forked from Fediversity/simple-nixos-fediverse
Format everything, RFC-style
This commit is contained in:
parent
49473c43c8
commit
7007da1775
|
@ -5,7 +5,8 @@ let
|
|||
inherit (lib) mkOption mkEnableOption mkForce;
|
||||
inherit (lib.types) types;
|
||||
|
||||
in {
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./garage.nix
|
||||
./mastodon.nix
|
||||
|
@ -33,7 +34,7 @@ in {
|
|||
|
||||
temp = mkOption {
|
||||
description = "options that are only used while developing; should be removed eventually";
|
||||
default = {};
|
||||
default = { };
|
||||
type = types.submodule {
|
||||
options = {
|
||||
cores = mkOption {
|
||||
|
@ -51,7 +52,7 @@ in {
|
|||
|
||||
internal = mkOption {
|
||||
description = "options that are only meant to be used internally; change at your own risk";
|
||||
default = {};
|
||||
default = { };
|
||||
type = types.submodule {
|
||||
options = {
|
||||
garage = {
|
||||
|
|
|
@ -8,27 +8,49 @@ let
|
|||
in
|
||||
|
||||
# TODO: expand to a multi-machine setup
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (builtins) toString;
|
||||
inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep;
|
||||
inherit (lib)
|
||||
types
|
||||
mkOption
|
||||
mkEnableOption
|
||||
optionalString
|
||||
concatStringsSep
|
||||
;
|
||||
inherit (lib.strings) escapeShellArg;
|
||||
inherit (lib.attrsets) filterAttrs mapAttrs';
|
||||
cfg = config.services.garage;
|
||||
fedicfg = config.fediversity.internal.garage;
|
||||
concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset);
|
||||
ensureBucketScriptFn = bucket: { website, aliases, corsRules }:
|
||||
ensureBucketScriptFn =
|
||||
bucket:
|
||||
{
|
||||
website,
|
||||
aliases,
|
||||
corsRules,
|
||||
}:
|
||||
let
|
||||
bucketArg = escapeShellArg bucket;
|
||||
corsRulesJSON = escapeShellArg (builtins.toJSON {
|
||||
CORSRules = [{
|
||||
corsRulesJSON = escapeShellArg (
|
||||
builtins.toJSON {
|
||||
CORSRules = [
|
||||
{
|
||||
AllowedHeaders = corsRules.allowedHeaders;
|
||||
AllowedMethods = corsRules.allowedMethods;
|
||||
AllowedOrigins = corsRules.allowedOrigins;
|
||||
}];
|
||||
});
|
||||
in ''
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
in
|
||||
''
|
||||
# garage bucket info tells us if the bucket already exists
|
||||
garage bucket info ${bucketArg} || garage bucket create ${bucketArg}
|
||||
|
||||
|
@ -37,9 +59,11 @@ let
|
|||
garage bucket website --allow ${bucketArg}
|
||||
''}
|
||||
|
||||
${concatStringsSep "\n" (map (alias: ''
|
||||
${concatStringsSep "\n" (
|
||||
map (alias: ''
|
||||
garage bucket alias ${bucketArg} ${escapeShellArg alias}
|
||||
'') aliases)}
|
||||
'') aliases
|
||||
)}
|
||||
|
||||
${optionalString corsRules.enable ''
|
||||
garage bucket allow --read --write --owner ${bucketArg} --key tmp
|
||||
|
@ -49,11 +73,25 @@ let
|
|||
''}
|
||||
'';
|
||||
ensureBucketsScript = concatMapAttrs ensureBucketScriptFn cfg.ensureBuckets;
|
||||
ensureAccessScriptFn = key: bucket: { read, write, owner }: ''
|
||||
ensureAccessScriptFn =
|
||||
key: bucket:
|
||||
{
|
||||
read,
|
||||
write,
|
||||
owner,
|
||||
}:
|
||||
''
|
||||
garage bucket allow ${optionalString read "--read"} ${optionalString write "--write"} ${optionalString owner "--owner"} \
|
||||
${escapeShellArg bucket} --key ${escapeShellArg key}
|
||||
'';
|
||||
ensureKeyScriptFn = key: {id, secret, ensureAccess}: ''
|
||||
ensureKeyScriptFn =
|
||||
key:
|
||||
{
|
||||
id,
|
||||
secret,
|
||||
ensureAccess,
|
||||
}:
|
||||
''
|
||||
## FIXME: Check whether the key exist and skip this step if that is the case. Get rid of this `|| :`
|
||||
garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || :
|
||||
${concatMapAttrs (ensureAccessScriptFn key) ensureAccess}
|
||||
|
@ -66,7 +104,8 @@ in
|
|||
options = {
|
||||
services.garage = {
|
||||
ensureBuckets = mkOption {
|
||||
type = types.attrsOf (types.submodule {
|
||||
type = types.attrsOf (
|
||||
types.submodule {
|
||||
options = {
|
||||
website = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -77,27 +116,29 @@ in
|
|||
enable = mkEnableOption "CORS Rules";
|
||||
