Network update and GIVC TLS #915

mbssrc · 2024-11-25T10:09:18Z

Description of changes

This patch re-works the networking and enables TLS for GIVC.

Updates

update flake inputs: givc, ctrl-panel

Changes to networking

auto-generate IP and MAC addresses
remove 'debug' network from ghaf. We can simply remove
the host from network in release and facilitate communication
over mem share

Note that

the ghaf-host-debug name no longer exists
all VMs + host run in 192.168.100.0 subnet
you may need to change your proxy jumps to adjust for the changed ghaf-host address (192.168.100.2)
all VMs are reachable through their host name

Changes to givc

enable tls
enable multiple admin service interfaces
centralize givc-cli arguments across ghaf

Checklist for things done

Instructions for Testing

List all targets that this applies to: Lenovo x1
Is this a new feature
- Test that all apps + functionality works as before
- Test that all VMs and host are reachable in the network
If it is an improvement how does it impact existing functionality?

modules/common/services/desktop.nix

Updates: - update flake inputs: givc, ctrl-panel Changes to networking: - auto-generate IP and MAC addresses - remove 'debug' network from ghaf. We can simply remove the host from network in release and facilitate communication over mem share Changes to givc: - enable tls - enable multiple admin service interfaces - centralize givc-cli arguments across ghaf Signed-off-by: Manuel Bluhm <[email protected]>

humaidq-tii · 2025-01-20T11:18:01Z

modules/common/common.nix

+    };
+    type = mkOption {
+      description = "Type of the ghaf component. One of 'host', 'system-vm', or 'app-vm'.";
+      type = types.str;


Makes sense to use lib.types.enum here.

humaidq-tii · 2025-01-20T11:22:11Z

modules/common/common.nix

  config = {
+
+    # Populate the shared namespace
+    ghaf = optionalAttrs (hasAttr "microvm" config) {


Would hasAttrByPath ["microvm" "vms"] config make this more readable? Instead of the two checks.

humaidq-tii · 2025-01-20T11:26:31Z

modules/givc/common.nix

+      };
+      port = mkOption {
+        description = "Port of admin server";
+        type = types.str;


We can use types.port here

humaidq-tii · 2025-01-20T11:27:16Z

modules/givc/common.nix

+      };
+      protocol = mkOption {
+        description = "Protocol of admin server";
+        type = types.str;


types.enum here would make sense.

brianmcgillion · 2025-01-20T11:39:41Z

modules/microvm/virtualization/microvm/modules.nix

@@ -46,11 +46,17 @@ let
    inherit (config.ghaf.qemu) audiovm;
  };

+  # Common namespace to pass parameters at built-time from host to VMs
+  commonModule = {
+    config.ghaf.common = config.ghaf.common;


mbssrc temporarily deployed to internal-build-workflow November 25, 2024 10:09 — with GitHub Actions Inactive

mbssrc force-pushed the givc-tls branch from e67cfa8 to c73765e Compare November 25, 2024 10:50

mbssrc temporarily deployed to internal-build-workflow November 25, 2024 10:50 — with GitHub Actions Inactive

dmitry-erin reviewed Dec 10, 2024

View reviewed changes

modules/common/services/desktop.nix Show resolved Hide resolved

mbssrc force-pushed the givc-tls branch from c73765e to 8eb0a98 Compare January 11, 2025 19:16

mbssrc temporarily deployed to internal-build-workflow January 11, 2025 19:16 — with GitHub Actions Inactive

mbssrc force-pushed the givc-tls branch from 8eb0a98 to 3cbc2da Compare January 11, 2025 19:31

mbssrc temporarily deployed to internal-build-workflow January 11, 2025 19:31 — with GitHub Actions Inactive

mbssrc force-pushed the givc-tls branch from 3cbc2da to 8d37b7b Compare January 11, 2025 19:36

mbssrc temporarily deployed to internal-build-workflow January 11, 2025 19:36 — with GitHub Actions Inactive

mbssrc force-pushed the givc-tls branch from 8d37b7b to 5e5a57e Compare January 11, 2025 20:08

mbssrc temporarily deployed to internal-build-workflow January 11, 2025 20:09 — with GitHub Actions Inactive

mbssrc force-pushed the givc-tls branch from 5e5a57e to 6740558 Compare January 12, 2025 10:10

mbssrc temporarily deployed to internal-build-workflow January 12, 2025 10:10 — with GitHub Actions Inactive

mbssrc changed the title ~~WIP: GIVC TLS~~ Network update and GIVC TLS Jan 12, 2025

mbssrc requested a review from brianmcgillion January 13, 2025 07:04

mbssrc mentioned this pull request Jan 16, 2025

Refactor hosts.nix #952

Closed

15 tasks

humaidq-tii requested changes Jan 20, 2025

View reviewed changes

brianmcgillion reviewed Jan 20, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Network update and GIVC TLS #915

Network update and GIVC TLS #915

mbssrc commented Nov 25, 2024 •

edited

Loading

humaidq-tii Jan 20, 2025

humaidq-tii Jan 20, 2025

humaidq-tii Jan 20, 2025

humaidq-tii Jan 20, 2025

brianmcgillion Jan 20, 2025

Network update and GIVC TLS #915

Are you sure you want to change the base?

Network update and GIVC TLS #915

Conversation

mbssrc commented Nov 25, 2024 • edited Loading

Description of changes

Updates

Changes to networking

Changes to givc

Checklist for things done

Instructions for Testing

humaidq-tii Jan 20, 2025

Choose a reason for hiding this comment

humaidq-tii Jan 20, 2025

Choose a reason for hiding this comment

humaidq-tii Jan 20, 2025

Choose a reason for hiding this comment

humaidq-tii Jan 20, 2025

Choose a reason for hiding this comment

brianmcgillion Jan 20, 2025

Choose a reason for hiding this comment

mbssrc commented Nov 25, 2024 •

edited

Loading