about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--colmena/cobalt/configuration.nix125
-rw-r--r--colmena/cobalt/hardware-configuration.nix58
-rw-r--r--colmena/default.nix27
-rw-r--r--flake.nix2
-rw-r--r--home/profiles/development/default.nix1
-rw-r--r--lib/default.nix1
-rw-r--r--lib/mk_colmena.nix34
7 files changed, 248 insertions, 0 deletions
diff --git a/colmena/cobalt/configuration.nix b/colmena/cobalt/configuration.nix
new file mode 100644
index 0000000..b3d05b9
--- /dev/null
+++ b/colmena/cobalt/configuration.nix
@@ -0,0 +1,125 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+let
+  ipv4 = {
+    address = "95.216.74.104";
+    gateway = "95.216.74.65";
+    netmask = "255.255.255.192";
+    prefixLength = 26; # https://www.pawprint.net/designresources/netmask-converter.php
+  };
+  ipv6 = {
+    address = "2a01:4f9:2b:a98::";
+    gateway = "fe80::1";
+    prefixLength = 64;
+  };
+  networkInterface = "eth0";
+  hostName = "cobalt";
+  hostId = "712ae82a";
+in
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.supportedFilesystems = [ "zfs" ];
+  networking.hostId = hostId;
+
+  boot.loader.grub.enable = true;
+  # boot.loader.grub.version = 2;
+  boot.loader.grub.efiSupport = false;
+  # boot.loader.grub.device = "nodev";
+
+  # This should be done automatically, but explicitly declare it just in case.
+  boot.loader.grub.copyKernels = true;
+  # Make sure that you've listed all of the boot partitions here.
+  boot.loader.grub.mirroredBoots = [
+    { path = "/boot"; devices = ["/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GW7G"]; }
+    { path = "/boot-fallback"; devices = ["/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GWB2"]; }
+  ];
+
+  # Boot normally when one of the boot partitions are missing
+  fileSystems."/boot".options = [ "nofail" ];
+  fileSystems."/boot-fallback".options = [ "nofail" ];
+
+  # Erase your darlings
+  boot.initrd.postDeviceCommands = lib.mkAfter ''
+    zfs rollback -r rpool/local/root@blank
+  '';
+
+  # NOTE: replace these to boot.initrd.availableKernelModules?
+  boot.kernelModules = [ "e1000e" ];
+  boot.initrd.kernelModules = [ "e1000e" ];
+
+  boot.kernelParams = [
+    # See <https:#www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for documentation.
+    # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
+    # The server ip refers to the NFS server -- not needed in this case.
+    "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
+  ];
+
+  boot.initrd.network.enable = true;
+  boot.initrd.network.ssh = {
+    enable = true;
+
+    # Using the same port as the actual SSH will cause clients to throw errors
+    # related to host key mismatch.
+    port = 2222;
+
+    # This takes 'path's, not 'string's.
+    hostKeys = [
+      /boot/initrd-ssh-key
+      /boot-fallback/initrd-ssh-key
+    ];
+
+    # Public ssh key to log into the initrd ssh
+    authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ];
+  };
+  boot.initrd.network.postCommands = ''
+    cat <<EOF > /root/.profile
+    if pgrep -x "zfs" > /dev/null
+    then
+      zfs load-key -a
+      killall zfs
+    else
+      echo "ZFS is not running -- this could be a sign of failure."
+    fi
+    EOF
+  '';
+
+
+  networking.hostName = hostName; # Define your hostname.
+
+  networking.useDHCP = false;
+  networking.interfaces.${networkInterface} = {
+    ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
+    ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
+  };
+  networking.defaultGateway = ipv4.gateway;
+  networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
+  networking.nameservers = [ "8.8.8.8" ];
+
+  # Set your time zone.