allowedHeaders = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
};
|
||||
allowedMethods = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
};
|
||||
allowedOrigins = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
aliases = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
}
|
||||
);
|
||||
default = { };
|
||||
};
|
||||
ensureKeys = mkOption {
|
||||
type = types.attrsOf (types.submodule {
|
||||
type = types.attrsOf (
|
||||
types.submodule {
|
||||
# TODO: these should be managed as secrets, not in the nix store
|
||||
options = {
|
||||
id = mkOption {
|
||||
|
@ -109,7 +150,8 @@ in
|
|||
# TODO: assert at least one of these is true
|
||||
# NOTE: this currently needs to be done at the top level module
|
||||
ensureAccess = mkOption {
|
||||
type = types.attrsOf (types.submodule {
|
||||
type = types.attrsOf (
|
||||
types.submodule {
|
||||
options = {
|
||||
read = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -124,18 +166,23 @@ in
|
|||
default = false;
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [];
|
||||
}
|
||||
);
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
}
|
||||
);
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.fediversity.enable {
|
||||
environment.systemPackages = [ pkgs.minio-client pkgs.awscli ];
|
||||
environment.systemPackages = [
|
||||
pkgs.minio-client
|
||||
pkgs.awscli
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
fedicfg.rpc.port
|
||||
|
@ -178,9 +225,11 @@ in
|
|||
'';
|
||||
};
|
||||
};
|
||||
in mapAttrs'
|
||||
(bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
|
||||
(filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);
|
||||
in
|
||||
mapAttrs' (bucket: _: {
|
||||
name = fedicfg.web.domainForBucket bucket;
|
||||
inherit value;
|
||||
}) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets);
|
||||
|
||||
systemd.services.ensure-garage = {
|
||||
after = [ "garage.service" ];
|
||||
|
@ -188,7 +237,11 @@ in
|
|||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
path = [ cfg.package pkgs.perl pkgs.awscli ];
|
||||
path = [
|
||||
cfg.package
|
||||
pkgs.perl
|
||||
pkgs.awscli
|
||||
];
|
||||
script = ''
|
||||
set -xeuo pipefail
|
||||
|
||||
|
|
|
@ -5,7 +5,12 @@ let
|
|||
};
|
||||
in
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
|
||||
#### garage setup
|
||||
|
@ -58,7 +63,10 @@ lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
|
|||
#### mastodon setup
|
||||
|
||||
# open up access to the mastodon web interface. 80 is necessary if only for ACME
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
|
|
|
@ -5,10 +5,18 @@ let
|
|||
};
|
||||
in
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
|
||||
services.garage = {
|
||||
ensureBuckets = {
|
||||
|
|
|
@ -5,7 +5,12 @@ let
|
|||
};
|
||||
in
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
||||
services.garage = {
|
||||
|
@ -80,5 +85,8 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
|||
after = [ "ensure-garage.service" ];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
}
|
||||
|
|
18
flake.nix
18
flake.nix
|
@ -9,20 +9,30 @@
|
|||
disko.url = "github:nix-community/disko";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-latest, pixelfed, disko }:
|
||||
outputs =
|
||||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
nixpkgs-latest,
|
||||
pixelfed,
|
||||
disko,
|
||||
}:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
lib = nixpkgs.lib;
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
pkgsLatest = nixpkgs-latest.legacyPackages.${system};
|
||||
bleedingFediverseOverlay = (self: super: {
|
||||
bleedingFediverseOverlay = (
|
||||
self: super: {
|
||||
pixelfed = pkgsLatest.pixelfed.overrideAttrs (old: {
|
||||
src = pixelfed;
|
||||
patches = (old.patches or [ ]) ++ [ ./fediversity/pixelfed-group-permissions.patch ];
|
||||
});
|
||||
## TODO: give mastodon, peertube the same treatment
|
||||
});
|
||||
in {
|
||||
}
|
||||
);
|
||||
in
|
||||
{
|
||||
nixosModules = {
|
||||
## Bleeding-edge fediverse packages
|
||||
bleedingFediverse = {
|
||||
|
|
|
@ -4,15 +4,22 @@
|
|||
WARNING: Running this installer will format the target disk!
