Skip to content

Instantly share code, notes, and snippets.

@erikarvstedt

erikarvstedt/nb-container-vm.sh

Created September 23, 2020 23:05
Download ZIP

Revisions

  1. erikarvstedt created this gist Sep 23, 2020.
    70 changes: 70 additions & 0 deletions nb-container-vm.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,70 @@
    vm=$(nix-build --no-out-link - <<'EOF'
    let
    # https://github.com/fort-nix/nix-bitcoin/issues/241
    nbConfig = { config, pkgs, lib, ... }:
    let
    nix-bitcoin = fetchGit rec {
    url = https://github.com/fort-nix/nix-bitcoin.git;
    ref = "master";
    rev = "43cac9d35e94f58c615aa9bd71e46310ddf17ab8";
    name = "nix-bitcoin-${rev}";
    };
    containerName = "nix-bitcoin"; # container name length is limited to 11 chars
    localAddress = "10.251.0.2"; # container address
    hostAddress = "10.251.0.1";
    in {
    systemd.tmpfiles.rules = [
    "d /hdd/bitcoin - root root - -"
    "d /hdd/bitcoin/bitcoind - root root - -"
    ];
    containers.${containerName} = {
    bindMounts."/bitcoin" = {
    hostPath = "/hdd/bitcoin";
    isReadOnly = false;
    };
    autoStart = true;
    privateNetwork = true;
    inherit localAddress hostAddress;
    config = { pkgs, config, lib, ... }: {
    imports = [
    "${nix-bitcoin}/modules/presets/secure-node.nix"
    "${nix-bitcoin}/modules/secrets/generate-secrets.nix"
    ];
    # Speed up evaluation
    documentation.nixos.enable = false;
    services.bitcoind = {
    enable = true;
    package = pkgs.bitcoind;
    dataDir = "/bitcoin/bitcoind";
    };
    networking.hostName = "nix-bitcoin";
    time.timeZone = "UTC";
    };
    };
    # Allow WAN access
    systemd.services."container@${containerName}" = {
    preStart = "${pkgs.iptables}/bin/iptables -w -t nat -A POSTROUTING -s ${localAddress} -j MASQUERADE";
    # Delete rule
    postStop = "${pkgs.iptables}/bin/iptables -w -t nat -D POSTROUTING -s ${localAddress} -j MASQUERADE || true";
    };
    };
    in
    (import <nixpkgs/nixos> {
    configuration = { pkgs, lib, ... }: with lib; {
    imports = [ nbConfig ];
    virtualisation.graphics = false;
    services.mingetty.autologinUser = "root";
    };
    }).vm
    EOF
    )
    export NIX_DISK_IMAGE=/tmp/vmimg; rm -f $NIX_DISK_IMAGE; QEMU_OPTS='-m 1024 -smp 3' $vm/bin/run-*-vm