cascade/nixos
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial import

Browse Source
This commit is contained in:
James Andariese 2024-07-14 01:13:04 -05:00
commit cafee81d46
12 changed files with 691 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
result
\#*#
*~
.*
!.git*
*poop*

284
flake.lock Normal file
View File

@ -0,0 +1,284 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"interlude": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1720929675,
"narHash": "sha256-Ofvbdb2qM8JyiOw3wpsqAS7C3oxX90KcwSM074kOXLA=",
"ref": "refs/heads/main",
"rev": "1e7658a97a0e34ec84eda0af2854d00fa1c6657d",
"revCount": 2,
"type": "git",
"url": "https://git.strudelline.net/nix/interlude"
},
"original": {
"type": "git",
"url": "https://git.strudelline.net/nix/interlude"
}
},
"ipcalc": {
"locked": {
"lastModified": 1720829192,
"narHash": "sha256-uo1vVwyhdbEqzUa27/wxvnIZFIRyiTidIDRXeP59FWg=",
"ref": "refs/heads/main",
"rev": "e7e8242a9918161d8e0b3fb4b725612aef8a03bb",
"revCount": 3,
"type": "git",
"url": "https://git.strudelline.net/nix/ipcalc"
},
"original": {
"type": "git",
"url": "https://git.strudelline.net/nix/ipcalc"
}
},
"nixlib": {
"locked": {
"lastModified": 1719708727,
"narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1720859326,
"narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1720691131,
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1720954236,
"narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1720691131,
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"numbers": {
"inputs": {
"ipcalc": "ipcalc",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1721177469,
"narHash": "sha256-8puiNyCJy6k1Pl25BgE4wUUpifO7f1hraR7JI9lAqW4=",
"ref": "refs/heads/main",
"rev": "27af88462c971572a72a9a05c8608dca74e4a4b7",
"revCount": 13,
"type": "git",
"url": "https://git.strudelline.net/cascade/numbers"
},
"original": {
"type": "git",
"url": "https://git.strudelline.net/cascade/numbers"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"interlude": "interlude",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_3",
"numbers": "numbers",
"unstable": "unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1721116560,
"narHash": "sha256-++TYlGMAJM1Q+0nMVaWBSEvEUjRs7ZGiNQOpqbQApCU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9355fa86e6f27422963132c2c9aeedb0fb963d93",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