|
||||
*/
|
||||
|
||||
{ nixpkgs,
|
||||
hostKeys ? {}
|
||||
{
|
||||
nixpkgs,
|
||||
hostKeys ? { },
|
||||
}:
|
||||
machine:
|
||||
|
||||
let
|
||||
inherit (builtins) concatStringsSep attrValues mapAttrs;
|
||||
|
||||
installer = { config, pkgs, lib, ... }:
|
||||
installer =
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
bootstrap = pkgs.writeShellApplication {
|
||||
name = "bootstrap";
|
||||
|
@ -20,20 +27,16 @@ let
|
|||
text = ''
|
||||
${machine.config.system.build.diskoScript}
|
||||
nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel}
|
||||
${
|
||||
concatStringsSep "\n" (
|
||||
${concatStringsSep "\n" (
|
||||
attrValues (
|
||||
mapAttrs
|
||||
(kind: keys: ''
|
||||
mapAttrs (kind: keys: ''
|
||||
cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key
|
||||
chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key
|
||||
cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub
|
||||
chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub
|
||||
'')
|
||||
hostKeys
|
||||
'') hostKeys
|
||||
)
|
||||
)
|
||||
}
|
||||
)}
|
||||
poweroff
|
||||
'';
|
||||
};
|
||||
|
@ -55,4 +58,4 @@ let
|
|||
};
|
||||
};
|
||||
in
|
||||
(nixpkgs.lib.nixosSystem { modules = [installer]; }).config.system.build.isoImage
|
||||
(nixpkgs.lib.nixosSystem { modules = [ installer ]; }).config.system.build.isoImage
|
||||
|
|
|
@ -2,10 +2,12 @@
|
|||
let
|
||||
lib = pkgs.lib;
|
||||
rebuildableTest = import ./rebuildableTest.nix pkgs;
|
||||
seleniumScript = pkgs.writers.writePython3Bin "selenium-script"
|
||||
seleniumScript =
|
||||
pkgs.writers.writePython3Bin "selenium-script"
|
||||
{
|
||||
libraries = with pkgs.python3Packages; [ selenium ];
|
||||
} ''
|
||||
}
|
||||
''
|
||||
from selenium import webdriver
|
||||
from selenium.webdriver.common.by import By
|
||||
from selenium.webdriver.firefox.options import Options
|
||||
|
@ -35,7 +37,9 @@ pkgs.nixosTest {
|
|||
name = "test-mastodon-garage";
|
||||
|
||||
nodes = {
|
||||
server = { config, ... }: {
|
||||
server =
|
||||
{ config, ... }:
|
||||
{
|
||||
virtualisation.memorySize = lib.mkVMOverride 4096;
|
||||
imports = with self.nixosModules; [
|
||||
bleedingFediverse
|
||||
|
@ -62,7 +66,9 @@ pkgs.nixosTest {
|
|||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
testScript =
|
||||
{ nodes, ... }:
|
||||
''
|
||||
import re
|
||||
import time
|
||||
|
||||
|
|
|
@ -50,10 +50,12 @@ let
|
|||
driver.quit()
|
||||
'';
|
||||
|
||||
seleniumScriptPostPicture = pkgs.writers.writePython3Bin "selenium-script-post-picture"
|
||||
seleniumScriptPostPicture =
|
||||
pkgs.writers.writePython3Bin "selenium-script-post-picture"
|
||||
{
|
||||
libraries = with pkgs.python3Packages; [ selenium ];
|
||||
} ''
|
||||
}
|
||||
''
|
||||
import os
|
||||
import time
|
||||
${seleniumImports}
|
||||
|
@ -93,10 +95,12 @@ let
|
|||
${seleniumTakeScreenshot "\"/home/selenium/screenshot.png\""}
|
||||
${seleniumQuit}'';
|
||||
|
||||
seleniumScriptGetSrc = pkgs.writers.writePython3Bin "selenium-script-get-src"
|
||||
seleniumScriptGetSrc =
|
||||
pkgs.writers.writePython3Bin "selenium-script-get-src"
|
||||
{
|
||||
libraries = with pkgs.python3Packages; [ selenium ];
