Add: forbann VM

2025-10-04 12:35:54 +02:00 · 2025-10-04 12:35:54 +02:00 · b3fb1d7fa8
commit b3fb1d7fa8
parent fd9f5e202c
3 changed files with 85 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -32,7 +32,6 @@
  in 

  {
-# --- Host NixOS (x86_64) ---
    nixosConfigurations = {
      pennsardin = nixpkgs-unstable.lib.nixosSystem {
        system = "x86_64-linux";
@ -56,6 +55,14 @@
            home-manager-stable.nixosModules.home-manager
        ];
      };
+
+      forbann = nixpkgs-stable.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./hosts/forbann/configuration.nix
+          "${nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
+        ];
+      };
    };

 # --- DevShell (x86_64 uniquement) ---
--- a/hosts/forbann/configuration.nix
+++ b/hosts/forbann/configuration.nix
@ -0,0 +1,67 @@
+{ config, pkgs, ...}:
+{
+  boot.loader.grub = {
+    enable = true ;
+    device = "/dev/vda";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/vda1" ;
+    fsType = "ext4" ;
+  };
+
+  fileSystems."/srv" = {
+    device = "shared0" ;
+    fsType = "9p" ;
+    options = [ "trans=virtio" "version=9p2000.L" "rw" ];
+    neededForBoot = false ;
+    noCheck = true ;
+  };
+
+  systemd.services.mountShared = {
+    description = "Mount 9p shared folder" ;
+    after = [ "local-fs.target" "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot" ;
+      ExecStart = "${pkgs.util-linux}/bin/mount -t 9p -o trans=virtio,version=9p2000.L shared0 /srv";
+      RemainAfterExit = true ;
+    };
+  };
+
+  boot.kernelPackages = pkgs.linuxPackages ;
+  boot.initrd.supportedFilesystems = [ "ext4" ];
+
+  networking = {
+    useDHCP = true;
+    useNetworkd = true ;
+    hostName = "forbann" ;
+  };
+
+  systemd.network = {
+    enable = true ;
+    networks."10-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        Address = "192.168.1.10/24";
+        Gateway = "192.168.0.254" ;
+        DNS = "192.168.0.254" ;
+      };
+    };
+  };
+
+  services.openssh.enable = true ;
+
+  services.rtorrent = {
+    enable = true ;
+    dataDir = "/home/vmuser/torrents" ;
+  };
+
+  users.users.vmuser = {
+    isNormalUser = true ;
+    extraGroups = [ "wheel" ];
+    password = "changeme" ;
+  };
+
+  system.stateVersion = "25.05" ;
+}
--- a/modules/common/qemu.nix
+++ b/modules/common/qemu.nix
@ -5,6 +5,7 @@
 }: {
  boot.kernelModules = lib.mkAfter ["tun"];
  environment.systemPackages = with pkgs; [
+    qemu
    qemu_kvm
    virtiofsd
  ];
@ -12,6 +13,7 @@
  services = {
    udev.extraRules = ''
      SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
+      KERNEL=="tun", GROUP="kvm", MODE="0660"
    '';
    spice-vdagentd.enable = true;
    resolved.enable = true;
@ -32,6 +34,14 @@
  environment.etc."qemu/bridge.conf".text = ''
    allow br0
  '';
+
+  security.wrappers.qemu-bridge-helper = lib.mkForce {
+    source = "${pkgs.qemu}/libexec/qemu-bridge-helper";
+    owner = "root";
+    group = "kvm";
+    setuid = true ;
+    permissions = "u+rwx,g+rx,o+rx";
+  };
 }
 # vim: set ts=2 sw=2 sts=2 et :