{ flake, pkgs, config, ... }: let inherit (flake.config.people) user0; inherit (flake.config.machines) devices; mars = devices.mars.name; ceres = devices.ceres.name; eris = devices.eris.name; deimos = devices.deimos.name; phobos = devices.phobos.name; hostname = config.networking.hostName; deviceLogic = var0: var1: var2: var3: var4: if hostname == ceres then var0 else if hostname == eris then var1 else if hostname == mars then var2 else if hostname == deimos then var3 else if hostname == phobos then var4 else var0; macOctet = deviceLogic "57" "58" "59" "60" "61"; in { microvm = { vms = { defenseio = { autostart = true; config = let ceresCpu = 45; erisCpu = 5; marsCpu = 20; deimosCpu = 5; phobosCpu = 5; macAddress = "02:00:00:00:00:${macOctet}"; workers = deviceLogic ceresCpu erisCpu marsCpu deimosCpu phobosCpu; in { environment.systemPackages = [ pkgs.git pkgs.ncurses pkgs.python313 ]; microvm = { forwardPorts = [ { from = "host"; host.port = 2058; guest.port = 22; } ]; hypervisor = "qemu"; interfaces = [ { type = "user"; id = "uservm-dfo"; mac = macAddress; } ]; mem = let num = 1024; ceresRam = num * 50; erisRam = num * 7; marsRam = num * 24; deimosRam = num * 7; phobosRam = num * 7; in deviceLogic ceresRam erisRam marsRam deimosRam phobosRam; shares = [ { mountPoint = "/nix/.ro-store"; proto = "virtiofs"; source = "/nix/store"; tag = "read_only_nix_store"; } { mountPoint = "/var/lib/defenseio-data"; proto = "virtiofs"; source = "/var/lib/defenseio-data"; tag = "defenseio_data"; } ]; vcpu = workers; }; networking.firewall.allowedTCPPorts = [ 22 ]; services = { openssh = { enable = true; settings.PasswordAuthentication = false; }; }; system.stateVersion = "25.05"; systemd = { network = { enable = true; networks."20-user" = { matchConfig.MACAddress = macAddress; networkConfig = { DHCP = "yes"; }; }; }; tmpfiles.rules = [ "d /var/lib/defenseio-data 0755 root root - -" ]; services = { defenseio-miner = { after = [ "network-online.target" ]; description = "DefenseIOMiner - DFO token miner"; serviceConfig = { Environment = [ "PATH=/run/current-system/sw/bin" "TERM=xterm-256color" ]; ExecStartPre = pkgs.writeShellScript "setup-miner" '' # Create venv if not already present (persists on virtiofs mount) if [ ! -d /var/lib/defenseio-data/venv ]; then ${pkgs.python313}/bin/python -m venv /var/lib/defenseio-data/venv fi # Install/upgrade dependencies /var/lib/defenseio-data/venv/bin/pip install --upgrade pip /var/lib/defenseio-data/venv/bin/pip install requests pycardano cbor2 portalocker # Clone repo if not already present if [ ! -d /var/lib/defenseio-data/MidnightMiner ]; then cd /var/lib/defenseio-data ${pkgs.git}/bin/git clone https://github.com/djeanql/MidnightMiner.git else cd /var/lib/defenseio-data/MidnightMiner ${pkgs.git}/bin/git pull fi # Show current commit cd /var/lib/defenseio-data/MidnightMiner echo "Current commit: $(${pkgs.git}/bin/git log -1 --format='%h - %s')" ''; ExecStart = pkgs.writeShellScript "run-miner" '' export PATH=/run/current-system/sw/bin:$PATH cd /var/lib/defenseio-data/MidnightMiner /var/lib/defenseio-data/venv/bin/python miner.py --defensio --workers ${toString workers} --no-donation ''; Restart = "always"; RestartSec = 10; }; wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; }; }; }; time.timeZone = "America/Winnipeg"; users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; }; }; }; }; systemd.tmpfiles.rules = [ "d /var/lib/defenseio-data 0751 microvm wheel - -" ]; }