update README

2023-11-23 16:03:07 +01:00 · 2023-11-23 16:03:07 +01:00 · 44713c6933
commit 44713c6933
parent 658f9449fc
9 changed files with 422 additions and 43 deletions
--- a/nix/os/devices/sj-bm-hostkey0/.gitignore
+++ b/nix/os/devices/sj-bm-hostkey0/.gitignore
@ -0,0 +1 @@
+result
--- a/nix/os/devices/sj-bm-hostkey0/README.md
+++ b/nix/os/devices/sj-bm-hostkey0/README.md
@ -0,0 +1,7 @@
+## bootstrapping
+
+```
+# TODO: generate an SSH host-key and deploy it via --extra-files 
+nixos-anywhere --flake .\#sj-bm-hostkey0 root@185.130.227.252
+```
+
--- a/nix/os/devices/sj-bm-hostkey0/configuration.nix
+++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix
@ -0,0 +1,122 @@
+{
+  modulesPath,
+  repoFlake,
+  packages',
+  pkgs,
+  lib,
+  config,
+  nodeFlake,
+  nodeName,
+  system,
+  ...
+}: let
+in {
+  disabledModules = [
+    # "services/networking/hostapd.nix"
+  ];
+
+  imports = [
+    nodeFlake.inputs.disko.nixosModules.disko
+    repoFlake.inputs.sops-nix.nixosModules.sops
+
+    ../../profiles/common/user.nix
+
+    # TODO
+    # ./network.nix
+    # ./monitoring.nix
+    {
+      services.openssh.enable = true;
+      services.openssh.settings.PermitRootLogin = "yes";
+
+      users.commonUsers = {
+        enable = true;
+        enableNonRoot = true;
+        # rootPasswordFile = config.sops.secrets.passwords-root.path;
+      };
+    }
+  ];
+
+  boot = {
+    kernel = {
+      sysctl = {
+        "net.ipv4.conf.all.forwarding" = true;
+        "net.ipv6.conf.all.forwarding" = true;
+      };
+    };
+  };
+
+  networking = {
+    hostName = nodeName;
+    useNetworkd = true;
+    useDHCP = true;
+
+    # No local firewall.
+    nat.enable = true;
+    firewall.enable = false;
+  };
+
+  disko.devices = let
+    disk = id: {
+      type = "disk";
+      device = "/dev/${id}";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            size = "1M";
+            type = "EF02"; # for grub MBR
+          };
+          mdadm = {
+            size = "100%";
+            content = {
+              type = "mdraid";
+              name = "raid0";
+            };
+          };
+        };
+      };
+    };
+  in {
+    disk = {
+      sda = disk "sda";
+      sdb = disk "sdb";
+      sdc = disk "sdc";
+      sdd = disk "sdd";
+    };
+    mdadm = {
+      raid0 = {
+        type = "mdadm";
+        level = 0;
+        content = {
+          type = "gpt";
+          partitions = {
+            primary = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "btrfs";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  system.stateVersion = "23.05";
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.initrd.includeDefaultModules = true;
+  boot.initrd.kernelModules = [
+    "dm-raid"
+    "dm-integrity"
+    "xhci_pci_renesas"
+  ];
+
+  hardware.enableRedistributableFirmware = true;
+
+  environment.systemPackages = [
+    pkgs.hdparm
+  ];
+}
--- a/nix/os/devices/sj-bm-hostkey0/default.nix
+++ b/nix/os/devices/sj-bm-hostkey0/default.nix
@ -0,0 +1,34 @@
+{
+  nodeName,
+  repoFlake,
+  nodeFlake,
+  ...
+}: let
+  system = "x86_64-linux";
+in {
+  meta.nodeSpecialArgs.${nodeName} = {
+    inherit repoFlake nodeName nodeFlake system;
+    packages' = repoFlake.packages.${system};
+  };
+
+  meta.nodeNixpkgs.${nodeName} =
+    import nodeFlake.inputs.nixpkgs.outPath
+    {
+      inherit system;
+    };
+
+  ${nodeName} = {
+    deployment.targetHost = "185.130.227.252";
+    deployment.replaceUnknownProfiles = false;
+
+    # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
+
+    imports = [
+      nodeFlake.inputs.home-manager.nixosModules.home-manager
+
+      ./configuration.nix
+    ];
+
+    networking.hostName = nodeName;
+  };
+}
--- a/nix/os/devices/sj-bm-hostkey0/flake.lock
+++ b/nix/os/devices/sj-bm-hostkey0/flake.lock
@ -0,0 +1,124 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1699781810,
+        "narHash": "sha256-LD+PIUbm1yQmQmGIbSsc/PB1dtJtGqXFgxRc1C7LlfQ=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "2d7d77878c5d70f66f3d676ff66708d8d4f9d7df",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "get-flake": {
+      "locked": {
+        "lastModified": 1694475786,
+        "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
+        "owner": "ursi",
+        "repo": "get-flake",
+        "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ursi",
+        "repo": "get-flake",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700695018,
+        "narHash": "sha256-MAiPLgBF4GLzSOlhnPCDWkWW5CDx4i7ApIYaR+TwTVg=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "134deb46abd5d0889d913b8509413f6f38b0811e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixos-23_05": {
+      "locked": {
+        "lastModified": 1700501263,
+        "narHash": "sha256-M0U063Ba2DKL4lMYI7XW13Rsk5tfUXnIYiAVa39AV/0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f741f8a839912e272d7e87ccf4b9dbc6012cdaf9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1700390070,
+        "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "get-flake": "get-flake",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "srvos": "srvos"
+      }
+    },
+    "srvos": {
+      "inputs": {
+        "nixos-23_05": "nixos-23_05",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700704312,
+        "narHash": "sha256-xjzksktEQMd+JCNMp7l+/6DjlQrv/KStm9WDbkY6mmQ=",
+        "owner": "numtide",
+        "repo": "srvos",
+        "rev": "71fca17388b50899341c78294a0861031527cc53",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "srvos",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/nix/os/devices/sj-bm-hostkey0/flake.nix
+++ b/nix/os/devices/sj-bm-hostkey0/flake.nix
@ -0,0 +1,73 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    get-flake.url = "github:ursi/get-flake";
+
+    home-manager.url = "github:nix-community/home-manager/master";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+    srvos.url = "github:numtide/srvos";
+    srvos.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  # outputs = _: {};
+
+  outputs = {
+    self,
+    get-flake,
+    nixpkgs,
+    ...
+  } @ attrs: let
+    system = "x86_64-linux";
+    nodeName = "sj-bm-hostkey0";
+
+    mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
+      nixpkgs.lib.nixosSystem (
+        nixpkgs.lib.attrsets.recursiveUpdate
+        attrs
+        {
+          specialArgs = {
+            nodeFlake = self;
+            repoFlake = get-flake ../../../..;
+            inherit nodeName;
+          };
+
+          modules =
+            [
+              ./configuration.nix
+
+              # flake registry
+              {
+                nix.registry.nixpkgs.flake = nixpkgs;
+              }
+
+              {
+                nixpkgs.overlays = [
+                  (final: previous: {
+                  })
+                ];
+              }
+            ]
+            ++ extraModules;
+        }
+      );
+  in {
+    nixosConfigurations = {
+      native = mkNixosConfiguration {
+        inherit system;
+      };
+
+      # cross = mkNixosConfiguration {
+      #   extraModules = [
+      #     {
+      #       nixpkgs.buildPlatform.system = "x86_64-linux";
+      #       nixpkgs.hostPlatform.system = system;
+      #     }
+      #   ];
+      # };
+    };
+  };
+}