111
flake.nix Normal file
View File

@ -0,0 +1,111 @@
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-24.05";
unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
numbers.url = "git+https://git.strudelline.net/cascade/numbers";
interlude.url = "git+https://git.strudelline.net/nix/interlude";
nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; };
deploy-rs.url = "github:serokell/deploy-rs";
};
outputs = { self, nixpkgs, unstable, numbers, interlude, nixos-generators, deploy-rs }@inputs:
with builtins;
with nixpkgs.lib;
with interlude.lib;
let
includableModules =
let localModules = "${./.}" + "/modules";
dirContents = readDir (traceVal localModules);
filenames = attrNames (trace "dirContents: ${toJSON dirContents}" dirContents);
dirs = (filter (n: dirContents."${n}" == "directory" &&
readFileType "${localModules}/${n}/default.nix" == "regular" ) filenames);
files = concatMap (filterAndStripSuffix ".nix") (filter (n: dirContents."${n}" == "regular") filenames);
in
foldl recursiveUpdate {} (
(map (x: { nixosModules."${x}" = import (trace "importing ${localModules}/${x}" "${localModules}/${x}"); }) (trace "dirs: ${toJSON dirs}" dirs))
++ (map (x: { nixosModules."${x}" = import (trace "importing ${localModules}/${x}.nix" "${localModules}/${x}.nix"); }) (trace "files: ${toJSON files}" files))
);
buildMachine' = name: mods: cfg: {
# the evaluated machine
nixosConfigurations."${name}" =
let
pkgs = import nixpkgs { config = { allowUnfree = true; };};
specialArgs = { basePath = "${toString ./.}"; inherit inputs numbers; };
in nixosSystem (cfg // {
inherit pkgs specialArgs;
modules = [
self.nixosModules.vmFormats
numbers.nixosModules.users
self.nixosModules.session
({...}: {
# fixed values.
networking.hostName = traceVal name;
system.stateVersion = "24.05";
nix.settings.require-sigs = false;
})
] ++ mods;
});
};
buildMachine = name:
# the evaluated machine
with numbers.api;
let
modules = [
self.nixosModules.fixFlakeRegistry
numbers.nixosModules.networking
self.nixosModules.packages
self.nixosModules.luks
self.nixosModules.systemd-efi
numbers.nixosModules.users
] ++ (map (x: self.nixosModules."${x}") (hostModules name));
arch = hostSystem name;
in
(buildMachine' name modules { system = arch; })
//
{
deploy.nodes."${name}" = {
hostname = "172.16.19.1";
profiles.system = {
user = "root";
path = deploy-rs.lib."${arch}".activate.nixos self.nixosConfigurations."${name}";
};
};
# This is highly advised, and will prevent many possible mistakes
checks = deploy-rs.lib."${arch}".deployChecks self.deploy;
};
in
foldl recursiveUpdate {
nixosModules = {
vmFormats = { config, ... }: {
imports = [
nixos-generators.nixosModules.all-formats
];
nixpkgs.hostPlatform = "x86_64-linux";
formatConfigs.iso = { ... }: {
isoImage.squashfsCompression = "zstd";
};
# the sample format from nixos-generators
# formatConfigs.my-custom-format = { config, modulesPath, ... }: {
# imports = [ "${toString modulesPath}/installer/cd-dvd/installation-cd-base.nix" ];
# formatAttr = "isoImage";
# fileExtension = ".iso";
# networking.wireless.networks = {
# # ...
# };
# };
};
fixFlakeRegistry = { ... }: { nix.registry = {
nixpkgs.flake = inputs.nixpkgs;
unstable.flake = inputs.unstable;
};};
};
} ( # lists to recursively merge into the config.
[ includableModules ]
++ (with numbers.api; map (h: buildMachine h) deployableHosts)
++ [(buildMachine' "cascade-installer" [self.nixosModules.installer] {} )]
#++ [(buildMachine' "cascade-installer" [] {} )]
);
}

87
modules/installer.nix Normal file
View File

@ -0,0 +1,87 @@
{ config, pkgs, lib, ... }:
let installer = pkgs.writeShellApplication {
name = "cascade-installer";
runtimeInputs = with pkgs; [
btrfs-progs
coreutils
cryptsetup
dig
dosfstools
e2fsprogs
git
lvm2
nix
parted
util-linux
];
text =
let
shq = lib.escapeShellArg;
partedMin = cmd: ''
parted -f -a minimal "$DEVICE" --script ${cmd}
'';
partedOpt = cmd: ''
parted -f -a optimal "$DEVICE" --script ${cmd}
'';
in
''
if [ "$#" -ne 2 ];then
1>&2 echo "usage: $0 hostname full-disk-device"
exit 1
fi
HOSTNAME="$1"
DEVICE="$2"
LABEL="$HOSTNAME"-luks0
LV="$HOSTNAME"-luks
echo ABOUT TO DESTROY THIS MACHINE
sleep 10 || exit 1
wipefs -a "$DEVICE"
${partedMin "mklabel gpt"}
${partedMin "mkpart ESP fat32 0% 1GB"}
${partedMin "set 1 esp on"}
${partedOpt "mkpart \"$HOSTNAME\"-luks0 ext4 1GB 100%"}
sleep 1
cryptsetup -q luksFormat --type luks2 /dev/disk/by-partlabel/"$LABEL" -d /dev/zero -l 32
cryptsetup -q luksOpen /dev/disk/by-partlabel/"$LABEL" "$LABEL" -d /dev/zero -l 32
pvcreate /dev/mapper/"$LABEL"
vgcreate "$LV" /dev/mapper/"$LABEL"
lvcreate -L 20G -n "$HOSTNAME"-root "$LV"
mkfs.fat -F 32 -n BOOT /dev/disk/by-partlabel/ESP
mkfs.ext4 -L "$HOSTNAME"-root /dev/"$LV"/"$HOSTNAME"-root
sleep 1
# note to future self who "fixes" this:
# the -p is to prevent error if the path exists, not to create / which obviously exists.
# this is a scenario that happens when rerunning these commands during debugging. just
# leave the -p, future me. please just leave it.
mkdir -p /mnt
mount /dev/disk/by-label/"$HOSTNAME"-root /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/BOOT /mnt/boot
mkdir -p /mnt/root
TOKEN="$(dig +short lan-git-token.cascade TXT | tr -d '"')"
umask 0077
mkdir -p /root
printf 'machine git.strudelline.net\nlogin james\npassword %s\n' "$TOKEN" > /root/.netrc
printf 'machine git.strudelline.net\nlogin james\npassword %s\n' "$TOKEN" > /mnt/root/.netrc
nixos-install --flake git+https://git.strudelline.net/cascade/nixos#"$HOSTNAME" --impure --no-root-password
'';
};
in
{
environment.systemPackages = [
installer
];
}

