palo
/
nixos-config
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

working on orbi partition type.

feature/clan.lol
Ingolf Wagner 2024-02-26 09:44:59 +01:00
parent 3993efb345
commit 96a7ec46f5
Signed by: palo
GPG Key ID: 76BF5F1928B9618B
6 changed files with 280 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
flake.lock
View File

@ -186,6 +186,28 @@
"type": "github"
}
},
"disko_2": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701905325,
"narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=",
"owner": "nix-community",
"repo": "disko",
"rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"dns": {
"inputs": {
"flake-utils": "flake-utils",
@ -467,6 +489,27 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1614513358,
@ -798,6 +841,29 @@
"type": "github"
}
},
"nixos-anywhere": {
"inputs": {
"disko": "disko_2",
"flake-parts": "flake-parts",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1708558490,
"narHash": "sha256-bpW7plldI3VaCbYy0sTqkJQBXNCBupCJbcbezonOB+I=",
"owner": "nix-community",
"repo": "nixos-anywhere",
"rev": "b6abac7b0e2405b1ee4da44b6130c4571b2ed8bb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-anywhere",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1706782449,
@ -813,6 +879,47 @@
"type": "github"
}
},
"nixos-images": {
"inputs": {
"nixos-2311": [
"nixos-anywhere",
"nixos-stable"
],
"nixos-unstable": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702375325,
"narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1702233072,
"narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1636416043,
@ -978,6 +1085,22 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1702310776,
"narHash": "sha256-T2KJpsNjAytMsP6+xrhXfAb2KTG6Yt2D4hTTugpsJFo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "120a26f8ce32ac2bdc0e49a9fed830b7446416b4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1706515015,
"narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=",
@ -993,7 +1116,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1701263465,
"narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
@ -1009,7 +1132,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -1023,7 +1146,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1706173671,
"narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=",
@ -1039,7 +1162,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1707929101,
"narHash": "sha256-mF639zYYhQ6+LZgIP33weVdOmLbY7GHAhK+XsIFEEqU=",
@ -1138,7 +1261,7 @@
"overviewer": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"pandoc_template": "pandoc_template"
},
"locked": {
@ -1211,7 +1334,7 @@
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1688766095,
@ -1285,8 +1408,9 @@
"kmonad": "kmonad",
"landingpage": "landingpage",
"nixinate": "nixinate",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-fmt": "nixpkgs-fmt",
"nixpkgs-legacy_2105": "nixpkgs-legacy_2105",
"nixpkgs-legacy_2205": "nixpkgs-legacy_2205",
@ -1401,7 +1525,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@ -1420,7 +1544,7 @@
},
"srvos": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1708003942,
@ -1536,6 +1660,27 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702376629,
"narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"ts-fold": {
"flake": false,
"locked": {

4
flake.nix
View File

@ -13,6 +13,8 @@
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -98,6 +100,7 @@
, kmonad
, landingpage
, nixinate
, nixos-anywhere
, nixos-hardware
, nixpkgs
, nixpkgs-fmt
@ -287,6 +290,7 @@
pkgs.mkShell {
buildInputs = [
nixpkgs-fmt.defaultPackage.${system}
nixos-anywhere.packages.${system}.nixos-anywhere
];
};

1
nixos/machines/orbi/configuration.nix
View File

@ -73,4 +73,5 @@
boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "5bb982a6";
}

