From 3d8392d3681a3c6fdfeba77ae2af9ad7f092fe01 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Tue, 8 Oct 2024 23:50:47 +0200 Subject: [PATCH] feat(photovm): initial commit --- configuration.nix | 51 +++++++++++++++++++ disko.nix | 31 ++++++++++++ flake.lock | 126 ++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 68 +++++++++++++++++++++++++ hardware.nix | 21 ++++++++ 5 files changed, 297 insertions(+) create mode 100644 configuration.nix create mode 100644 disko.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hardware.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..0f0a018 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,51 @@ +{ lib, pkgs, ... }: + +{ + imports = [ ./hardware.nix ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + + networking.hostName = "photoprism"; + + disko.devices = import ./disko.nix; + + # TODO: ipv6 address + deployment.targetHost = ""; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + environment.systemPackages = with pkgs; [ neovim ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma" + # TODO: add cst1's SSH key + ]; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "webmaster@nixos.org"; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8007 + ]; + networking.firewall.allowedUDPPorts = [ ]; + + networking.useNetworkd = true; + + # TODO: + systemd.network.networks."10-wan" = { + matchConfig.Name = "ens18"; + networkConfig = { + DHCP = "ipv4"; + Address = "2a01:e0a:de4:a0e1:eb2:caa1::4"; + }; + # make routing on this interface a dependency for network-online.target + linkConfig.RequiredForOnline = "routable"; + }; + + system.stateVersion = "23.11"; +} diff --git a/disko.nix b/disko.nix new file mode 100644 index 0000000..56a9dcf --- /dev/null +++ b/disko.nix @@ -0,0 +1,31 @@ +{ + # TODO: + disk = { + sda = { + device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a439624 --- /dev/null +++ b/flake.lock @@ -0,0 +1,126 @@ +{ + "nodes": { + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "stable": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728263678, + "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "b0a62f234fae02a006123e661ff70e62af16106b", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728334376, + "narHash": "sha256-CTKEKPzD/j8FK6H4DO3EjyixZd3HHvgAgfnCwpGFP5c=", + "owner": "nix-community", + "repo": "disko", + "rev": "d39ee334984fcdae6244f5a8e6ab857479cbaefe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1728241625, + "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "colmena": "colmena", + "disko": "disko", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..964d0b8 --- /dev/null +++ b/flake.nix @@ -0,0 +1,68 @@ +{ + description = "Photo services test vm"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + colmena = { + url = "github:zhaofengli/colmena"; + inputs = { + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + stable.follows = "nixpkgs"; + }; + }; + flake-utils.url = "github:numtide/flake-utils"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { + self, + nixpkgs, + flake-utils, + colmena, + disko, + ... + }@inputs: + let + lib = nixpkgs.lib; + in + { + + nixosConfigurations = builtins.mapAttrs ( + name: value: + nixpkgs.lib.nixosSystem { + lib = lib; + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ + value + disko.nixosModules.disko + ]; + extraModules = [ inputs.colmena.nixosModules.deploymentOptions ]; + } + ) { hashes = import ./configuration.nix; }; + + colmena = { + meta = { + nixpkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; + nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs) self.nixosConfigurations; + specialArgs.lib = lib; + }; + } // builtins.mapAttrs (_: v: { imports = v._module.args.modules; }) self.nixosConfigurations; + } + // flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + devShell = pkgs.mkShell { buildInputs = with pkgs; [ colmena.packages.${system}.colmena ]; }; + } + ); +} diff --git a/hardware.nix b/hardware.nix new file mode 100644 index 0000000..10dac0c --- /dev/null +++ b/hardware.nix @@ -0,0 +1,21 @@ +{ lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}