgs.virtiofsd ];
virtualisation = { virtualisation = {
oci-containers.backend = lib.mkForce "podman";
docker.enable = lib.mkForce false; docker.enable = lib.mkForce false;
podman = { podman.defaultNetwork.settings.dns_enabled = lib.mkForce false;
enable = true; podman.extraPackages = [ pkgs.zfs ];
extraPackages = [ pkgs.zfs ]; spiceUSBRedirection.enable = lib.mkForce false;
dockerSocket.enable = true; containers.storage.settings.storage.graphroot = lib.mkForce "/var/lib/podman/storage";
};
containers.registries.search = [
"docker.io" "gcr.io" "quay.io"
];
containers.storage.settings = {
storage = {
driver = "overlay";
# driver = "zfs";
graphroot = "/var/lib/podman/storage";
runroot = "/run/containers/storage";
};
};
lxd = {
enable = true;
zfsSupport = true;
recommendedSysctlSettings = true;
};
lxc = {
enable = true;
lxcfs.enable = true;
systemConfig = ''
lxc.lxcpath = /var/lib/lxd/containers
lxc.bdev.zfs.root = rpool/persistent/lxd
'';
};
libvirtd = {
enable = true;
qemu = {
ovmf.enable = true;
ovmf.packages = [
pkgs.OVMFFull.fd
];
runAsRoot = false;
};
onBoot = "ignore";
onShutdown = "shutdown";
};
};
security.unprivilegedUsernsClone = true;
home-manager.users.${config.mainuser} = {
home.file.".config/containers/storage.conf".text = ''
[storage]
driver = "overlay"
'';
}; };
users.users.${config.mainuser} = { users.users.${config.mainuser} = {
@ -68,6 +24,4 @@
startGid = 10000; startGid = 10000;
}]; }];
}; };
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
} }

25
profiles/virtualisation.nix
View File

@ -13,32 +13,18 @@ with config.deviceSpecific; {
podman = { podman = {
enable = true; enable = true;
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;
dockerSocket.enable = true;
}; };
containers.registries.search = [ containers.registries.search = [
"docker.io" "gcr.io" "quay.io" "docker.io" "gcr.io" "quay.io"
]; ];
containers.storage.settings = { containers.storage.settings = {
storage = { storage = {
driver = "overlay2"; driver = "overlay";
graphroot = "/var/lib/containers/storage"; graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage"; runroot = "/run/containers/storage";
}; };
}; };
lxd = lib.mkIf (!isContainer) {
enable = true;
zfsSupport = devInfo.fileSystem == "zfs";
recommendedSysctlSettings = true;
};
lxc = {
enable = true;
lxcfs.enable = true;
systemConfig = ''
lxc.lxcpath = /var/lib/lxd/containers
${if devInfo.fileSystem == "zfs" then ''
lxc.bdev.zfs.root = rpool/persistent/lxd
'' else ""}
'';
};
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu = { qemu = {
@ -56,7 +42,7 @@ with config.deviceSpecific; {
onShutdown = "shutdown"; onShutdown = "shutdown";
}; };
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = !isServer;
}; };
environment.systemPackages = [ pkgs.virtiofsd ]; environment.systemPackages = [ pkgs.virtiofsd ];
@ -79,7 +65,7 @@ with config.deviceSpecific; {
''; '';
}; };
programs.extra-container.enable = true; programs.extra-container.enable = !isServer;
programs.virt-manager.enable = !isServer; programs.virt-manager.enable = !isServer;
persist.state.homeDirectories = [ persist.state.homeDirectories = [
@ -90,14 +76,13 @@ with config.deviceSpecific; {
"/var/lib/docker" "/var/lib/docker"
"/var/lib/libvirt" "/var/lib/libvirt"
"/var/lib/containers" "/var/lib/containers"
"/var/lib/lxd"
]; ];
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ]; networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
# cross compilation of aarch64 uefi currently broken # cross compilation of aarch64 uefi currently broken
# link existing extracted from fedora package # link existing extracted from fedora package
system.activationScripts.aarch64-ovmf.text = '' system.activationScripts.aarch64-ovmf.text = lib.mkIf (!isServer) ''
rm -f /run/libvirt/nix-ovmf/AAVMF_* rm -f /run/libvirt/nix-ovmf/AAVMF_*
mkdir -p /run/libvirt/nix-ovmf || true mkdir -p /run/libvirt/nix-ovmf || true
${pkgs.zstd}/bin/zstd -d ${../misc/AAVMF_CODE.fd.zst} -o /run/libvirt/nix-ovmf/AAVMF_CODE.fd ${pkgs.zstd}/bin/zstd -d ${../misc/AAVMF_CODE.fd.zst} -o /run/libvirt/nix-ovmf/AAVMF_CODE.fd