From c4df999058b8b0c47d52037d9f577090ddc0e20d Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Sun, 5 Nov 2023 03:12:35 +0100 Subject: [PATCH] bob: init Cool beeg nix builder for now anyways --- base.nix | 3 ++ flake.lock | 45 +++++++++++++++++++-------- flake.nix | 14 ++++++++- hosts/bob/configuration.nix | 46 ++++++++++++++++++++++++++++ hosts/bob/disks.nix | 39 +++++++++++++++++++++++ hosts/bob/hardware-configuration.nix | 24 +++++++++++++++ misc/builder.nix | 5 +++ users/danio.nix | 7 ++++- values.nix | 4 +++ 9 files changed, 173 insertions(+), 14 deletions(-) create mode 100644 hosts/bob/configuration.nix create mode 100644 hosts/bob/disks.nix create mode 100644 hosts/bob/hardware-configuration.nix create mode 100644 misc/builder.nix diff --git a/base.nix b/base.nix index fdc8ff5d..a11ee840 100644 --- a/base.nix +++ b/base.nix @@ -71,6 +71,9 @@ users.groups."drift".name = "drift"; + # Trusted users on the nix builder machines + users.groups."nix-builder-users".name = "nix-builder-users"; + services.openssh = { enable = true; extraConfig = '' diff --git a/flake.lock b/flake.lock index ecdfc449..b84fed61 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699099781, + "narHash": "sha256-2WAs839yL6xmIPBLNVwbft46BDh0/RAjq1bAKNRqeR4=", + "owner": "nix-community", + "repo": "disko", + "rev": "548962c50b8afad7b8c820c1d6e21dc8394d6e65", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "grzegorz": { "inputs": { "nixpkgs": [ @@ -60,11 +80,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699024625, - "narHash": "sha256-abDyXs00jZtQcTrujB/a9MaIp7VY5v1VDVCF4zhXVYE=", + "lastModified": 1699110214, + "narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556a75f6a1302b6718fecd3ca8cbd109eb6cb067", + "rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee", "type": "github" }, "original": { @@ -90,11 +110,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1698544399, - "narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=", + "lastModified": 1699110214, + "narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9", + "rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee", "type": "github" }, "original": { @@ -106,11 +126,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1699087154, - "narHash": "sha256-Eq8VMqpRtMonqeOlLi+F86S39l+RLx/0EbqystNaswc=", + "lastModified": 1699128932, + "narHash": "sha256-4Hn/fpR/FRucpXQqMI0OSgxiu2ImowmR0dThAycPt/4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4082efedb483eb0478c3f014fa851449bca43f9", + "rev": "0d2d729bf7091df906a78b69f90620f933ea963f", "type": "github" }, "original": { @@ -141,6 +161,7 @@ }, "root": { "inputs": { + "disko": "disko", "grzegorz": "grzegorz", "grzegorz-clients": "grzegorz-clients", "matrix-next": "matrix-next", @@ -158,11 +179,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1699021419, - "narHash": "sha256-oy2j2OHXYcckifASMeZzpmbDLSvobMGt0V/RvoDotF4=", + "lastModified": 1699153251, + "narHash": "sha256-CGx98mbAy9svKTa1dzlrVmkJwgGSXpAQUdMh7U0szts=", "owner": "Mic92", "repo": "sops-nix", - "rev": "275b28593ef3a1b9d05b6eeda3ddce2f45f5c06f", + "rev": "5bc2cde6e53241e7df0e8f5df5872223983efa72", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b9720723..7a61169a 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,9 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; @@ -19,7 +22,7 @@ grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, matrix-next, pvv-calendar-bot, nixpkgs-unstable, sops-nix, ... }@inputs: + outputs = { self, nixpkgs, disko, matrix-next, pvv-calendar-bot, nixpkgs-unstable, sops-nix, ... }@inputs: