nixos-demo/computer/pc-demo2/microvm.nix

{ flake, ... }:

{
  sops = {
    secrets = {
      "vms/m1/services/openssh/key/ed25519" = {};
      "vms/m1/services/openssh/key/rsa" = {};
      "vms/w1/services/openssh/key/ed25519" = {};
      "vms/w1/services/openssh/key/rsa" = {};
    };
  };

  systemd.tmpfiles.rules = [
    "d /etc/microvms/m1/ssh/ 0755 root root - -"
    "d /etc/microvms/w1/ssh/ 0755 root root - -"
  ];

  systemd.network.networks."10-lan".matchConfig.Name = ["vm-*-01"];
  systemd.network.networks."20-storage".matchConfig.Name = ["vm-*-02"];

  systemd.services = {
    "microvm@m1" = {
      unitConfig = {
        AssertPathExists = "/run/secrets/vms/m1/services/openssh/key/ed25519";
        AssertFileNotEmpty = "/run/secrets/vms/m1/services/openssh/key/ed25519";
      };
    };
    "microvm@w1" = {
      unitConfig = {
        AssertPathExists = "/run/secrets/vms/w1/services/openssh/key/ed25519";
        AssertFileNotEmpty = "/run/secrets/vms/w1/services/openssh/key/ed25519";
      };
    };
  };

  microvm = {
    vms = {
      m1 = {
        flake = flake;
        updateFlake = "git+https://code.beancloud.de/beancloud/datacenter.git?ref=master";
        restartIfChanged = true;
      };
      w1 = {
        flake = flake;
        updateFlake = "git+https://code.beancloud.de/beancloud/datacenter.git?ref=master";
        restartIfChanged = true;
      };
    };
    autostart = [ "m1" "w1" ];
  };
}
initial cleaned up config 2025-07-12 00:28:21 +02:00			`{ flake, ... }:`

			`{`
			`sops = {`
			`secrets = {`
			`"vms/m1/services/openssh/key/ed25519" = {};`
			`"vms/m1/services/openssh/key/rsa" = {};`
			`"vms/w1/services/openssh/key/ed25519" = {};`
			`"vms/w1/services/openssh/key/rsa" = {};`
			`};`
			`};`

			`systemd.tmpfiles.rules = [`
			`"d /etc/microvms/m1/ssh/ 0755 root root - -"`
			`"d /etc/microvms/w1/ssh/ 0755 root root - -"`
			`];`

			`systemd.network.networks."10-lan".matchConfig.Name = ["vm-*-01"];`
			`systemd.network.networks."20-storage".matchConfig.Name = ["vm-*-02"];`

			`systemd.services = {`
			`"microvm@m1" = {`
			`unitConfig = {`
			`AssertPathExists = "/run/secrets/vms/m1/services/openssh/key/ed25519";`
			`AssertFileNotEmpty = "/run/secrets/vms/m1/services/openssh/key/ed25519";`
			`};`
			`};`
			`"microvm@w1" = {`
			`unitConfig = {`
			`AssertPathExists = "/run/secrets/vms/w1/services/openssh/key/ed25519";`
			`AssertFileNotEmpty = "/run/secrets/vms/w1/services/openssh/key/ed25519";`
			`};`
			`};`
			`};`

			`microvm = {`
			`vms = {`
			`m1 = {`
			`flake = flake;`
			`updateFlake = "git+https://code.beancloud.de/beancloud/datacenter.git?ref=master";`
			`restartIfChanged = true;`
			`};`
			`w1 = {`
			`flake = flake;`
			`updateFlake = "git+https://code.beancloud.de/beancloud/datacenter.git?ref=master";`
			`restartIfChanged = true;`
			`};`
			`};`
			`autostart = [ "m1" "w1" ];`
			`};`
			`}`