From 9e58ac79ffdbba89fbaf0254a110cd7b9c4272a6 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Sun, 1 Dec 2024 03:34:59 +0100 Subject: [PATCH] asd --- .envrc | 1 + .gitignore | 1 + README.md | 1 + flake.lock | 167 +++++++++++++++++++++++ flake.nix | 38 +++--- justfile | 9 ++ machines/bingus/configuration.nix | 9 +- machines/sara/configuration.nix | 34 ----- machines/sara/hardware-configuration.nix | 10 -- modules/shared.nix | 17 ++- users/default.nix | 5 + users/pbsds/default.nix | 38 ++++++ 12 files changed, 263 insertions(+), 67 deletions(-) create mode 100644 .envrc create mode 100644 .gitignore create mode 100644 flake.lock create mode 100644 justfile delete mode 100644 machines/sara/configuration.nix delete mode 100644 machines/sara/hardware-configuration.nix create mode 100644 users/default.nix create mode 100644 users/pbsds/default.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..92b2793 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.direnv diff --git a/README.md b/README.md index 7392800..d0bb5ca 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # fermi +https://clan.lol diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d777a38 --- /dev/null +++ b/flake.lock @@ -0,0 +1,167 @@ +{ + "nodes": { + "clan-core": { + "inputs": { + "disko": "disko", + "flake-parts": "flake-parts", + "nixos-facter-modules": "nixos-facter-modules", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix", + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1732986449, + "narHash": "sha256-8iMboEZJ6jOlBCkvbfc7uXzEX3pJ2GEgZmLp1O2RA4c=", + "rev": "3ace3fa7ec12f095f859365704acccc1e0aa5fb2", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/3ace3fa7ec12f095f859365704acccc1e0aa5fb2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732645828, + "narHash": "sha256-+4U2I2653JvPFxcux837ulwYS864QvEueIljUkwytsk=", + "owner": "nix-community", + "repo": "disko", + "rev": "869ba3a87486289a4197b52a6c9e7222edf00b3e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixos-facter-modules": { + "locked": { + "lastModified": 1732288619, + "narHash": "sha256-zSQ2cR+NRJfHUVfkv+O6Wi53wXfzX8KHiO8fRfnvc0M=", + "owner": "numtide", + "repo": "nixos-facter-modules", + "rev": "862648589993a96480c2255197a28feea712f68f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-facter-modules", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1732238832, + "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "clan-core": "clan-core", + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732186149, + "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732292307, + "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "705df92694af7093dfbb27109ce16d828a79155f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 8537188..16a871f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,18 +1,19 @@ { - description = ""; + description = "hpc club darknet cluster"; - inputs.nixpkgs.follows = "clan-core/nixpkgs"; inputs.clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs.nixpkgs.follows = "clan-core/nixpkgs"; outputs = { self, clan-core, ... }@inputs: let - # Usage see: https://docs.clan.lol + inherit (clan-core.inputs) nixpkgs; + + # https://docs.clan.lol clan = clan-core.lib.buildClan { directory = self; - # Ensure this is unique among all clans you want to use. - meta.name = "phahgeoc2NoN9ufeithohfeiY1quuuSe9ahNaich"; + meta.name = "ntnu-hpc-fermi"; # Prerequisite: boot into the installer. # See: https://docs.clan.lol/getting-started/installer @@ -21,25 +22,28 @@ machines = { # The name will be used as hostname by default. bingus = { }; + /* balleby = { }; */ + /* baltazar = { }; */ + /* bergtor = { }; */ + /* buster = { }; */ }; }; in { - # All machines managed by Clan. + inherit inputs; inherit (clan) nixosConfigurations clanInternals; - # Add the Clan cli tool to the dev shell. - # Use "nix develop" to enter the dev shell. + devShells = - clan-core.inputs.nixpkgs.lib.genAttrs - [ - "x86_64-linux" - "aarch64-linux" - "aarch64-darwin" - "x86_64-darwin" - ] + nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (system: { - default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell { - packages = [ clan-core.packages.