|
||||
} ''
|
||||
}
|
||||
''
|
||||
${seleniumImports}
|
||||
${seleniumSetup}
|
||||
${seleniumPixelfedLogin}
|
||||
|
@ -115,7 +119,9 @@ pkgs.nixosTest {
|
|||
name = "test-pixelfed-garage";
|
||||
|
||||
nodes = {
|
||||
server = { config, ... }: {
|
||||
server =
|
||||
{ config, ... }:
|
||||
{
|
||||
|
||||
services = {
|
||||
xserver = {
|
||||
|
@ -129,8 +135,10 @@ pkgs.nixosTest {
|
|||
user = "selenium";
|
||||
};
|
||||
};
|
||||
virtualisation.resolution = { x = 1680; y = 1050; };
|
||||
|
||||
virtualisation.resolution = {
|
||||
x = 1680;
|
||||
y = 1050;
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
memorySize = lib.mkVMOverride 8192;
|
||||
|
@ -167,7 +175,9 @@ pkgs.nixosTest {
|
|||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
testScript =
|
||||
{ nodes, ... }:
|
||||
''
|
||||
import re
|
||||
|
||||
server.start()
|
||||
|
|
|
@ -1,9 +1,16 @@
|
|||
pkgs: test:
|
||||
let
|
||||
inherit (pkgs.lib) mapAttrsToList concatStringsSep genAttrs mkIf;
|
||||
inherit (pkgs.lib)
|
||||
mapAttrsToList
|
||||
concatStringsSep
|
||||
genAttrs
|
||||
mkIf
|
||||
;
|
||||
inherit (builtins) attrNames;
|
||||
|
||||
interactiveConfig = ({ config, ... }: {
|
||||
interactiveConfig = (
|
||||
{ config, ... }:
|
||||
{
|
||||
# so we can run `nix shell nixpkgs#foo` on the machines
|
||||
nix.extraOptions = ''
|
||||
extra-experimental-features = nix-command flakes
|
||||
|
@ -20,13 +27,16 @@ let
|
|||
};
|
||||
|
||||
virtualisation = mkIf (config.networking.hostName == "jumphost") {
|
||||
forwardPorts = [{
|
||||
forwardPorts = [
|
||||
{
|
||||
from = "host";
|
||||
host.port = 2222;
|
||||
guest.port = 22;
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
});
|
||||
}
|
||||
);
|
||||
|
||||
sshConfig = pkgs.writeText "ssh-config" ''
|
||||
Host *
|
||||
|
@ -50,10 +60,11 @@ let
|
|||
# create an association array from machine names to the path to their
|
||||
# configuration in the nix store
|
||||
declare -A configPaths=(${
|
||||
concatStringsSep " "
|
||||
(mapAttrsToList
|
||||
(n: v: ''["${n}"]="${v.system.build.toplevel}"'')
|
||||
rebuildableTest.driverInteractive.nodes)
|
||||
concatStringsSep " " (
|
||||
mapAttrsToList (
|
||||
n: v: ''["${n}"]="${v.system.build.toplevel}"''
|
||||
) rebuildableTest.driverInteractive.nodes
|
||||
)
|
||||
})
|
||||
|
||||
rebuild_one() {
|
||||
|
@ -113,16 +124,14 @@ let
|
|||
# we're at it)
|
||||
rebuildableTest =
|
||||
let
|
||||
preOverride = pkgs.nixosTest (test // {
|
||||
preOverride = pkgs.nixosTest (
|
||||
test
|
||||
// {
|
||||
interactive = (test.interactive or { }) // {
|
||||
# no need to // with test.interactive.nodes here, since we are iterating
|
||||
# over all of them, and adding back in the config via `imports`
|
||||
nodes = genAttrs
|
||||
(
|
||||
attrNames test.nodes or { } ++
|
||||
attrNames test.interactive.nodes or { } ++
|
||||
[ "jumphost" ]
|
||||
)
|
||||
nodes =
|
||||
genAttrs (attrNames test.nodes or { } ++ attrNames test.interactive.nodes or { } ++ [ "jumphost" ])
|
||||
(n: {
|
||||
imports = [
|
||||
(test.interactive.${n} or { })
|
||||
|
@ -131,14 +140,20 @@ let
|
|||
});
|
||||
};
