From 8a183734fe30a4cd4626c8b69f1421ea967b4b4e Mon Sep 17 00:00:00 2001 From: catvayor Date: Sat, 1 Jun 2024 16:26:08 +0200 Subject: [PATCH] nixos-anywhere & traque stuff --- .gitignore | 2 + hive.nix | 42 +++++++++- machines/kat-traque/configuration.nix | 84 +++++++++++++++++++ machines/kat-traque/disks.nix | 32 +++++++ .../kat-traque/hardware-configuration.nix | 25 ++++++ modules/ssh.nix | 5 ++ npins/sources.json | 15 ++++ shell.nix | 5 ++ 8 files changed, 206 insertions(+), 4 deletions(-) create mode 100644 machines/kat-traque/configuration.nix create mode 100644 machines/kat-traque/disks.nix create mode 100644 machines/kat-traque/hardware-configuration.nix create mode 100644 shell.nix diff --git a/.gitignore b/.gitignore index be0e181..5748b6f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ +/.direnv +/.envrc installer-iso-image result diff --git a/hive.nix b/hive.nix index 88b9a03..992648c 100644 --- a/hive.nix +++ b/hive.nix @@ -9,15 +9,35 @@ in inherit mods users sources; }; defaults = - { name, pkgs, ... }: + { + name, + pkgs, + lib, + config, + ... + }: { imports = [ "${sources.home-manager}/nixos" "${sources.agenix}/modules/age.nix" + "${sources.disko}/module.nix" ]; - boot.tmp.useTmpfs = true; - networking.hostName = name; - nix.package = pkgs.lix; + options.system.build.anywhere = lib.mkOption { + type = lib.types.package; + readOnly = true; + }; + config = { + boot.tmp.useTmpfs = true; + networking.hostName = name; + nix.package = pkgs.lix; + system.build.anywhere = pkgs.writeShellApplication { + name = "anywhere-deploy_${name}.sh"; + runtimeInputs = [ pkgs.nixos-anywhere ]; + text = '' + nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost} + ''; + }; + }; }; kat-probook = @@ -83,6 +103,20 @@ in ]; }; + kat-traque = + { name, nodes, ... }: + { + deployment.targetHost = "traque.kat"; + + imports = [ + ./machines/kat-traque/configuration.nix + (users.root { ssh = true; }) + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" + ]; + }; + kat-runner = { name, nodes, ... }: { diff --git a/machines/kat-traque/configuration.nix b/machines/kat-traque/configuration.nix new file mode 100644 index 0000000..84b7f5b --- /dev/null +++ b/machines/kat-traque/configuration.nix @@ -0,0 +1,84 @@ +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ + ./hardware-configuration.nix + ./disks.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = [ "bcachefs" ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + + time.timeZone = "Europe/Paris"; + + networking = { + interfaces."enp1s0" = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.122.4"; + prefixLength = 24; + } + ]; + ipv6.addresses = [ + { + address = "fe80::4"; + prefixLength = 64; + } + ]; + }; + defaultGateway = "192.168.122.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp1s0"; + }; + nameservers = [ + "192.168.122.1" + "fe80::1%enp1s0" + ]; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "fr"; + }; + + services.dbus.packages = with pkgs; [ dconf ]; + + nixpkgs.config.allowUnfree = true; + + programs.zsh.enable = true; + + environment.systemPackages = with pkgs; [ + wget + nix-search-cli + git + btop + ranger + screen + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + networking.firewall.enable = false; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/machines/kat-traque/disks.nix b/machines/kat-traque/disks.nix new file mode 100644 index 0000000..ed9ef70 --- /dev/null +++ b/machines/kat-traque/disks.nix @@ -0,0 +1,32 @@ +{ + disko.devices = { + disk = { + vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "100M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "bcachefs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/kat-traque/hardware-configuration.nix b/machines/kat-traque/hardware-configuration.nix new file mode 100644 index 0000000..e8da702 --- /dev/null +++ b/machines/kat-traque/hardware-configuration.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/modules/ssh.nix b/modules/ssh.nix index 147ad7d..6811f45 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -32,6 +32,11 @@ hostname = "fe80::3%%virbr0"; proxyJump = "r86s.kat"; }; + "traque.kat" = { + user = "root"; + hostname = "fe80::4%%virbr0"; + proxyJump = "r86s.kat"; + }; "sas.ens" = { user = "lbailly"; diff --git a/npins/sources.json b/npins/sources.json index 4881a96..76a22c8 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -12,6 +12,21 @@ "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz", "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah" }, + "disko": { + "type": "GitRelease", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "disko" + }, + "pre_releases": false, + "version_upper_bound": null, + "release_prefix": null, + "version": "v1.6.1", + "revision": "4677f6c53482a8b01ee93957e3bdd569d51261d6", + "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.6.1", + "hash": "1p9vsml07bm3riw703dv83ihlmgyc11qv882qa6bqzqdgn86y8z4" + }, "home-manager": { "type": "Git", "repository": { diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..2bc598c --- /dev/null +++ b/shell.nix @@ -0,0 +1,5 @@ +let + sources = import ./npins; + pkgs = import sources.nixpkgs { }; +in +pkgs.mkShell { packages = with pkgs; [ npins ]; }