${system}.clan-cli ]; + default = nixpkgs.legacyPackages.${system}.mkShell { + packages = [ + clan-core.packages.${system}.clan-cli + nixpkgs.legacyPackages.${system}.sops + nixpkgs.legacyPackages.${system}.just + nixpkgs.legacyPackages.${system}.jq + nixpkgs.legacyPackages.${system}.gum + ]; }; }); }; diff --git a/justfile b/justfile new file mode 100644 index 0000000..3eebb9a --- /dev/null +++ b/justfile @@ -0,0 +1,9 @@ +export GUM_FILTER_HEIGHT := "15" + +build hostname=`just _a_host`: + nom build .#nixosConfigurations."{{hostname}}".config.system.build.toplevel --accept-flake-config --show-trace + +@_a_host: + hostnames="$(nix eval .#nixosConfigurations --apply builtins.attrNames --json 2>/dev/null | jq '.[]' -r)"; \ + if test "$(grep <<<"$hostnames" "^$(hostname)$" | wc -l)" -eq 1; then hostnames="$(hostname; grep <<<"$hostnames" -v "^$(hostname)$")"; fi; \ + gum <<<"$hostnames" filter --placeholder "Pick a host..." diff --git a/machines/bingus/configuration.nix b/machines/bingus/configuration.nix index 42c5c3c..f3efda7 100644 --- a/machines/bingus/configuration.nix +++ b/machines/bingus/configuration.nix @@ -5,21 +5,20 @@ # this file is shared among all machines ../../modules/shared.nix # enables GNOME desktop (optional) - ../../modules/gnome.nix + /* ../../modules/gnome.nix */ ]; # This is your user login name. users.users.user.name = "pbsds"; # Set this for clan commands use ssh i.e. `clan machines update` - clan.core.networking.targetHost = "root@129.241.210.143"; + clan.core.networking.targetHost = "root@129.241.210.149"; # ssh root@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT disko.devices.disk.main.device = "/dev/disk/by-id/wwn-0x50026b7785c5ed67"; users.users.root.openssh.authorizedKeys.keys = [ - '' - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+qv5MogWwOgctQfQeHxUHF2ij6UA8BR4DLXtZClnw6A1CtOjAtZeAW62C8q9OKaIKDO0hqd2vLBkgEno4smqBDJ2ThwKuXrhiHqJzCkXZqIKKx79mpTo7aRpFgkJ7328Ee+tbqa65coL98WRhLnDg69NDaOfSCmH85/D0kuyTG7mYIMdBtFXB/IU0QC9USCSGcUGSnQAEx8S0vaXL7JP043kfEfeqwsea598qX+LFa2UfGwgLBpiWi4QEfYy6fviz2TFkbRYKQImybidzUHZkljjPupqu8U4dIx/jsJM/vew717xZPCU0ZCho77TIU+bYSitD5mjnzuD7LrAdbFgnhkD2sQlD/hUW40kPVT/Tq3DrpDRKC9tniiTaIQV1Pe0k82XwYrvV/hTl8T1ed6TuzhmUggqowAbJRbaBIa1zI672AFFQM8OBIN59ZlLy3V2RZW4fvQk2/xMRdVBT0W5Upx+9rCbH9LCGWL8gNNA/PRJ0L9Ts6cq8kf4tFhFQQrk= pbsds@bjarte - '' + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+qv5MogWwOgctQfQeHxUHF2ij6UA8BR4DLXtZClnw6A1CtOjAtZeAW62C8q9OKaIKDO0hqd2vLBkgEno4smqBDJ2ThwKuXrhiHqJzCkXZqIKKx79mpTo7aRpFgkJ7328Ee+tbqa65coL98WRhLnDg69NDaOfSCmH85/D0kuyTG7mYIMdBtFXB/IU0QC9USCSGcUGSnQAEx8S0vaXL7JP043kfEfeqwsea598qX+LFa2UfGwgLBpiWi4QEfYy6fviz2TFkbRYKQImybidzUHZkljjPupqu8U4dIx/jsJM/vew717xZPCU0ZCho77TIU+bYSitD5mjnzuD7LrAdbFgnhkD2sQlD/hUW40kPVT/Tq3DrpDRKC9tniiTaIQV1Pe0k82XwYrvV/hTl8T1ed6TuzhmUggqowAbJRbaBIa1zI672AFFQM8OBIN59ZlLy3V2RZW4fvQk2/xMRdVBT0W5Upx+9rCbH9LCGWL8gNNA/PRJ0L9Ts6cq8kf4tFhFQQrk= pbsds@bjarte" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte" ]; # Zerotier needs one controller to accept new nodes. Once accepted diff --git a/machines/sara/configuration.nix b/machines/sara/configuration.nix deleted file mode 100644 index b68885d..0000000 --- a/machines/sara/configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - imports = [ - ../../modules/disko.nix - ../../modules/shared.nix - # enables GNOME desktop (optional) - ../../modules/gnome.nix - ]; - # Put your username here for login - users.users.user.name = ""; - - # Set this for clan commands use ssh i.e. `clan machines update` - # If you change the hostname, you need to update this line to root@ - # This only works however if you have avahi running on your admin machine else use IP - clan.core.networking.targetHost = "root@"; - - # You can get your disk id by running the following command on the installer: - # Replace with the IP of the installer printed on the