diff --git a/.direnv/flake-inputs/0v3c43fqlq4fk4j5rpqkfxjpxj04dp7g-source b/.direnv/flake-inputs/0v3c43fqlq4fk4j5rpqkfxjpxj04dp7g-source new file mode 120000 index 0000000..5f38963 --- /dev/null +++ b/.direnv/flake-inputs/0v3c43fqlq4fk4j5rpqkfxjpxj04dp7g-source @@ -0,0 +1 @@ +/nix/store/0v3c43fqlq4fk4j5rpqkfxjpxj04dp7g-source \ No newline at end of file diff --git a/.direnv/flake-inputs/5z536r2qr0vmdx40j5rfsbnp8sckirwm-source b/.direnv/flake-inputs/5z536r2qr0vmdx40j5rfsbnp8sckirwm-source new file mode 120000 index 0000000..dbbf44c --- /dev/null +++ b/.direnv/flake-inputs/5z536r2qr0vmdx40j5rfsbnp8sckirwm-source @@ -0,0 +1 @@ +/nix/store/5z536r2qr0vmdx40j5rfsbnp8sckirwm-source \ No newline at end of file diff --git a/.direnv/flake-inputs/b7275pq9f70ww17mfnpib14hn5kyhkj9-source b/.direnv/flake-inputs/b7275pq9f70ww17mfnpib14hn5kyhkj9-source new file mode 120000 index 0000000..573444c --- /dev/null +++ b/.direnv/flake-inputs/b7275pq9f70ww17mfnpib14hn5kyhkj9-source @@ -0,0 +1 @@ +/nix/store/b7275pq9f70ww17mfnpib14hn5kyhkj9-source \ No newline at end of file diff --git a/.direnv/flake-inputs/dc2fivkjahwx47zhjs9jx19ybd9wwcdr-source b/.direnv/flake-inputs/dc2fivkjahwx47zhjs9jx19ybd9wwcdr-source new file mode 120000 index 0000000..a06d509 --- /dev/null +++ b/.direnv/flake-inputs/dc2fivkjahwx47zhjs9jx19ybd9wwcdr-source @@ -0,0 +1 @@ +/nix/store/dc2fivkjahwx47zhjs9jx19ybd9wwcdr-source \ No newline at end of file diff --git a/.direnv/flake-inputs/g0999c0imjgzjwfp0fx329ba6mfasdyz-source b/.direnv/flake-inputs/g0999c0imjgzjwfp0fx329ba6mfasdyz-source new file mode 120000 index 0000000..63f36d4 --- /dev/null +++ b/.direnv/flake-inputs/g0999c0imjgzjwfp0fx329ba6mfasdyz-source @@ -0,0 +1 @@ +/nix/store/g0999c0imjgzjwfp0fx329ba6mfasdyz-source \ No newline at end of file diff --git a/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa new file mode 120000 index 0000000..c0d5f40 --- /dev/null +++ b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa @@ -0,0 +1 @@ +/code/config/.direnv/flake-profile.2826388 \ No newline at end of file diff --git a/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc @@ -0,0 +1 @@ + diff --git a/.envrc b/.envrc index 2df8835..88371f7 100644 --- a/.envrc +++ b/.envrc @@ -5,3 +5,9 @@ if [ "$(git config diff.gpg.textconv)" != "$_gpgconv" ]; then fi export PASSWORD_STORE_DIR=$PWD + +if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs=" +fi + +use flake diff --git a/.gitignore b/.gitignore index c4a847d..81e6ba1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /result +./.direnv diff --git a/configuration.nix b/configuration.nix index 3d71a44..113b397 100644 --- a/configuration.nix +++ b/configuration.nix @@ -62,7 +62,8 @@ let in { imports = [ - /etc/nixos/hardware-configuration.nix /etc/nixos/zfs.nix + ./hardware-configuration.nix + ./zfs.nix ]; nixpkgs.overlays = [ (self: super: { diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6c19f27 --- /dev/null +++ b/flake.lock @@ -0,0 +1,84 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ + "flake-utils" + ] + }, + "locked": { + "lastModified": 1674127017, + "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1680122840, + "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index a7f61ff..6a635f2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,20 +1,40 @@ { - description = "flake for hel1-a"; + description = "motiejus/config"; inputs = { - nixpkgs = { - url = "github:NixOS/nixpkgs/nixos-22.11"; - }; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; + + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + