{ lib, ... }: {
imports = [ ./containers ];
nixos.systems.shill = {
system = "x86_64-linux";
nixpkgs = "mine";
assignments = {
internal = {
name = "shill-vm";
altNames = [ "ctr" ];
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}2";
ipv6 = {
iid = "::2";
address = "${lib.my.colony.start.vms.v6}2";
};
};
ctrs = {
ipv4 = {
address = "${lib.my.colony.start.ctrs.v4}1";
gateway = null;
};
ipv6.address = "${lib.my.colony.start.ctrs.v6}1";
};
};
configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
let
inherit (builtins) mapAttrs;
inherit (lib) mkIf mkMerge mkForce recursiveUpdate;
inherit (lib.my) networkdAssignment;
in
{
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
config = mkMerge [
{
boot.kernelParams = [ "console=ttyS0,115200n8" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nix";
fsType = "ext4";
};
"/persist" = {
device = "/dev/disk/by-label/persist";
fsType = "ext4";
neededForBoot = true;
};
};
systemd.network = {
links = {
"10-vms" = {
matchConfig.MACAddress = "52:54:00:85:b3:b1";
linkConfig.Name = "vms";
};
};
netdevs."25-ctrs".netdevConfig = {
Name = "ctrs";
Kind = "bridge";
};
networks = {
"80-vms" = networkdAssignment "vms" assignments.internal;
"80-ctrs" = mkMerge [
(networkdAssignment "ctrs" assignments.ctrs)
{
networkConfig = {
IPv6AcceptRA = mkForce false;
IPv6SendRA = true;
};
ipv6SendRAConfig = {
DNS = [ allAssignments.estuary.base.ipv6.address ];
Domains = [ config.networking.domain ];
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.ctrs.v6;
}
];
}
];
};
};
my = {
secrets.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWi6iEcpKdWPiHPgQEeVVKfB3yWNXQbXbr8IXYL+6Cw";
server.enable = true;
firewall = {
trustedInterfaces = [ "vms" "ctrs" ];
};
containers.instances = mapAttrs (_: c: recursiveUpdate c {
networking.bridge = "ctrs";
}) {
middleman = {};
vaultwarden = {};
};
};
}
];
};
};
}