vm host setup

configs/default.nix

@@ -231,8 +231,8 @@ in
     ./nix.nix
     ./newsboat.nix
     ./flameshot.nix
-    ./fritzbox.nix
     ./packages.nix
+    ./virtualization.nix
     ./picom.nix
     ./stardict.nix
     ./polkit.nix
@@ -257,7 +257,6 @@ in
       '';
     }
     ./tor.nix
-    ./stw-berlin.nix
     ./mastodon-bot.nix
     {
       fileSystems."${remoteDir}/fritz" = {

configs/fritzbox.nix

@@ -1,19 +0,0 @@
-{ config, ... }:
-{
-  networking.firewall.allowedUDPPorts = [ 51820 ];
-  networking.wg-quick.interfaces.aether = {
-    autostart = false;
-    dns = ["192.168.178.1" "fritz.box"];
-    listenPort = 51820;
-    privateKeyFile = config.age.secrets.wireguard-aether-key.path;
-    peers = [
-      {
-        allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
-        endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
-        persistentKeepalive = 25;
-        presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
-        publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
-      }
-    ];
-  };
-}

configs/stw-berlin.nix

@@ -1,52 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
-  age.secrets.stw-berlin-card-code.file = ../secrets/stw-berlin-card-code.age;
-
-  systemd.services.stw-berlin = {
-    enable = true;
-    wants = ["network-online.target"];
-    startAt = "weekly";
-    serviceConfig = {
-      User = config.users.users.me.name;
-      Group = config.users.users.me.group;
-      WorkingDirectory = "/home/kfm/cloud/nextcloud/Uni/Meta/Mensa";
-      LoadCredential = [
-        "password:${config.age.secrets.stw-berlin-card-code.path}"
-      ];
-    };
-    script = ''
-      KARTEN_ID=8071859
-      PASSWORT=$(cat "$CREDENTIALS_DIRECTORY"/password)
-
-      endpoint=https://ks.stw.berlin:4433/TL1/TLM/KASVC
-      authorization_header='Authorization: Basic S0FTVkM6ekt2NXlFMUxaVW12VzI5SQ=='
-
-      get_auth_token() {
-        ${pkgs.curl}/bin/curl -sSL "$endpoint/LOGIN?karteNr=$KARTEN_ID&format=JSON&datenformat=JSON" \
-          -X POST \
-          -H "$authorization_header" \
-          --data-raw '{"BenutzerID":"'$KARTEN_ID'","Passwort":"'$PASSWORT'"}' \
-          | ${pkgs.jq}/bin/jq -r '.[0].authToken|@uri'
-      }
-
-
-      get_transactions() {
-        ${pkgs.curl}/bin/curl -sSL "$endpoint/TRANS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-          -H "$authorization_header" \
-          | ${pkgs.jq}/bin/jq
-      }
-
-      get_items() {
-        ${pkgs.curl}/bin/curl -sSL "$endpoint/TRANSPOS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-          -H "$authorization_header" \
-          | ${pkgs.jq}/bin/jq
-      }
-
-      get_transactions > transactions-$(date -I).json
-      get_items > items-$(date -I).json
-    '';
-  };
-}

configs/virtualization.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  users.users.me.extraGroups = [ "libvirtd" ];
+  virtualisation.libvirtd.enable = true;
+
+  # Enable TPM support for VMs
+  virtualisation.libvirtd.qemu = {
+    # swtpm.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    virt-manager
+  ];
+}

systems/fatteh/configuration.nix

@@ -41,8 +41,6 @@ in {
     wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
   };
 
-  networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
-
   networking.hostName = "fatteh";
   networking.retiolum = retiolumAddresses.fatteh;
 

systems/kabsa/configuration.nix

@@ -45,8 +45,6 @@ in {
     wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
   };
 
-  networking.wg-quick.interfaces.aether.address = ["192.168.178.203/24"];
-
   environment.systemPackages = [pkgs.zeroad];
 
   networking = {

systems/manakish/configuration.nix

@@ -36,8 +36,6 @@ in {
     wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
   };
 
-  networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
-
   niveum = {
     batteryName = "BAT0";
     wirelessInterface = "wlp3s0";