diff --git a/flake.nix b/flake.nix index e058abc..9148fcb 100644 --- a/flake.nix +++ b/flake.nix @@ -4,52 +4,54 @@ sops-nix.url = "github:Mic92/sops-nix"; }; - outputs = - inputs: - { - colmena = { - meta = { - nixpkgs = import inputs.nixpkgs { - system = "x86_64-linux"; - overlays = [ ]; - }; + outputs = inputs: { + nixosConfigurations.raid1base = import ./setup { inherit inputs; }; + colmena = { + meta = { + nixpkgs = import inputs.nixpkgs { + system = "x86_64-linux"; + overlays = [ ]; }; - - git-system = - { - name, - nodes, - pkgs, - ... - }: - { - deployment = { - targetHost = "somehost.tld"; - targetPort = 1234; - targetUser = "luser"; - }; - imports = [ ./git_system.nix ]; - }; - runner-system = - { - name, - nodes, - pkgs, - ... - }: - { - imports = [ ./runner_system.nix ]; - }; - dev-system = - { - name, - nodes, - pkgs, - ... - }: - { - imports = [ ./dev_system.nix inputs.sops-nix.nixosModules.sops ]; - }; }; + + git-system = + { + name, + nodes, + pkgs, + ... + }: + { + deployment = { + targetHost = "somehost.tld"; + targetPort = 1234; + targetUser = "luser"; + }; + imports = [ ./git_system.nix ]; + }; + runner-system = + { + name, + nodes, + pkgs, + ... + }: + { + imports = [ ./runner_system.nix ]; + }; + dev-system = + { + name, + nodes, + pkgs, + ... + }: + { + imports = [ + ./dev_system.nix + inputs.sops-nix.nixosModules.sops + ]; + }; }; + }; } diff --git a/setup/README.md b/setup/README.md new file mode 100644 index 0000000..a406482 --- /dev/null +++ b/setup/README.md @@ -0,0 +1,12 @@ +# Usage + +Execute + +``` +nix run nixpkgs#nixos-anywhere -- \ + --flake .#raid1base \ + --generate-hardware-config nixos-facter ./facter.json \ + root@ +``` + +in the setup subdirectory diff --git a/setup/default.nix b/setup/default.nix new file mode 100644 index 0000000..a295e11 --- /dev/null +++ b/setup/default.nix @@ -0,0 +1,23 @@ +{ inputs }: +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + inputs.disko.nixosModules.disko + ./disk_conf.nix + + inputs.nixos-facter-modules.nixosModules.facter + { config.facter.reportPath = ./facter.json; } + + ./mini_conf.nix + + # zfs stuff + { + # use `head -c4 /dev/urandom | od -A none -t x4` or see nixos options docs for more info + # https://search.nixos.org/options?channel=24.11&show=networking.hostId&from=0&size=50&sort=relevance&type=packages&query=hostid + networking.hostId = "0a7337de"; + + # dunno, maybe not needed but sounds nice + boot.loader.grub.zfsSupport = true; + } + ]; +} diff --git a/setup/disk_conf.nix b/setup/disk_conf.nix new file mode 100644 index 0000000..2bf5eb9 --- /dev/null +++ b/setup/disk_conf.nix @@ -0,0 +1,72 @@ +{ + disko.devices = { + disk = + let + # This is a general setup which will be replicated on both disks ... + # even the boot partition, just the mountpoint is different which will + # be set in the nixos configuration + diskLayout = + { bootName }: + { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + # efi? idk, experiment if this is really needed + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/${bootName}"; + mountOptions = [ "umask=0077" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zraid"; + }; + }; + }; + }; + in + { + one = { + type = "disk"; + device = "/dev/nvme0n1"; + content = diskLayout { bootName = "boot"; }; + }; + two = { + type = "disk"; + device = "/dev/nvme1n1"; + content = diskLayout { bootName = "boot-fallback"; }; + }; + }; + zpool = { + zraid = { + type = "zpool"; + mode = "mirror"; + # Workaround: cannot import 'zraid': I/O error in disko tests + options.cachefile = "none"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zraid@blank$' || zfs snapshot zraid@blank"; + + datasets = { + zfs_fs = { + type = "zfs_fs"; + mountpoint = "/zfs_fs"; + }; + }; + }; + }; + }; +} diff --git a/setup/mini_conf.nix b/setup/mini_conf.nix new file mode 100644 index 0000000..2353083 --- /dev/null +++ b/setup/mini_conf.nix @@ -0,0 +1,51 @@ +{ + modulesPath, + lib, + pkgs, + ... +}: +{ + imports = [ + # see https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/installer/scan + (modulesPath + "/installer/scan/not-detected.nix") + # see https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles + (modulesPath + "/profiles/headless.nix") + ]; + + boot.loader.grub = { + # efi? idk experiment if we can leave this away + efiSupport = true; + efiInstallAsRemovable = true; + + # main device that grub will boot from + device = "/dev/nvme0n1"; + + # configure second fallback boot partition + mirroredBoots = [ + { + devices = [ "/dev/nvme1n1" ]; + path = "/boot-fallback"; + } + ]; + + # dunno, maybe not needed but sounds nice + zfsSupport = true; + }; + + # use `head -c4 /dev/urandom | od -A none -t x4` or see nixos options docs for more info + # https://search.nixos.org/options?channel=24.11&show=networking.hostId&from=0&size=50&sort=relevance&type=packages&query=hostid + networking.hostId = "0a7337de"; + + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.gitMinimal + ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA4Kpx7RN53V3uINjRj1Ow7p8/SkKGOnqHG3BR9tNXU cardno:25_310_930" + # add yours + ]; + + system.stateVersion = "24.11"; +}