From c5dce0fa0fcc7414825b4e56fee8190e47b49235 Mon Sep 17 00:00:00 2001 From: Adrian Gunnar Lauterer Date: Tue, 2 Dec 2025 01:47:51 +0100 Subject: [PATCH] Bicep as a vm --- hosts/bicep/configuration.nix | 29 ++++++++++++++++++-------- hosts/bicep/hardware-configuration.nix | 25 ++++++++++++---------- 2 files changed, 34 insertions(+), 20 deletions(-) diff --git a/hosts/bicep/configuration.nix b/hosts/bicep/configuration.nix index 25caa13..cc3073b 100644 --- a/hosts/bicep/configuration.nix +++ b/hosts/bicep/configuration.nix @@ -7,13 +7,13 @@ (fp /misc/metrics-exporters.nix) ./services/nginx - ./services/calendar-bot.nix - ./services/git-mirrors - ./services/minecraft-heatmap.nix - ./services/mysql.nix + #./services/calendar-bot.nix + #./services/git-mirrors + #./services/minecraft-heatmap.nix + #./services/mysql.nix ./services/postgres.nix - ./services/matrix + #./services/matrix ]; sops.defaultSopsFile = fp /secrets/bicep/bicep.yaml; @@ -21,13 +21,17 @@ sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.generateKey = true; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/disk/by-id/scsi-3600508b1001cb1a8751c137b30610682"; + #boot.loader.grub.enable = true; + #boot.loader.grub.device = "/dev/disk/by-id/scsi-3600508b1001cb1a8751c137b30610682"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "bicep"; - systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // { - matchConfig.Name = "enp6s0f0"; + #systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // { + systemd.network.networks."30-ens18" = values.defaultNetworkConfig // { + #matchConfig.Name = "enp6s0f0"; + matchConfig.Name = "ens18"; address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ] ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]); }; @@ -37,6 +41,13 @@ # There are no smart devices services.smartd.enable = false; + + # we are a vm now + services.qemuGuest.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.sshguard.enable = true; # Do not change, even during upgrades. # See https://search.nixos.org/options?show=system.stateVersion diff --git a/hosts/bicep/hardware-configuration.nix b/hosts/bicep/hardware-configuration.nix index c318673..a6aed09 100644 --- a/hosts/bicep/hardware-configuration.nix +++ b/hosts/bicep/hardware-configuration.nix @@ -5,22 +5,29 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "hpsa" "ohci_pci" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ahci" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/31a67903-dc00-448a-a24a-36e820318fe5"; + { device = "/dev/disk/by-uuid/20e06202-7a09-47cc-8ef6-5e7afe19453a"; fsType = "ext4"; }; + # temp data disk, only 128gb not enough until we can add another disk to the system. fileSystems."/data" = - { device = "/dev/disk/by-uuid/79e93eed-ad95-45c9-b115-4ef92afcc8c0"; - fsType = "f2fs"; + { device = "/dev/disk/by-uuid/c81af266-0781-4084-b8eb-c2587cbcf1ba"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/198B-E363"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; swapDevices = [ ]; @@ -30,11 +37,7 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp6s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp6s0f1.useDHCP = lib.mkDefault true; - # networking.interfaces.enp6s0f2.useDHCP = lib.mkDefault true; - # networking.interfaces.enp6s0f3.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }