tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

vm: Set up proper bridge networking #101

Manually merged
tlater merged 1 commit from tlater/bridge-networking into master 2024-03-27 00:51:54 +00:00
Conversation 0 Commits 1 Files changed 7 +61 -79
7 changed files with 61 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 14785afa14 - Show all commits

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
/result /result
/tlaternet.qcow2 *.qcow2

7
README.md
View file

@ -21,13 +21,6 @@ running the following in the repository root:
qemu-img create -f qcow2 ./tlaternet.qcow2 20G qemu-img create -f qcow2 ./tlaternet.qcow2 20G
``` ```
### New services
Whenever a new service is added, add an appropriate port binding to
`qemuNetOpts` in the default app.
There is no way to test this without binding to the host port, sadly.
## Deploying ## Deploying
Deployment is handled using Deployment is handled using

1
configuration/default.nix
View file

@ -11,7 +11,6 @@
flake-inputs.sops-nix.nixosModules.sops flake-inputs.sops-nix.nixosModules.sops
flake-inputs.tlaternet-webserver.nixosModules.default flake-inputs.tlaternet-webserver.nixosModules.default
"${modulesPath}/profiles/headless.nix"
"${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/minimal.nix"
(import ../modules) (import ../modules)

21
configuration/hardware-specific/vm.nix
View file

@ -14,7 +14,9 @@
systemd.network.networks."10-eth0" = { systemd.network.networks."10-eth0" = {
matchConfig.Name = "eth0"; matchConfig.Name = "eth0";
networkConfig.DHCP = "yes"; networkConfig = {
Address = "192.168.9.2/24";
};
}; };
# Both so we have a predictable key for the staging env, as well as # Both so we have a predictable key for the staging env, as well as
@ -33,7 +35,18 @@
} }
]; ];
# # Set up VM settings to match real VPS virtualisation.vmVariant = {
# virtualisation.memorySize = 3941; virtualisation = {
# virtualisation.cores = 2; memorySize = 3941;
cores = 2;
graphics = false;
};
virtualisation.qemu = {
networkingOptions = lib.mkForce [
"-device virtio-net,netdev=n1"
"-netdev bridge,id=n1,br=br0,helper=$(which qemu-bridge-helper)"
];
};
};
} }

67
flake.nix
View file

@ -36,6 +36,7 @@
... ...
} @ inputs: let } @ inputs: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in { in {
################## ##################
# Configurations # # Configurations #
@ -75,16 +76,15 @@
######### #########
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
####################
# Helper functions #
####################
lib = import ./lib {inherit (nixpkgs) lib;};
################### ###################
# Utility scripts # # Utility scripts #
################### ###################
packages.${system} = let apps.${system} = {
inherit (nixpkgs.legacyPackages.${system}) writeShellScript writeShellScriptBin; default = self.apps.${system}.run-vm;
run-vm = {
type = "app";
program = let
vm = nixpkgs.lib.nixosSystem { vm = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs.flake-inputs = inputs; specialArgs.flake-inputs = inputs;
@ -94,50 +94,35 @@
./configuration/hardware-specific/vm.nix ./configuration/hardware-specific/vm.nix
]; ];
}; };
in {
default = vm.config.system.build.vm;
run-vm = let
qemuNetOpts = self.lib.makeQemuNetOpts {
"2222" = "2222";
"3080" = "80";
"3443" = "443";
"8448" = "8448"; # Matrix
"21025" = "21025"; # Starbound
};
in in
writeShellScript "run-vm" '' (pkgs.writeShellScript "" ''
export QEMU_OPTS="-m 3941 -smp 2 -display curses" ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
export QEMU_NET_OPTS="${qemuNetOpts}" '')
"${vm.config.system.build.vm}/bin/run-testvm-vm" .outPath;
''; };
update-pkgs = let update-pkgs = {
