feat: add microvm to icarus (#972)

flake/hosts.nix

@@ -92,6 +92,7 @@
             hostName = name;
             tailnet = "tail68e9c";
             inherit adminUser;
+            inherit self;
             hostConfigurations =
               mapAttrs' (name: conf: {
                 inherit name;

hosts/x86_64-linux/icarus.nix

@@ -3,6 +3,7 @@
   config,
   pkgs,
   hostName,
+  self,
   ...
 }: {
   publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaa82NwBC+ty4Wyeuf5kdava7huSYF6k0NYF2ahwayW";
@@ -116,6 +117,22 @@
   #   "master-8be5-f2ba"
   # ];
 
+  microvm = let
+    vms = [
+      "playground"
+    ];
+  in {
+    vms = builtins.listToAttrs (map (name: {
+        inherit name;
+        value = {
+          flake = self;
+          updateFlake = "github:johnae/world";
+        };
+      })
+      vms);
+    autostart = vms;
+  };
+
   networking.useDHCP = false;
   networking.nat = {
     enable = true;
@@ -245,6 +262,11 @@
       file = ../../secrets/ts-google-9k.age;
       owner = "${toString adminUser.uid}";
     };
+    ssh_host_microvm_ed25519_key = {
+      file = ../../secrets/ssh_host_microvm_ed25519_key.age;
+      path = "/var/lib/microvm-secrets/ssh_host_ed25519_key";
+      symlink = false;
+    };
   };
 
   security.acme.certs = {

microvms/x86_64-linux/playground.nix

@@ -0,0 +1,76 @@
+{
+  adminUser,
+  config,
+  hostName,
+  ...
+}: {
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRUfwPUxHqtVRsV3CdDRDEAYTg28ZdK5/Mz/GlcZdiv";
+  imports = [
+    ../../profiles/admin-user/home-manager.nix
+    ../../profiles/admin-user/user.nix
+    ../../profiles/home-manager.nix
+    ../../profiles/microvm.nix
+    ../../profiles/tailscale.nix
+    ../../profiles/zram.nix
+  ];
+
+  home-manager.useUserPackages = true;
+  home-manager.useGlobalPkgs = true;
+
+  age.secrets = {
+    ts-google-9k = {
+      file = ../../secrets/ts-google-9k.age;
+    };
+  };
+
+  age.identityPaths = ["/microvm-secrets/ssh_host_ed25519_key"];
+
+  services.openssh.hostKeys = [
+    {
+      path = "/microvm-secrets/ssh_host_ed25519_key";
+      type = "ed25519";
+    }
+  ];
+
+  services.tailscale.auth = {
+    enable = true;
+    args.advertise-tags = ["tag:server"];
+    args.ssh = true;
+    args.accept-routes = false;
+    args.accept-dns = true;
+    args.advertise-exit-node = true;
+    args.auth-key = "file:/var/run/agenix/ts-google-9k";
+  };
+
+  fileSystems."/microvm-secrets".neededForBoot = true;
+  fileSystems."/keep".neededForBoot = true;
+
+  microvm.writableStoreOverlay = "/nix/.rw-store";
+  microvm.volumes = [
+    {
+      image = "nix-store-overlay.img";
+      mountPoint = config.microvm.writableStoreOverlay;
+      size = 2048;
+    }
+  ];
+  microvm.shares = [
+    {
+      proto = "virtiofs";
+      tag = "microvm-secrets";
+      source = "/var/lib/microvm-secrets";
+      mountPoint = "/microvm-secrets";
+    }
+    {
+      proto = "virtiofs";
+      tag = "keep";
+      source = "/var/lib/microvms/${hostName}/keep";
+      mountPoint = "/keep";
+    }
+  ];
+
+  home-manager = {
+    users.${adminUser.name} = {
+      imports = [../../users/profiles/headless.nix];
+    };
+  };
+}