|
||||
# override with test.passthru in case someone wants to overwrite us.
|
||||
passthru = { inherit rebuildScript sshConfig; } // (test.passthru or { });
|
||||
});
|
||||
passthru = {
|
||||
inherit rebuildScript sshConfig;
|
||||
} // (test.passthru or { });
|
||||
}
|
||||
);
|
||||
in
|
||||
preOverride // {
|
||||
preOverride
|
||||
// {
|
||||
driverInteractive = preOverride.driverInteractive.overrideAttrs (old: {
|
||||
# this comes from runCommand, not mkDerivation, so this is the only
|
||||
# hook we have to override
|
||||
buildCommand = old.buildCommand + ''
|
||||
buildCommand =
|
||||
old.buildCommand
|
||||
+ ''
|
||||
ln -s ${sshConfig} $out/ssh-config
|
||||
ln -s ${rebuildScript}/bin/rebuild $out/bin/rebuild
|
||||
'';
|
||||
|
@ -146,4 +161,3 @@ let
|
|||
};
|
||||
in
|
||||
rebuildableTest
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, config, modulesPath, ... }:
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) mkVMOverride mapAttrs' filterAttrs;
|
||||
|
@ -7,7 +12,8 @@ let
|
|||
|
||||
fedicfg = config.fediversity.internal.garage;
|
||||
|
||||
in {
|
||||
in
|
||||
{
|
||||
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
|
||||
|
||||
services.nginx.virtualHosts =
|
||||
|
@ -16,9 +22,11 @@ in {
|
|||
forceSSL = mkVMOverride false;
|
||||
enableACME = mkVMOverride false;
|
||||
};
|
||||
in mapAttrs'
|
||||
(bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
|
||||
(filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);
|
||||
in
|
||||
mapAttrs' (bucket: _: {
|
||||
name = fedicfg.web.domainForBucket bucket;
|
||||
inherit value;
|
||||
}) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets);
|
||||
|
||||
virtualisation.diskSize = 2048;
|
||||
virtualisation.forwardPorts = [
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# customize nixos-rebuild build-vm to be a bit more convenient
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
# let us log in
|
||||
users.mutableUsers = false;
|
||||
users.users.root.hashedPassword = "";
|
||||
|
@ -34,7 +35,10 @@
|
|||
# no graphics. see nixos-shell
|
||||
virtualisation = {
|
||||
graphics = false;
|
||||
qemu.consoles = [ "tty0" "hvc0" ];
|
||||
qemu.consoles = [
|
||||
"tty0"
|
||||
"hvc0"
|
||||
];
|
||||
qemu.options = [
|
||||
"-serial null"
|
||||
"-device virtio-serial"
|
||||
|
@ -45,7 +49,10 @@
|
|||
};
|
||||
|
||||
# we can't forward port 80 or 443, so let's run nginx on a different port
|
||||
networking.firewall.allowedTCPPorts = [ 8443 8080 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
8443
|
||||
8080
|
||||
];
|
||||
services.nginx.defaultSSLListenPort = 8443;
|
||||
services.nginx.defaultHTTPListenPort = 8080;
|
||||
virtualisation.forwardPorts = [
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ modulesPath, lib, config, ... }: {
|
||||
{
|
||||
modulesPath,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ pkgs, modulesPath, ... }: {
|
||||
{ pkgs, modulesPath, ... }:
|
||||
{
|
||||
|
||||
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
|
||||
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ pkgs, lib, modulesPath, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) mkVMOverride;
|
||||
|
||||
in {
|
||||
in
|
||||
{
|
||||
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
|
||||
|
||||
fediversity = {
|
||||
|
|
Reference in a new issue