22
modules/luks.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, ... }:
{
boot.initrd.kernelModules = [ "usb_storage" ];
boot.initrd.luks.devices = {
"${config.networking.hostName}-luks0" = {
device = "/dev/disk/by-partlabel/${config.networking.hostName}-luks0";
allowDiscards = true;
keyFileSize = 32;
keyFile = "/dev/zero";
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/${config.networking.hostName}-root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
}

43
modules/packages.nix Normal file
View File

@ -0,0 +1,43 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, flake-inputs, ... }:
{
environment.systemPackages = with pkgs; [
seatd
emacs-nox
inetutils
unzip
buildah
curl
vim
neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
sshfs
dig
gost
elinks
dislocker
ntfs3g
kubectl
sops
git
bc
pciutils
usbutils
file
htop
brightnessctl
kubernetes-helm
ripgrep
nettools
psmisc
nixos-generators
];
programs.mtr.enable = true;
programs.tmux.enable = true;
}

53
modules/server.nix Normal file
View File

@ -0,0 +1,53 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, flake-inputs, ... }:
{
networking.networkmanager.enable = false;
virtualisation = {
kvmgt.enable = true;
libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
verbatimConfig = ''
cgroup_device_acl = ["/dev/kvmfr0", "/dev/kvm"]
'';
swtpm = {
enable = true;
};
};
};
docker = {
enable = true;
enableNvidia = false;
};
containers = {
enable = true;
policy = {
default = [ { type = "insecureAcceptAnything"; } ];
transports = {
docker-daemon = {
"" = [ { type = "insecureAcceptAnything"; } ];
};
};
};
};
};
services.openssh.enable = true;
networking.firewall.enable = true;
environment.systemPackages = [ pkgs.nfs-utils ];
services.openiscsi = {
enable = true;
name = "${config.networking.hostName}-initiatorhost";
};
systemd.network.wait-online.enable = lib.mkDefault false;
networking.useDHCP = false;
}

16
modules/session.nix Normal file
View File

@ -0,0 +1,16 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, flake-inputs, ... }:
{
nix = {
#package = lib.mkForce pkgs.nixFlakes;
settings.experimental-features = [ "nix-command" "flakes" ];
};
environment.sessionVariables = {
EDITOR = "nvim";
};
}

6
modules/systemd-efi.nix Normal file
View File

@ -0,0 +1,6 @@
{ config, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.device = "nodev";
}

21
rowlet.nix Normal file
View File

@ -0,0 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, flake-inputs, ... }:
{
imports =
[ # Include the results of the hardware scan.
#./hardware-configuration.nix
./lib/packages.nix
./lib/server.nix
./lib/session.nix
];
networking.hostName = "rowlet"; # Define your hostname.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "24.05";
}

21
snorlax.nix Normal file
View File

@ -0,0 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, flake-inputs, ... }:
{
imports =
[ # Include the results of the hardware scan.
#./hardware-configuration.nix
./lib/packages.nix
./lib/server.nix
./lib/session.nix
];
networking.hostName = "snorlax"; # Define your hostname.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "24.05";
}

21
sobble.nix Normal file
View File

@ -0,0 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }:
{
imports =
[ # Include the results of the hardware scan.
#./hardware-configuration.nix
./lib/packages.nix
./lib/server.nix
./lib/session.nix
];
networking.hostName = "sobble"; # Define your hostname.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "24.05";
}