135 lines
3 KiB
Nix
135 lines
3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
vmsilo,
|
|
stdenv,
|
|
...
|
|
}:
|
|
|
|
{
|
|
nix = {
|
|
settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
};
|
|
|
|
# User needs to have uid explicitly specified
|
|
users.users.david = {
|
|
uid = 1000;
|
|
group = "david";
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
};
|
|
users.groups.david.gid = 1000;
|
|
|
|
programs.vmsilo =
|
|
let
|
|
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
commonGuestPrograms = with pkgs; [
|
|
firefox
|
|
kdePackages.konsole
|
|
vim
|
|
git
|
|
screen
|
|
strace
|
|
tcpdump
|
|
curl
|
|
jq
|
|
dig
|
|
bc
|
|
net-tools
|
|
];
|
|
in
|
|
{
|
|
enable = true;
|
|
user = "david";
|
|
|
|
nixosVms = {
|
|
untrusted = {
|
|
color = "darkred";
|
|
memory = 4096;
|
|
cpus = 4;
|
|
network = {
|
|
netvm = "netvm";
|
|
nameservers = [ "8.8.8.8" ];
|
|
};
|
|
guestConfig = [
|
|
vmsilo.nixosModules.optionalGuestSettings
|
|
];
|
|
guestPrograms = commonGuestPrograms;
|
|
};
|
|
|
|
trusted = {
|
|
color = "darkgreen";
|
|
memory = 4096;
|
|
cpus = 4;
|
|
network = {
|
|
netvm = "vpnvm";
|
|
nameservers = [ "8.8.8.8" ];
|
|
};
|
|
guestConfig = [
|
|
vmsilo.nixosModules.optionalGuestSettings
|
|
];
|
|
guestPrograms = commonGuestPrograms;
|
|
};
|
|
|
|
vpnvm = {
|
|
# VPN VM, other VMs with netvm="vpnvm" get trusted access
|
|
color = "darkgreen";
|
|
memory = 768;
|
|
cpus = 2;
|
|
gpu = false;
|
|
sound.playback = false;
|
|
network = {
|
|
isNetvm = true;
|
|
netvm = "netvm";
|
|
nameservers = [ "8.8.8.8" ];
|
|
};
|
|
guestConfig = [
|
|
vmsilo.nixosModules.optionalGuestSettings
|
|
{
|
|
networking = {
|
|
wireguard.enable = true;
|
|
wireguard.interfaces.wg-mgmt = {
|
|
privateKeyFile = "/home/user/wg.key"; # Place private key at /shared/netvm/wg.key
|
|
ips = [
|
|
"192.168.0.5/32"
|
|
];
|
|
peers = [
|
|
{
|
|
name = "router";
|
|
publicKey = "xxxpeerpubkey==";
|
|
endpoint = "wireguard.example.org:51820";
|
|
allowedIPs = [
|
|
"192.168.0.0/24"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
netvm = {
|
|
color = "red";
|
|
autoStart = true;
|
|
memory = 768;
|
|
cpus = 2;
|
|
gpu = false;
|
|
sound.playback = false;
|
|
sharedHome = false;
|
|
network = {
|
|
isNetvm = true;
|
|
netvm = "host";
|
|
nameservers = [ "8.8.8.8" ];
|
|
};
|
|
guestConfig = [
|
|
vmsilo.nixosModules.optionalGuestSettings
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|