+  time.timeZone = "UTC";
+
+  users.users.root.initialHashedPassword = "";
+  users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ];
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "prohibit-password";
+
+  nix.nixPath = [
+    "nixos-config=/persist/etc/nixos"
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
+
diff --git a/colmena/cobalt/hardware-configuration.nix b/colmena/cobalt/hardware-configuration.nix
new file mode 100644
index 0000000..edd805f
--- /dev/null
+++ b/colmena/cobalt/hardware-configuration.nix
@@ -0,0 +1,58 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/local/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/445A-0C55";
+      fsType = "vfat";
+    };
+
+  fileSystems."/boot-fallback" =
+    { device = "/dev/disk/by-uuid/445C-198F";
+      fsType = "vfat";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/safe/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/persist" =
+    { device = "rpool/safe/persist";
+      fsType = "zfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault false;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/colmena/default.nix b/colmena/default.nix
new file mode 100644
index 0000000..2fa7bc6
--- /dev/null
+++ b/colmena/default.nix
@@ -0,0 +1,27 @@
+{ self, unstable, unstable-small, ... } @ inputs:
+
+{
+  meta = {
+    nixpkgs = import unstable {
+      system = "x86_64-linux";
+    };
+  };
+
+  defaults = { pkgs, ... }: {
+    environment.systemPackages = with pkgs; [
+      curl
+      vim
+    ];
+  };
+
+  cobalt = self.lib.mkColmena {
+    name = "cobalt";
+    system = "x86_64-linux";
+    deployment = {
+      targetHost = "cobalt.sefidel.com";
+      targetPort = 22;
+      targetUser = "root";
+    };
+    time.timeZone = "UTC";
+  };
+}
diff --git a/flake.nix b/flake.nix
index 8964769..696dfe7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -34,6 +34,8 @@
       packages.x86_64-linux = self.lib.nixosConfigurationsAsPackages.x86_64-linux
         // self.lib.homeConfigurationsAsPackages.x86_64-linux;
 
+      colmena = import ./colmena inputs;
+
       checks = self.packages;
 
       lib = import ./lib inputs;
diff --git a/home/profiles/development/default.nix b/home/profiles/development/default.nix
index bbd886b..aedb422 100644
--- a/home/profiles/development/default.nix
+++ b/home/profiles/development/default.nix
@@ -86,6 +86,7 @@ in
     home.packages = [
       pkgs.bfg-repo-cleaner
       # pkgs.diffoscopeMinimal # broken (rpm)
+      pkgs.colmena
       pkgs.du-dust
       pkgs.deploy-rs
       # pkgs.dnsutils # Err on darwin
diff --git a/lib/default.nix b/lib/default.nix
index 704a15e..13164a9 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -4,6 +4,7 @@ inputs:
   mkSystem = import ./mk_system.nix inputs;
   mkHome = import ./mk_home.nix inputs;
   mkDarwin = import ./mk_darwin.nix inputs;
+  mkColmena = import ./mk_colmena.nix inputs;
   nixosConfigurationsAsPackages = import ./nixos_configurations_as_packages.nix inputs;
   homeConfigurationsAsPackages = import ./home_configurations_as_packages.nix inputs;
 }
diff --git a/lib/mk_colmena.nix b/lib/mk_colmena.nix
new file mode 100644
index 0000000..c4b5bad
--- /dev/null
+++ b/lib/mk_colmena.nix
@@ -0,0 +1,34 @@
+{ self, ... } @ args:
+
+{ name
+, system ? "x86_64-linux"
+, deployment ? null
+, host ? null
+, port ? 22
+, tags ? null
+, extraModules ? null
+, ...
+}:
+let
+  configFolder = "${self}/colmena";
+  entryPoint = "${configFolder}/${name}/configuration.nix";
+  hardware = "${configFolder}/${name}/hardware-configuration.nix";
+in
+{
+  deployment = deployment;
+  # system = system;
+
+  imports = [
+    {
+      _module.args = args;
+      networking.hostName = name;
+      nix.flakes.enable = true;
+      system.configurationRevision = self.rev or "dirty";
+      documentation.man = { enable = true; generateCaches = true; };
+    }
+    entryPoint
+    hardware
+    ../nixos/modules/flake.nix
+    ../nixos/modules/nix.nix
+  ];
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 02:57:49 +0000