type = "app";
program = let
nvfetcher-bin = "${nvfetcher.packages.${system}.default}/bin/nvfetcher"; nvfetcher-bin = "${nvfetcher.packages.${system}.default}/bin/nvfetcher";
in in
writeShellScriptBin "update-pkgs" '' (pkgs.writeShellScript "update-pkgs" ''
cd "$(git rev-parse --show-toplevel)/pkgs" cd "$(git rev-parse --show-toplevel)/pkgs"
${nvfetcher-bin} -o _sources_pkgs -c nvfetcher.toml ${nvfetcher-bin} -o _sources_pkgs -c nvfetcher.toml
''; '')
.outPath;
update-nextcloud-apps = let
nvfetcher-bin = "${nvfetcher.packages.${system}.default}/bin/nvfetcher";
in
writeShellScript "update-nextcloud-apps" ''
cd "$(git rev-parse --show-toplevel)/pkgs"
${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml
'';
};
apps.${system} = {
default = {
type = "app";
program = builtins.toString self.packages.${system}.run-vm;
}; };
update-nextcloud-apps = { update-nextcloud-apps = {
type = "app"; type = "app";
program = builtins.toString self.packages.${system}.update-nextcloud-apps; program = let
nvfetcher-bin = "${nvfetcher.packages.${system}.default}/bin/nvfetcher";
in
(pkgs.writeShellScript "update-nextcloud-apps" ''
cd "$(git rev-parse --show-toplevel)/pkgs"
${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml
'')
.outPath;
}; };
}; };

6
keys/staging.yaml
View file

@ -14,6 +14,8 @@ wireguard:
server-key: ENC[AES256_GCM,data:FvY897XdKoa/mckE8JQLCkklsnYD6Wz1wpsu5t3uhEnW3iarnDQxF9msuYU=,iv:jqGXfekM+Vs+J9b5nlZ5Skd1ZKHajoUo2Dc4tMYPm1w=,tag:EehikjI/FCU8wqtpvJRamQ==,type:str] server-key: ENC[AES256_GCM,data:FvY897XdKoa/mckE8JQLCkklsnYD6Wz1wpsu5t3uhEnW3iarnDQxF9msuYU=,iv:jqGXfekM+Vs+J9b5nlZ5Skd1ZKHajoUo2Dc4tMYPm1w=,tag:EehikjI/FCU8wqtpvJRamQ==,type:str]
restic: restic:
local-backups: ENC[AES256_GCM,data:3QjEv03t7wE=,iv:y/6Lv4eUbZZfGPwUONykz8VNL62cAJuWaJy9yk3aAmk=,tag:wMlGsepuG9JjwtUKGWSibw==,type:str] local-backups: ENC[AES256_GCM,data:3QjEv03t7wE=,iv:y/6Lv4eUbZZfGPwUONykz8VNL62cAJuWaJy9yk3aAmk=,tag:wMlGsepuG9JjwtUKGWSibw==,type:str]
storagebox-backups: ENC[AES256_GCM,data:NEHk57B3YtI=,iv:0/qnqMVK0662sgfDQoLxcW7L09SKF8E5liCnjaQ2+2k=,tag:RU0BPwGgvI9bgOPr8VItmA==,type:str]
storagebox-ssh-key: ENC[AES256_GCM,data:65+kbJPO90y+rRh3Q5cqLDtQa3VFfbaDPPo1nJLqxgAB7Wm3J7K4qUYAKPcYnkWV4/xFz63R2uCNaq5xv+vuZA==,iv:O7AeE/ujp5p1P7nff7PpghQfN2tQUYBSWL+EHRbE5yA=,tag:Pu/+bEAQuqwmD1Rc//t0cA==,type:str]
turn: turn:
env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str] env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str]
secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str] secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str]
@ -26,8 +28,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2023-12-30T14:09:03Z" lastmodified: "2024-03-18T23:13:42Z"
mac: ENC[AES256_GCM,data:kuyzVV1Dhlb2LemqRzw2xPr9jtTWqSbFMv70LUEbRmsDpjwQsAIARgoaj32EXdDRTHYXBplTYieR7KvmxykL/8rkj0g4+IuRLY1TcbRS31Gi74FiXvV2apscHhQWXhHPHIHMbwZAfDSHdMrf8hPu28SC9QdbP3SXYNt28Imstrc=,iv:UALUiWGHlWEBmIVWeSyEa16ZdcDZvgtlpHETDV2CcRY=,tag:rxbd3ph+pPf11jup/CMEzw==,type:str] mac: ENC[AES256_GCM,data:/6GnUxOkftB07feEwQbeXoueLQUkRXL4pee973bAYbjse8gbmU3IvI8CVoj1PuY5JeC7pOFCMjZAxqbMh90oUbVSHssVDLIuL4/ZhxF3on+sKmC5wa/M8lU+Ld2upL+//bz2p4EsDKy1Fedwm22b3mOkjSAUcKp+uh8ORrRmWZ0=,iv:waVUyPo1VPfTldzbs0DH3mGukAWvy2Ut9w5bw7/bdFA=,tag:Wm4KUZwKI4VylJ1i2QoptA==,type:str]
pgp: pgp:
- created_at: "2023-12-29T15:25:27Z" - created_at: "2023-12-29T15:25:27Z"
enc: | enc: |

10
lib/default.nix
View file

@ -1,10 +0,0 @@
{lib}: let
inherit (lib.attrsets) mapAttrsToList;
inherit (lib.strings) concatStringsSep;
in {
makeQemuNetOpts = portMapping:
concatStringsSep ","
(mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}")
portMapping);
}