let nixlib = nixpkgs.lib; systems = [ @@ -77,6 +80,15 @@ ]; }; bekkalokk = stableNixosConfig "bekkalokk" { }; + bob = stableNixosConfig "bob" { + modules = [ + ./hosts/bob/configuration.nix + sops-nix.nixosModules.sops + + disko.nixosModules.disko + { disko.devices.disk.disk1.device = "/dev/vda"; } + ]; + }; ildkule = stableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { }; shark = stableNixosConfig "shark" { }; diff --git a/hosts/bob/configuration.nix b/hosts/bob/configuration.nix new file mode 100644 index 00000000..674dac3c --- /dev/null +++ b/hosts/bob/configuration.nix @@ -0,0 +1,46 @@ +{ config, pkgs, values, ... }: +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../base.nix + ../../misc/metrics-exporters.nix + ./disks.nix + + ../../misc/builder.nix + ]; + + sops.defaultSopsFile = ../../secrets/bob/bob.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; + + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.hostName = "bob"; # Define your hostname. + + systemd.network.networks."30-all" = values.defaultNetworkConfig // { + matchConfig.Name = "en*"; + DHCP = "yes"; + gateway = [ ]; + }; + + # List packages installed in system profile + environment.systemPackages = with pkgs; [ + ]; + + # List services that you want to enable: + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/hosts/bob/disks.nix b/hosts/bob/disks.nix new file mode 100644 index 00000000..b2271dd8 --- /dev/null +++ b/hosts/bob/disks.nix @@ -0,0 +1,39 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/bob/hardware-configuration.nix b/hosts/bob/hardware-configuration.nix new file mode 100644 index 00000000..a97a3c36 --- /dev/null +++ b/hosts/bob/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/misc/builder.nix b/misc/builder.nix new file mode 100644 index 00000000..6f3847aa --- /dev/null +++ b/misc/builder.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + nix.settings.trusted-users = [ "@nix-builder-users" ]; +} diff --git a/users/danio.nix b/users/danio.nix index 1ce1e53a..36bfefab 100644 --- a/users/danio.nix +++ b/users/danio.nix @@ -3,7 +3,12 @@ { users.users.danio = { isNormalUser = true; - extraGroups = [ "drift" ]; # Enable ‘sudo’ for the user. + extraGroups = [ "drift" "nix-builder-users" ]; shell = pkgs.zsh; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp8iMOx3eTiG5AmDh2KjKcigf7xdRKn9M7iZQ4RqP0np0UN2NUbu+VAMJmkWFyi3JpxmLuhszU0F1xY+3qM3ARduy1cs89B/bBE85xlOeYhcYVmpcgPR5xduS+TuHTBzFAgp+IU7/lgxdjcJ3PH4K0ruGRcX1xrytmk/vdY8IeSk3GVWDRrRbH6brO4cCCFjX0zJ7G6hBQueTPQoOy3jrUvgpRkzZY4ZCuljXtxbuX5X/2qWAkp8ca0iTQ5FzNA5JUyj+DWeEzjIEz6GrckOdV2LjWpT9+CtOqoPZOUudE1J9mJk4snNlMQjE06It7Kr50bpwoPqnxjo7ZjlHFLezl" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpGSDczzDOhTETCj+uB5e3/9QbOCaVW1knM+n1ey0n6LXH7uiPPmzuZiqfzmfbB1z4bjM2zpn3D6Et6zRCrBUjhTZqf/5GoNlvhVA6QYmBmBp98b8oY7juj5cmu55voxD0S5rC1mQMnWAAf8e8OPbkhs9Lt0XlOYdotLNIZQubzWqE2DK45g/h17ELJs+jkNXoalFjLvLXWzE/C+3pYoeNJVGHfVMTIwt7o64E6JXhxuYTYdSIuzd+BjntkSCXzcAzBFMRwkdlFVoBtLUMMcMQl39kcXv7lAQ8pv+8b1j1N9WuQVf1qEAcZguaimI1ifbXP5d841pZPApCj5KXectIEldfTrcwg8rZpd2UfYS/3XCcOuidBGprY7XsU/jz8wHbH68UjUrsLyaOMnG2ChYztnf63vm3gRs3Fc6FqTycpgYOPDeZBVTcMyPGgtiZvhnTeY20xFS5lK6M+dmgaDqH24kPLiwYSpUF2NK+Rg/2bZxvt/GaSr4U6fJGi3FCJOM= root@DanixLaptop" + ]; }; } diff --git a/values.nix b/values.nix index fdd90932..d69cdee0 100644 --- a/values.nix +++ b/values.nix @@ -37,6 +37,10 @@ in rec { ipv4 = pvv-ipv4 209; ipv6 = pvv-ipv6 209; }; + bob = { + ipv4 = "129.241.152.254"; + # ipv6 = ; + }; shark = { ipv4 = pvv-ipv4 196; ipv6 = pvv-ipv6 196;