deploy-rs.inputs.utils.follows = "flake-utils"; + + flake-utils.url = "github:numtide/flake-utils"; + }; - outputs = { self, nixpkgs }: { - nixosConfigurations = { - hel1-a = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ + outputs = { self, nixpkgs, deploy-rs, flake-utils }: { + nixosConfigurations.hel1-a = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix - ]; + ./hardware-configuration.nix + ./zfs.nix + ]; + }; + + deploy.nodes.example = { + hostname = "hel1-a.servers.jakst"; + profiles = { + system = { + sshUser = "motiejus"; + path = + deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.hel1-a; + user = "root"; + }; }; }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; } + diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..68326ee --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,61 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/nixos/root"; + fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + }; + + fileSystems."/home" = + { device = "rpool/nixos/home"; + fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + }; + + fileSystems."/var/lib" = + { device = "rpool/nixos/var/lib"; + fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + }; + + fileSystems."/var/log" = + { device = "rpool/nixos/var/log"; + fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + }; + + fileSystems."/boot" = + { device = "bpool/nixos/root"; + fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + }; + + fileSystems."/boot/efis/scsi-0QEMU_QEMU_HARDDISK_9233346-part1" = + { device = "/dev/disk/by-uuid/B6D7-D52E"; + fsType = "vfat"; + }; + + #fileSystems."/boot/efi" = + # { device = "/boot/efis/scsi-0QEMU_QEMU_HARDDISK_9233346-part1"; + # fsType = "none"; + # options = [ "bind" ]; + # }; + + swapDevices = [ { device = "/dev/disk/by-uuid/03ebe703-aa24-4ee5-a7c3-f8614ee779b0"; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixpkgs.nix b/nixpkgs.nix new file mode 100644 index 0000000..375f4f6 --- /dev/null +++ b/nixpkgs.nix @@ -0,0 +1,6 @@ +let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + spec = lock.nodes.nixpkgs.locked; + nixpkgs = fetchTarball "https://github.com/${spec.owner}/${spec.repo}/archive/${spec.rev}.tar.gz"; +in +import nixpkgs diff --git a/zfs.nix b/zfs.nix new file mode 100644 index 0000000..b269839 --- /dev/null +++ b/zfs.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: + +{ boot.supportedFilesystems = [ "zfs" ]; + networking.hostId = "cd1a441c"; + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; +boot.loader.efi.efiSysMountPoint = "/boot/efi"; +boot.loader.efi.canTouchEfiVariables = false; +boot.loader.generationsDir.copyKernels = true; +boot.loader.grub.efiInstallAsRemovable = true; +boot.loader.grub.enable = true; +boot.loader.grub.version = 2; +boot.loader.grub.copyKernels = true; +boot.loader.grub.efiSupport = true; +boot.loader.grub.zfsSupport = true; +#boot.loader.grub.extraPrepareConfig = '' +# mkdir -p /boot/efis +# for i in /boot/efis/*; do mount $i ; done +# +# mkdir -p /boot/efi +# mount /boot/efi +#''; +#boot.loader.grub.extraInstallCommands = '' +#ESP_MIRROR=$(mktemp -d) +#cp -r /boot/efi/EFI $ESP_MIRROR +#for i in /boot/efis/*; do +# cp -r $ESP_MIRROR/EFI $i +#done +#rm -rf $ESP_MIRROR +#''; +boot.loader.grub.devices = [ + "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_9233346" + ]; +users.users.root.initialHashedPassword = "$6$oXLEcliXQJloPkrW$Or3O2tLdpLMs4s4gyn2hJlvMjm0S7zLlFlQCOx.S3fdLKxyFjQFaLhPZXJPluZ7iYrB65JSdT0ESluFwgJwLi."; +}