186
nixos/machines/orbi/disko-config.nix
View File

@ -17,65 +17,87 @@ in
disko.devices = {
disk =
lib.genAttrs disks (disk: {
name = disk;
#name = disk;
type = "disk";
device = "/dev/${disk}";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "ESP";
start = "0";
end = "500MiB";
bootable = true;
#type = "table";
type = "gpt";
partitions = {
boot = {
#start = "0";
#end = "1M";
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
#start = "1M";
#end = "500M";
size = "500M";
type = "EF00";
# bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}";
# mountpoint = "/boot";
mountpoint = "/boot_${disk}";
mountOptions = [ "defaults" ];
};
}
{
name = "zfs";
start = "500MiB";
end = "500GiB";
};
#{
# name = "ESP";
# start = "1M";
# end = "500MiB";
# bootable = true;
# content = {
# type = "filesystem";
# format = "vfat";
# mountpoint = "/boot_${disk}";
# mountOptions = [ "defaults" ];
# };
#}
root = {
#name = "zfs";
#start = "500M";
#end = "500G";
size = "500G";
# content = {
# type = "luks";
# name = "root_${disk}";
# settings = {
# # if you want to use the key for interactive login be sure there is no trailing newline
# # for example use `echo -n "password" > /run/secret.key`
# # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
# keyFile = "/run/secret.key";
# allowDiscards = true;
# };
content = {
type = "luks";
name = "root_${disk}";
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
keyFile = "/run/secret.key";
allowDiscards = true;
};
content = {
type = "zfs";
pool = "zroot";
};
type = "zfs";
pool = "zroot";
};
}
{
name = "zfs";
start = "500GiB";
end = "100%";
content = {
type = "luks";
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
keyFile = "/run/secret.key";
allowDiscards = true;
};
name = "media_${disk}";
content = {
type = "zfs";
pool = "zmedia";
};
};
}
];
# };
};
#media = {
# #name = "zfs";
# #start = "500G";
# #end = "100%";
# size = "100%";
# # content = {
# # type = "luks";
# # settings = {
# # # if you want to use the key for interactive login be sure there is no trailing newline
# # # for example use `echo -n "password" > /run/secret.key`
# # keyFile = "/run/secret.key";
# # allowDiscards = true;
# # };
# # name = "media_${disk}";
# content = {
# type = "zfs";
# pool = "zmedia";
# };
# # };
#};
};
};
});
@ -111,39 +133,39 @@ in
};
# `zpool import -f zraid` once on the first boot and reboot
zmedia = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
canmount = "off";
};
datasets = {
"media" = {
type = "zfs_fs";
mountpoint = "/media";
options = {
mountpoint = "legacy";
compression = "lz4";
#"com.sun:auto-snapshot:daily" = false;
#"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false;
};
};
# todo make sure this disk has some minimum space
"nextcloud" = {
type = "zfs_fs";
mountpoint = "/var/lib/nextcloud";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false;
};
};
};
};
#zmedia = {
# type = "zpool";
# rootFsOptions = {
# mountpoint = "none";
# canmount = "off";
# };
# datasets = {
# "media" = {
# type = "zfs_fs";
# mountpoint = "/media";
# options = {
# mountpoint = "legacy";
# compression = "lz4";
# #"com.sun:auto-snapshot:daily" = false;
# #"com.sun:auto-snapshot:weekly" = false;
# #"com.sun:auto-snapshot:monthly" = false;
# };
# };
# # todo make sure this disk has some minimum space
# "nextcloud" = {
# type = "zfs_fs";
# mountpoint = "/var/lib/nextcloud";
# options = {
# mountpoint = "legacy";
# compression = "lz4";
# "com.sun:auto-snapshot:hourly" = toString true;
# "com.sun:auto-snapshot:daily" = toString true;
# #"com.sun:auto-snapshot:weekly" = false;
# #"com.sun:auto-snapshot:monthly" = false;
# };
# };
# };
#};
};
};

15
nixos/machines/orbi/hardware-configuration.nix
View File

@ -1,18 +1,3 @@
## Do not modify this file! It was generated by nixos-generate-config
## and may be overwritten by future invocations. Please make changes
## to /etc/nixos/configuration.nix instead.
#{ config, lib, pkgs, modulesPath, ... }:
#
#{
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
#
# boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
# boot.initrd.kernelModules = [ "dm-snapshot" ];
# boot.kernelModules = [ "kvm-intel" ];
# boot.extraModulePackages = [ ];
#
#}
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.

40
nixos/machines/orbi/hetzner.nix
View File

@ -27,12 +27,6 @@ let
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# needed lvm for raid
#boot.initrd.kernelModules = [ ];
boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
@ -45,12 +39,12 @@ in
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
efiSupport = false;
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
};
boot.loader.grub.mirroredBoots = [
{ path = "/boot"; devices = [ "/dev/sda" ]; }
{ path = "/boot_sda"; devices = [ "/dev/sdb" ]; }
];
#boot.loader.grub.mirroredBoots = [
# { path = "/boot_sda"; devices = [ "/dev/sda" ]; }
# { path = "/boot_sdb"; devices = [ "/dev/sdb" ]; }
#];
networking.hostName = hostName;
@ -91,18 +85,18 @@ in
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
#];
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.availableKernelModules = [ networkInterfaceModule ];
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222;
hostKeys = [
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ed25519_key
];
};
#boot.kernelParams = [ "ip=dhcp" ];
#boot.initrd.availableKernelModules = [ networkInterfaceModule ];
#boot.initrd.network.enable = true;
#boot.initrd.network.ssh = {
# enable = true;
# authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
# port = 2222;
# hostKeys = [
# /etc/ssh/ssh_host_rsa_key
# /etc/ssh/ssh_host_ed25519_key
# ];
#};
}