pinchflat vpn, testbed random, virt-manager

2025-08-12 17:01:21 -05:00 · 2025-08-12 17:01:21 -05:00 · db6d5161ff
commit db6d5161ff
parent d2eaec6860
13 changed files with 1645 additions and 64 deletions
--- a/hosts/testbed/configuration.nix
+++ b/hosts/testbed/configuration.nix
@ -0,0 +1,6 @@
+{
+  ...
+}:
+{
+  system.stateVersion = "25.05"; # Did you read the comment?
+}
--- a/hosts/testbed/disko-config.nix
+++ b/hosts/testbed/disko-config.nix
@ -0,0 +1,95 @@
+{ lib, config, ... }:
+let
+  cfg = config.custom_disko;
+in
+{
+  options.custom_disko = {
+    withSwap = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Whether to create a swap file.";
+    };
+  };
+  config = {
+    disko.devices = {
+      disk = {
+        main = {
+          device = "/dev/vda";
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              ESP = {
+                priority = 1;
+                name = "ESP";
+                start = "1M";
+                size = "512M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                  formatOptions = [
+                    "-n"
+                    "NIXBOOT"
+                  ];
+                  mountOptions = [ "umask=0077" ];
+                };
+              };
+              root = {
+                size = "100%";
+                content = {
+                  type = "btrfs";
+                  extraArgs = [
+                    "-f"
+                    "--label NIXROOT"
+                  ];
+                  subvolumes =
+                    let
+                      mountOptions = [
+                        "compress=zstd"
+                        "noatime"
+                      ];
+                    in
+                    {
+                      "@root" = {
+                        inherit mountOptions;
+                        mountpoint = "/";
+                      };
+                      "@nix" = {
+                        inherit mountOptions;
+                        mountpoint = "/nix";
+                      };
+                      "@persist" = {
+                        inherit mountOptions;
+                        mountpoint = "/persist";
+                      };
+                      "@snapshots" = {
+                        inherit mountOptions;
+                        mountpoint = "/.snapshots";
+                      };
+                      "@swap" = lib.mkIf cfg.withSwap {
+                        inherit mountOptions;
+                        mountpoint = "/.swapfile";
+                        swap.swapfile.size = 8 * 1024; # 8GB
+                      };
+                    };
+                };
+              };
+            };
+            postCreateHook = ''
+              MNTPOINT=$(mktemp -d)
+              mount -t btrfs "${config.disko.devices.disk.main.content.partitions.root.device}" "$MNTPOINT"
+              trap 'umount $MNTPOINT; rmdir $MNTPOINT' EXIT
+              # Ensure the snapshots directory exists
+              mkdir -p $MNTPOINT/@snapshots
+              # Place readonly empty root snapshot inside snapshots subvol
+              btrfs subvolume snapshot -r $MNTPOINT/@root $MNTPOINT/@snapshots/_root-empty
+            '';
+          };
+        };
+      };
+    };
+    fileSystems."/persist".neededForBoot = true;
+  };
+}
--- a/hosts/testbed/flake.lock
+++ b/hosts/testbed/flake.lock
--- a/hosts/testbed/flake.nix
+++ b/hosts/testbed/flake.nix
@ -0,0 +1,109 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    # Use relative to get current version for testing
+    common.url = "path:../../common";
+    # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
+
+    inputs.disko.url = "github:nix-community/disko/latest";
+    inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
+    # impermanence.url = "github:nix-community/impermanence";
+
+    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      common,
+      ros_neovim,
+      disko,
+      # impermanence,
+      ...
+    }:
+    let
+      configuration_name = "testbed";
+      lib = nixpkgs.lib;
+    in
+    {
+      packages = {
+        x86_64-linux.vm = self.nixosConfigurations.${configuration_name}.config.system.build.vm;
+      };
+      nixosConfigurations = {
+        "${configuration_name}" = (
+          lib.nixosSystem {
+            modules = [
+              disko.nixosModules.disko
+              # impermanence.nixosModules.impermanence
+              common.nixosModules.default
+              ros_neovim.nixosModules.default
+              ./configuration.nix
+              ./hardware-configuration.nix
+              (
+                { config, pkgs, ... }:
+                {
+                  environment.systemPackages = with pkgs; [
+                    cowsay
+                    lolcat
+                  ];
+
+                  ringofstorms_common = {
+                    systemName = configuration_name;
+                    boot.systemd.enable = true;
+                    programs = {
+                      ssh.enable = true;
+                      podman.enable = true;
+                    };
+                    users = {
+                      admins = [ "luser" ]; # First admin is also the primary user owning nix config
+                      users = {
+                        root = {
+                          openssh.authorizedKeys.keys = [
+                            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix"
+                          ];
+                          shell = pkgs.zsh;
+                        };
+                        luser = {
+                          openssh.authorizedKeys.keys = [
+                            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix"
+                          ];
+                          extraGroups = [
+                            "networkmanager"
+                            "video"
+                            "input"
+                          ];
+                          shell = pkgs.zsh;
+                        };
+                      };
+                    };
+                    homeManager = {
+                      users = {
+                        luser = {
+                          imports = with common.homeManagerModules; [
+                            kitty
+                            tmux
+                            atuin
+                            direnv
+                            git
+                            nix_deprecations
+                            postgres
+                            ssh
+                            starship
+                            zoxide
+                            zsh
+                          ];
+                        };
+                      };
+                    };
+                  };
+                }
+              )
+            ];
+          }
+        );
+      };
+    };
+}
--- a/hosts/testbed/hardware-configuration.nix
+++ b/hosts/testbed/hardware-configuration.nix
@ -0,0 +1,19 @@
+{
+  lib,
+  ...
+}:
+{
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  boot.initrd.postMountCommands = lib.mkAfter ''
+    # Mount Btrfs volume (the device containing your root subvolumes)
+    mkdir -p /btrfs_tmp
+    mount -o subvol=/ /dev/disk/by-label/NIXROOT /btrfs_tmp
+
+    # Delete current @root, then restore from snapshot
+    btrfs subvolume delete /btrfs_tmp/@root || true
+    btrfs subvolume snapshot /btrfs_tmp/@snapshots/root-empty /btrfs_tmp/@root
+
+    umount /btrfs_tmp
+  '';
+}
--- a/hosts/testbed/testbed.qcow2
+++ b/hosts/testbed/testbed.qcow2