Fix dev VM networking

2022-02-17 19:14:10 +00:00 · 2022-02-17 19:14:10 +00:00 · 22c878bb69
commit 22c878bb69
parent a814bdfcf8
4 changed files with 36 additions and 3 deletions
--- a/home-manager/modules/common.nix
+++ b/home-manager/modules/common.nix
@ -46,6 +46,16 @@ in
            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+kCHXqtznkT9IBN5WxZHmXI97k3BumT+N4lyHWMo0pykpACCOcGw52EXxQveNqgcwcRUgamL9A2JTE//WRf3O4nBofeTRNKcRxTjRoUVIt/F0xbf09yWBqJOXZ8rqLkXhRvSpr1TCUZtYVp5iLtpERp622OMIqHSwa6HlxBqsCFkBeq1bRyNtYK/IaQAuBPW9MNeFriGqA0Vq078ccXp+JINxJbr+ZJybVg6PVqnMD+PgGMZQLkoWjwjH3vcJZZt584UPtrXKpNZuKy6dcMCb2U+O9NOaO66168sBVuK0kZHh51nJ7ZH38VLGiBipRgIQ1fzic3Ncn6GC9ko3/OwT jackos1998@gmail.com"
          ];
          matchBlocks = {
+            nix-dev-vm = {
+              user = "dev";
+              hostname = "localhost";
+              port = 2222;
+              extraOptions = {
+                StrictHostKeyChecking = "no";
+                UserKnownHostsFile = "/dev/null";
+              };
+            };
+
            "rsync.net" = {
              host = "rsyncnet";
              user = "16413";
--- a/nixos/installer.nix
+++ b/nixos/installer.nix
@ -1,4 +1,4 @@
-{ lib, modulesPath, config, ... }:
+{ lib, pkgs, modulesPath, config, ... }:
 let
  inherit (lib) mkDefault mkForce;
 in
@ -39,5 +39,10 @@ in
    # download-using-manifests.pl from forking even if there is
    # plenty of free memory.
    boot.kernel.sysctl."vm.overcommit_memory" = "1";
+
+    environment.systemPackages = with pkgs; [
+      # We disable networking.useDHCP, so bring this in for the user
+      dhcpcd
+    ];
  };
 }
--- a/nixos/modules/build.nix
+++ b/nixos/modules/build.nix
@ -61,6 +61,7 @@ in
    # Forward declare options that won't exist until the VM module is actually imported
    virtualisation = {
      diskImage = dummyOption;
+      forwardPorts = dummyOption;
    };
  };

--- a/nixos/modules/common.nix
+++ b/nixos/modules/common.nix
@ -1,8 +1,8 @@
 { lib, pkgs, pkgs', inputs, options, config, ... }:
 let
  inherit (builtins) attrValues;
-  inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions;
-  inherit (lib.my) mkOpt' dummyOption;
+  inherit (lib) flatten optional mkIf mkDefault mkMerge mkAliasDefinitions;
+  inherit (lib.my) mkOpt' mkBoolOpt' dummyOption;

  defaultUsername = "dev";
  uname = config.my.user.name;
@ -13,6 +13,14 @@ in
      # Pretty hacky but too lazy to figure out if there's a better way to alias the options
      user = mkOpt' (attrsOf anything) { } "User definition (as `users.users.*`).";
      homeConfig = mkOpt' anything { } "Home configuration (as `home-manager.users.*`)";
+
+      ssh = {
+        # If enabled, we can't set `authorized_keys` from home-manager because SSH won't like the file being owned by
+        # root.
+        strictModes = mkBoolOpt' false
+          ("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+
+          "before accepting login.");
+      };
    };

    # Only present in >=22.05, so forward declare
@ -104,6 +112,11 @@ in
        useDHCP = mkDefault false;
        enableIPv6 = mkDefault true;
      };
+      virtualisation = {
+        forwardPorts = flatten [
+          (optional config.services.openssh.openFirewall { from = "host"; host.port = 2222; guest.port = 22; })
+        ];
+      };

      environment.systemPackages = with pkgs; [
        bash-completion
@ -123,6 +136,7 @@ in

        openssh = {
          enable = mkDefault true;
+          extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}'';
        };
      };

@ -138,6 +152,9 @@ in
        })
      ];
    })
+    (mkIf config.my.build.isDevVM {
+      networking.interfaces.eth0.useDHCP = mkDefault true;
+    })
  ];

  meta.buildDocsInSandbox = false;