system/common: add incus module

2024-04-21 12:29:47 +02:00 · 2024-04-21 12:29:47 +02:00 · 4fc3e01dbe
commit 4fc3e01dbe
parent 204b469f1a
5 changed files with 85 additions and 0 deletions
--- a/hosts/hijiri/default.nix
+++ b/hosts/hijiri/default.nix
@ -23,6 +23,7 @@
        ];
        programs.alacritty.settings.font.size = 14;
      };
+      common.incus.enable = true;

      system.defaults = {
        ".GlobalPreferences" = {
--- a/hosts/legion/default.nix
+++ b/hosts/legion/default.nix
@ -31,6 +31,7 @@
        hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
        networkmanager.enable = true;
        firewall.trustedInterfaces = [ "tailscale0" ];
+        nftables.enable = true;
      };
      systemd.services.NetworkManager-wait-online.enable = false;

@ -47,5 +48,6 @@
          instances = 4;
        };
      };
+      common.incus.enable = true;
    };
 }
--- a/hosts/ude/default.nix
+++ b/hosts/ude/default.nix
@ -19,6 +19,7 @@
        loader.systemd-boot.configurationLimit = 1;
        loader.efi.canTouchEfiVariables = true;
      };
+      networking.nftables.enable = true;

      common.hercules.enable = true;
      services.hercules-ci-agent.settings.concurrentTasks = 6;
@ -29,6 +30,7 @@
          instances = 6;
        };
      };
+      common.incus.enable = true;

      services.nginx = {
        enable = true;
--- a/modules/system/common/default.nix
+++ b/modules/system/common/default.nix
@ -65,6 +65,7 @@ in
    (import ./hercules.nix { inherit isLinux; })
    (import ./user.nix { inherit isLinux; })
    (import ./github-runner.nix { inherit isLinux; })
+    (import ./incus.nix { inherit isLinux; })
  ];

  config = lib.mkMerge [
--- a/modules/system/common/incus.nix
+++ b/modules/system/common/incus.nix
@ -0,0 +1,79 @@
+{ isLinux }:
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) mkOption types;
+
+  cfg = config.common.incus;
+
+  sharedConfig = {
+    environment.systemPackages = [ cfg.clientPackage ];
+  };
+
+  linuxConfig = lib.optionalAttrs isLinux {
+    virtualisation.incus = lib.mkIf (!cfg.clientOnly) {
+      enable = true;
+      inherit (cfg) package clientPackage;
+      preseed = {
+        networks = [
+          {
+            name = "incusbr0";
+            type = "bridge";
+            config = {
+              "ipv4.address" = "10.0.100.1/24";
+              "ipv4.nat" = "true";
+            };
+          }
+        ];
+        storage_pools = [
+          {
+            name = "default";
+            driver = "dir";
+            config = {
+              source = "/var/lib/incus/storage-pools/default";
+            };
+          }
+        ];
+      };
+    };
+  };
+
+  darwinConfig = lib.optionalAttrs (!isLinux) {
+    assertions = [
+      {
+        assertion = cfg.enable -> cfg.clientOnly;
+        message = "Darwin cannot be an incus host";
+      }
+    ];
+  };
+in
+{
+  _file = ./incus.nix;
+
+  options.common.incus = {
+    enable = lib.mkEnableOption "incus, the VM and container manager";
+    clientOnly = mkOption {
+      type = types.bool;
+      default = !isLinux;
+    };
+    package = lib.mkPackageOption pkgs "incus" { };
+    clientPackage = lib.mkOption {
+      type = types.package;
+      default = cfg.package.client;
+      defaultText = lib.literalExpression "config.common.incus.package.client";
+      description = "The incus client package to use. This package is added to PATH.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      sharedConfig
+      linuxConfig
+      darwinConfig
+    ]
+  );
+}