screen or by running the `ip addr` command. - # ssh root@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT - disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__"; - - # IMPORTANT! Add your SSH key here - # e.g. > cat ~/.ssh/id_ed25519.pub - users.users.root.openssh.authorizedKeys.keys = [ - '' - __YOUR_SSH_KEY__ - '' - ]; - /* - After jon is deployed, uncomment the following line - This will allow sara to share the VPN overlay network with jon - The networkId is generated by the first deployment of jon - */ - # clan.core.networking.zerotier.networkId = builtins.readFile ../jon/facts/zerotier-network-id; -} diff --git a/machines/sara/hardware-configuration.nix b/machines/sara/hardware-configuration.nix deleted file mode 100644 index e4db1a9..0000000 --- a/machines/sara/hardware-configuration.nix +++ /dev/null @@ -1,10 +0,0 @@ -# Replace this file with an actual hardware-configuration.nix! -throw '' - Did you forget to generate your hardware config? - - Run the following command: - - 'ssh root@ nixos-generate-config --no-filesystems --show-hardware-config > hardware-configuration.nix' - - Then replace this file with the generated "hardware-configuration.nix". -'' diff --git a/modules/shared.nix b/modules/shared.nix index 16a33e3..90724b2 100644 --- a/modules/shared.nix +++ b/modules/shared.nix @@ -1,4 +1,4 @@ -{ config, clan-core, ... }: +{ config, lib, pkgs, clan-core, ... }: { imports = [ # Enables the OpenSSH server for remote access @@ -7,6 +7,8 @@ clan-core.clanModules.root-password clan-core.clanModules.user-password clan-core.clanModules.state-version + # users + ../users ]; # Locale service discovery and mDNS @@ -26,4 +28,17 @@ uid = 1000; openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; }; + + environment.systemPackages = [ + pkgs.ddrescue + pkgs.gptfdisk + pkgs.ms-sys + pkgs.nvme-cli + pkgs.parted + pkgs.pciutils + pkgs.smartmontools + pkgs.testdisk + pkgs.usbutils + ]; + } diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..e434c38 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./pbsds + ]; +} diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix new file mode 100644 index 0000000..1085f87 --- /dev/null +++ b/users/pbsds/default.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: +{ + users.users.pbsds = { + isNormalUser = true; + description = "kul kis"; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + + packages = with pkgs; [ + atool + bat + edir + fd + htop + jq + micro + ncdu + ripgrep + sd + tmux + wget + xe + yq + ]; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+qv5MogWwOgctQfQeHxUHF2ij6UA8BR4DLXtZClnw6A1CtOjAtZeAW62C8q9OKaIKDO0hqd2vLBkgEno4smqBDJ2ThwKuXrhiHqJzCkXZqIKKx79mpTo7aRpFgkJ7328Ee+tbqa65coL98WRhLnDg69NDaOfSCmH85/D0kuyTG7mYIMdBtFXB/IU0QC9USCSGcUGSnQAEx8S0vaXL7JP043kfEfeqwsea598qX+LFa2UfGwgLBpiWi4QEfYy6fviz2TFkbRYKQImybidzUHZkljjPupqu8U4dIx/jsJM/vew717xZPCU0ZCho77TIU+bYSitD5mjnzuD7LrAdbFgnhkD2sQlD/hUW40kPVT/Tq3DrpDRKC9tniiTaIQV1Pe0k82XwYrvV/hTl8T1ed6TuzhmUggqowAbJRbaBIa1zI672AFFQM8OBIN59ZlLy3V2RZW4fvQk2/xMRdVBT0W5Upx+9rCbH9LCGWL8gNNA/PRJ0L9Ts6cq8kf4tFhFQQrk= pbsds@bjarte" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCo5/9uHIKhhpVbcLSKslj9wdBiV4YaY/tydTfypNZBMMP2U54640t8JvHHkxCZRur8AqYupellxAqkmKn516Ut0WvfQcNgF7ieI66JHkK1j7kSFHHG1nkJHslwCh2PeYtfx5zHZZq8X9v/UjVGY182BC4BHC5zixmNiUvvc+N24BRT4NwslFmMYVcTdoNBSJXPgte4uUd+FZrAnHQrjYdJVANgI4i1d11mxlDFgJrPJj30KaIDxHAsAWgCEqGLMDO9N1cpGGbXVeXfoGvv+vdCXgbyA8BK7wWwXvy5HlvhpEJo8g84r6uKMMkEf+K1MpTiaNjdu+7/sKD/ZOyDB4RgCBs0DskouWRi+xfxABaKBj6706Z3hpj+GfpuSXrHKgGYXIL4cZHaAlz8GVsN1mUL4eJ12Sk14Od2QUHbzp7TDz5eaWuczPs5W9qXwNDMZcmBBZ3mkt9ZYPvAPRjeLpAKhhA9xPL3hbob5hhAENTWsFRFJEgpm8l362XFIOLHr/M= pbsds@rocm" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpuDBMll1viLKd/wm1lCy9iozyKeXMBHDwhdJOpeRLe pbsds@nord" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOm2UFDD+qsnKvlBBZ/nhBqY9yeLewwF/bexD2SUL7E3 pbsds@sopp" + #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILocbYCqu63RT2+mE0l+ZWWw9RVHNcydtLXbLklg6oPe pederbs@pvv" + ]; + }; +}