edge01: systemd unit for running RIPE Atlas anchor VM
Change-Id: I5d91c3b3075c404af92d40f33a48a487b84ec7a5
diff --git a/bgpwtf/machines/modules/anchorvm.nix b/bgpwtf/machines/modules/anchorvm.nix
new file mode 100644
index 0000000..9c7b17f
--- /dev/null
+++ b/bgpwtf/machines/modules/anchorvm.nix
@@ -0,0 +1,44 @@
+# This module runs the RIPE anchor VM in a bare qemu.
+# It's expected that a storage LV is created independently and passed as blkdev.
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ cfg = config.hscloud.anchorvm;
+
+in {
+ options.hscloud.anchorvm = {
+ blkdev = mkOption {
+ type = types.str;
+ description = "Root block device";
+ };
+ bridge = mkOption {
+ type = types.str;
+ description = "bridge interface";
+ };
+ ram = mkOption {
+ type = types.int;
+ description = "memory allocated to the vm";
+ default = 2048;
+ };
+ };
+
+ config.systemd.services.anchorvm = {
+ wantedBy = [ "multi-user.target" ];
+ after = [
+ "network.target"
+ ];
+ serviceConfig = {
+ Type = "simple";
+ # spawn=allow needed for bridge helper
+ ExecStart = ''${pkgs.qemu}/bin/qemu-kvm \
+ -nographic -m ${toString cfg.ram} -smp 2 \
+ -drive file=${cfg.blkdev},if=virtio,cache=none,format=raw \
+ -nic bridge,br=${cfg.bridge},model=virtio-net-pci \
+ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=allow,resourcecontrol=deny
+ '';
+ Restart = "always";
+ };
+ };
+}