From 1267d795c02071e34d87d6f970967f23ddbfdb2e Mon Sep 17 00:00:00 2001 From: sefidel Date: Thu, 2 Feb 2023 02:37:57 +0900 Subject: feat(colmena/cobalt): init --- colmena/cobalt/configuration.nix | 125 ++++++++++++++++++++++++++++++ colmena/cobalt/hardware-configuration.nix | 58 ++++++++++++++ colmena/default.nix | 27 +++++++ flake.nix | 2 + home/profiles/development/default.nix | 1 + lib/default.nix | 1 + lib/mk_colmena.nix | 34 ++++++++ 7 files changed, 248 insertions(+) create mode 100644 colmena/cobalt/configuration.nix create mode 100644 colmena/cobalt/hardware-configuration.nix create mode 100644 colmena/default.nix create mode 100644 lib/mk_colmena.nix diff --git a/colmena/cobalt/configuration.nix b/colmena/cobalt/configuration.nix new file mode 100644 index 0000000..b3d05b9 --- /dev/null +++ b/colmena/cobalt/configuration.nix @@ -0,0 +1,125 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, ... }: +let + ipv4 = { + address = "95.216.74.104"; + gateway = "95.216.74.65"; + netmask = "255.255.255.192"; + prefixLength = 26; # https://www.pawprint.net/designresources/netmask-converter.php + }; + ipv6 = { + address = "2a01:4f9:2b:a98::"; + gateway = "fe80::1"; + prefixLength = 64; + }; + networkInterface = "eth0"; + hostName = "cobalt"; + hostId = "712ae82a"; +in +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.supportedFilesystems = [ "zfs" ]; + networking.hostId = hostId; + + boot.loader.grub.enable = true; + # boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = false; + # boot.loader.grub.device = "nodev"; + + # This should be done automatically, but explicitly declare it just in case. + boot.loader.grub.copyKernels = true; + # Make sure that you've listed all of the boot partitions here. + boot.loader.grub.mirroredBoots = [ + { path = "/boot"; devices = ["/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GW7G"]; } + { path = "/boot-fallback"; devices = ["/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GWB2"]; } + ]; + + # Boot normally when one of the boot partitions are missing + fileSystems."/boot".options = [ "nofail" ]; + fileSystems."/boot-fallback".options = [ "nofail" ]; + + # Erase your darlings + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + + # NOTE: replace these to boot.initrd.availableKernelModules? + boot.kernelModules = [ "e1000e" ]; + boot.initrd.kernelModules = [ "e1000e" ]; + + boot.kernelParams = [ + # See for documentation. + # ip=::::::::: + # The server ip refers to the NFS server -- not needed in this case. + "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" + ]; + + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + + # Using the same port as the actual SSH will cause clients to throw errors + # related to host key mismatch. + port = 2222; + + # This takes 'path's, not 'string's. + hostKeys = [ + /boot/initrd-ssh-key + /boot-fallback/initrd-ssh-key + ]; + + # Public ssh key to log into the initrd ssh + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ]; + }; + boot.initrd.network.postCommands = '' + cat < /root/.profile + if pgrep -x "zfs" > /dev/null + then + zfs load-key -a + killall zfs + else + echo "ZFS is not running -- this could be a sign of failure." + fi + EOF + ''; + + + networking.hostName = hostName; # Define your hostname. + + networking.useDHCP = false; + networking.interfaces.${networkInterface} = { + ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; }; + ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; }; + }; + networking.defaultGateway = ipv4.gateway; + networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; }; + networking.nameservers = [ "8.8.8.8" ]; + + # Set your time zone. + time.timeZone = "UTC"; + + users.users.root.initialHashedPassword = ""; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ]; + services.openssh.enable = true; + services.openssh.permitRootLogin = "prohibit-password"; + + nix.nixPath = [ + "nixos-config=/persist/etc/nixos" + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} + diff --git a/colmena/cobalt/hardware-configuration.nix b/colmena/cobalt/hardware-configuration.nix new file mode 100644 index 0000000..edd805f --- /dev/null +++ b/colmena/cobalt/hardware-configuration.nix @@ -0,0 +1,58 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/445A-0C55"; + fsType = "vfat"; + }; + + fileSystems."/boot-fallback" = + { device = "/dev/disk/by-uuid/445C-198F"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = + { device = "rpool/safe/persist"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault false; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/colmena/default.nix b/colmena/default.nix new file mode 100644 index 0000000..2fa7bc6 --- /dev/null +++ b/colmena/default.nix @@ -0,0 +1,27 @@ +{ self, unstable, unstable-small, ... } @ inputs: + +{ + meta = { + nixpkgs = import unstable { + system = "x86_64-linux"; + }; + }; + + defaults = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + curl + vim + ]; + }; + + cobalt = self.lib.mkColmena { + name = "cobalt"; + system = "x86_64-linux"; + deployment = { + targetHost = "cobalt.sefidel.com"; + targetPort = 22; + targetUser = "root"; + }; + time.timeZone = "UTC"; + }; +} diff --git a/flake.nix b/flake.nix index 8964769..696dfe7 100644 --- a/flake.nix +++ b/flake.nix @@ -34,6 +34,8 @@ packages.x86_64-linux = self.lib.nixosConfigurationsAsPackages.x86_64-linux // self.lib.homeConfigurationsAsPackages.x86_64-linux; + colmena = import ./colmena inputs; + checks = self.packages; lib = import ./lib inputs; diff --git a/home/profiles/development/default.nix b/home/profiles/development/default.nix index bbd886b..aedb422 100644 --- a/home/profiles/development/default.nix +++ b/home/profiles/development/default.nix @@ -86,6 +86,7 @@ in home.packages = [ pkgs.bfg-repo-cleaner # pkgs.diffoscopeMinimal # broken (rpm) + pkgs.colmena pkgs.du-dust pkgs.deploy-rs # pkgs.dnsutils # Err on darwin diff --git a/lib/default.nix b/lib/default.nix index 704a15e..13164a9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,6 +4,7 @@ inputs: mkSystem = import ./mk_system.nix inputs; mkHome = import ./mk_home.nix inputs; mkDarwin = import ./mk_darwin.nix inputs; + mkColmena = import ./mk_colmena.nix inputs; nixosConfigurationsAsPackages = import ./nixos_configurations_as_packages.nix inputs; homeConfigurationsAsPackages = import ./home_configurations_as_packages.nix inputs; } diff --git a/lib/mk_colmena.nix b/lib/mk_colmena.nix new file mode 100644 index 0000000..c4b5bad --- /dev/null +++ b/lib/mk_colmena.nix @@ -0,0 +1,34 @@ +{ self, ... } @ args: + +{ name +, system ? "x86_64-linux" +, deployment ? null +, host ? null +, port ? 22 +, tags ? null +, extraModules ? null +, ... +}: +let + configFolder = "${self}/colmena"; + entryPoint = "${configFolder}/${name}/configuration.nix"; + hardware = "${configFolder}/${name}/hardware-configuration.nix"; +in +{ + deployment = deployment; + # system = system; + + imports = [ + { + _module.args = args; + networking.hostName = name; + nix.flakes.enable = true; + system.configurationRevision = self.rev or "dirty"; + documentation.man = { enable = true; generateCaches = true; }; + } + entryPoint + hardware + ../nixos/modules/flake.nix + ../nixos/modules/nix.nix + ]; +} -- cgit 1.4.1