From b3fb1d7fa8386d3da0251f15d2b753c39e0a5c06 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 4 Oct 2025 12:35:54 +0200 Subject: [PATCH] Add: forbann VM --- flake.nix | 9 ++++- hosts/forbann/configuration.nix | 67 +++++++++++++++++++++++++++++++++ modules/common/qemu.nix | 10 +++++ 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 hosts/forbann/configuration.nix diff --git a/flake.nix b/flake.nix index 86c8e5c..7333bc4 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,6 @@ in { -# --- Host NixOS (x86_64) --- nixosConfigurations = { pennsardin = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; @@ -56,6 +55,14 @@ home-manager-stable.nixosModules.home-manager ]; }; + + forbann = nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/forbann/configuration.nix + "${nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix" + ]; + }; }; # --- DevShell (x86_64 uniquement) --- diff --git a/hosts/forbann/configuration.nix b/hosts/forbann/configuration.nix new file mode 100644 index 0000000..bc3b526 --- /dev/null +++ b/hosts/forbann/configuration.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ...}: +{ + boot.loader.grub = { + enable = true ; + device = "/dev/vda"; + }; + + fileSystems."/" = { + device = "/dev/vda1" ; + fsType = "ext4" ; + }; + + fileSystems."/srv" = { + device = "shared0" ; + fsType = "9p" ; + options = [ "trans=virtio" "version=9p2000.L" "rw" ]; + neededForBoot = false ; + noCheck = true ; + }; + + systemd.services.mountShared = { + description = "Mount 9p shared folder" ; + after = [ "local-fs.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot" ; + ExecStart = "${pkgs.util-linux}/bin/mount -t 9p -o trans=virtio,version=9p2000.L shared0 /srv"; + RemainAfterExit = true ; + }; + }; + + boot.kernelPackages = pkgs.linuxPackages ; + boot.initrd.supportedFilesystems = [ "ext4" ]; + + networking = { + useDHCP = true; + useNetworkd = true ; + hostName = "forbann" ; + }; + + systemd.network = { + enable = true ; + networks."10-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + Address = "192.168.1.10/24"; + Gateway = "192.168.0.254" ; + DNS = "192.168.0.254" ; + }; + }; + }; + + services.openssh.enable = true ; + + services.rtorrent = { + enable = true ; + dataDir = "/home/vmuser/torrents" ; + }; + + users.users.vmuser = { + isNormalUser = true ; + extraGroups = [ "wheel" ]; + password = "changeme" ; + }; + + system.stateVersion = "25.05" ; +} diff --git a/modules/common/qemu.nix b/modules/common/qemu.nix index a701233..5fc15f6 100644 --- a/modules/common/qemu.nix +++ b/modules/common/qemu.nix @@ -5,6 +5,7 @@ }: { boot.kernelModules = lib.mkAfter ["tun"]; environment.systemPackages = with pkgs; [ + qemu qemu_kvm virtiofsd ]; @@ -12,6 +13,7 @@ services = { udev.extraRules = '' SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + KERNEL=="tun", GROUP="kvm", MODE="0660" ''; spice-vdagentd.enable = true; resolved.enable = true; @@ -32,6 +34,14 @@ environment.etc."qemu/bridge.conf".text = '' allow br0 ''; + + security.wrappers.qemu-bridge-helper = lib.mkForce { + source = "${pkgs.qemu}/libexec/qemu-bridge-helper"; + owner = "root"; + group = "kvm"; + setuid = true ; + permissions = "u+rwx,g+rx,o+rx"; + }; } # vim: set ts=2 sw=2 sts=2 et :