From 23fc7d26679f769cc5008d3cf074f35dbba85c90 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Sat, 25 May 2024 18:29:34 -0400
Subject: [PATCH] add journal merging and ssh
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
lib/microvms.nix | 36 ++++++++++++++++++++++++++++--
modules/opt/microvm-host.nix | 16 ++++++-------
systems/palatine-hill/microvms.nix | 1 +
3 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/lib/microvms.nix b/lib/microvms.nix
index a16f8dd..cef59e7 100644
--- a/lib/microvms.nix
+++ b/lib/microvms.nix
@@ -6,13 +6,14 @@ rec {
host:
{
ipv4,
+ machine-id,
server ? false,
}:
- genMicroVM host ipv4 "x86_64-linux" (if server then server-config else agent-config)
+ genMicroVM host ipv4 "x86_64-linux" machine-id (if server then server-config else agent-config)
) vms;
genMicroVM =
- hostName: ipv4: _system: vm-config:
+ hostName: ipv4: _system: machine-id: vm-config:
# microvm refers to microvm.nixosModules
# {
@@ -35,6 +36,12 @@ rec {
imports = [ vm-config ];
# It is highly recommended to share the host's nix-store
# with the VMs to prevent building huge images.
+
+ environment.etc."machine-id" = {
+ mode = "0644";
+ text = machine-id + "\n";
+ };
+
microvm.shares = [
{
source = "/nix/store";
@@ -42,6 +49,15 @@ rec {
tag = "ro-store";
proto = "virtiofs";
}
+ {
+ # On the host
+ source = "/var/lib/microvms/${hostName}/journal";
+ # In the MicroVM
+ mountPoint = "/var/log/journal";
+ tag = "journal";
+ proto = "virtiofs";
+ socket = "journal.sock";
+ }
];
networking = {
@@ -54,6 +70,22 @@ rec {
];
};
+ services.openssh.enable = true;
+ users.users.alice = {
+ openssh.authorizedKeys.keys = [
+ # photon
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588"
+ # gh
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoaEmzaS9vANckvBmqrYSHdFR0sPL4Xgeonbh9KcgFe gitlab keypair"
+ # janus
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfcO9p5opG8Tym6tcLkat6YGCcE6vwg0+V4MTC5WKop alice@parthenon-7588"
+ # palatine
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP59pDsx34k2ikrKa0eVacj0APSGivaij3lP9L0Zd9au alice@parthenon-7588"
+ # jeeves
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDgkUndkfns6f779T5ckHOVhyOKP8GttQ9RfaO9uJdx alice@parthenon-7588"
+ ];
+ isNormalUser = true;
+ };
# Any other configuration for your MicroVM
# [...]
};
diff --git a/modules/opt/microvm-host.nix b/modules/opt/microvm-host.nix
index 3673018..07605bd 100644
--- a/modules/opt/microvm-host.nix
+++ b/modules/opt/microvm-host.nix
@@ -22,13 +22,13 @@ in
microvm.vms = cfg.vms;
# TODO: deprecate this once we have syslog forwarders
- # systemd.tmpfiles.rules = map (
- # vmHost:
- # let
- # machineId = lib.addresses.machineId.${vmHost};
- # in
- # # creates a symlink of each MicroVM's journal under the host's /var/log/journal
- # "L+ /var/log/journal/${machineId} - - - - /var/lib/microvms/${vmHost}/journal/${machineId}"
- # ) (builtins.attrNames lib.addresses.machineId);
+ systemd.tmpfiles.rules = map (
+ vmHost:
+ let
+ machineId = cfg.vms.${vmHost}.config.environment.etc."machine-id".text;
+ in
+ # creates a symlink of each MicroVM's journal under the host's /var/log/journal
+ "L+ /var/log/journal/${machineId} - - - - /var/lib/microvms/${vmHost}/journal/${machineId}"
+ ) (builtins.attrNames cfg.vms);
};
}
diff --git a/systems/palatine-hill/microvms.nix b/systems/palatine-hill/microvms.nix
index 44abf16..a1ad488 100644
--- a/systems/palatine-hill/microvms.nix
+++ b/systems/palatine-hill/microvms.nix
@@ -16,6 +16,7 @@ in
{
"ph-server-1" = {
ipv4 = "192.168.69.10";
+ machine-id = "d694ad1e88b356887bb204ac665263f7";
server = true;
};
# "ph-agent-1" = {