From 96a7ec46f5063bc1a89ad7062d4afbd0912c9585 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Mon, 26 Feb 2024 09:44:59 +0100 Subject: [PATCH] working on orbi partition type. --- flake.lock | 163 ++++++++++++++- flake.nix | 4 + nixos/machines/orbi/configuration.nix | 1 + nixos/machines/orbi/disko-config.nix | 186 ++++++++++-------- .../machines/orbi/hardware-configuration.nix | 15 -- nixos/machines/orbi/hetzner.nix | 40 ++-- 6 files changed, 280 insertions(+), 129 deletions(-) diff --git a/flake.lock b/flake.lock index ac73972..bf5451e 100644 --- a/flake.lock +++ b/flake.lock @@ -186,6 +186,28 @@ "type": "github" } }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701905325, + "narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=", + "owner": "nix-community", + "repo": "disko", + "rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "dns": { "inputs": { "flake-utils": "flake-utils", @@ -467,6 +489,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1614513358, @@ -798,6 +841,29 @@ "type": "github" } }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": "nixpkgs_4", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1708558490, + "narHash": "sha256-bpW7plldI3VaCbYy0sTqkJQBXNCBupCJbcbezonOB+I=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "b6abac7b0e2405b1ee4da44b6130c4571b2ed8bb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1706782449, @@ -813,6 +879,47 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-2311": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702375325, + "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1702233072, + "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1636416043, @@ -978,6 +1085,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1702310776, + "narHash": "sha256-T2KJpsNjAytMsP6+xrhXfAb2KTG6Yt2D4hTTugpsJFo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "120a26f8ce32ac2bdc0e49a9fed830b7446416b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1706515015, "narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=", @@ -993,7 +1116,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1701263465, "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=", @@ -1009,7 +1132,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1632855891, "narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=", @@ -1023,7 +1146,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1706173671, "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=", @@ -1039,7 +1162,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1707929101, "narHash": "sha256-mF639zYYhQ6+LZgIP33weVdOmLbY7GHAhK+XsIFEEqU=", @@ -1138,7 +1261,7 @@ "overviewer": { "inputs": { "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "pandoc_template": "pandoc_template" }, "locked": { @@ -1211,7 +1334,7 @@ "polygon-art": { "inputs": { "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1688766095, @@ -1285,8 +1408,9 @@ "kmonad": "kmonad", "landingpage": "landingpage", "nixinate": "nixinate", + "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-fmt": "nixpkgs-fmt", "nixpkgs-legacy_2105": "nixpkgs-legacy_2105", "nixpkgs-legacy_2205": "nixpkgs-legacy_2205", @@ -1401,7 +1525,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -1420,7 +1544,7 @@ }, "srvos": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1708003942, @@ -1536,6 +1660,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702376629, + "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "ts-fold": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index e64f7e4..a04dbf7 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,8 @@ nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05"; nixos-hardware.url = "github:nixos/nixos-hardware"; + nixos-anywhere.url = "github:nix-community/nixos-anywhere"; + home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -98,6 +100,7 @@ , kmonad , landingpage , nixinate + , nixos-anywhere , nixos-hardware , nixpkgs , nixpkgs-fmt @@ -287,6 +290,7 @@ pkgs.mkShell { buildInputs = [ nixpkgs-fmt.defaultPackage.${system} + nixos-anywhere.packages.${system}.nixos-anywhere ]; }; diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix index 60375ea..dbd872a 100644 --- a/nixos/machines/orbi/configuration.nix +++ b/nixos/machines/orbi/configuration.nix @@ -73,4 +73,5 @@ boot.supportedFilesystems = [ "zfs" ]; # head -c4 /dev/urandom | od -A none -t x4 networking.hostId = "5bb982a6"; + } diff --git a/nixos/machines/orbi/disko-config.nix b/nixos/machines/orbi/disko-config.nix index 4f7093c..38b3e77 100644 --- a/nixos/machines/orbi/disko-config.nix +++ b/nixos/machines/orbi/disko-config.nix @@ -17,65 +17,87 @@ in disko.devices = { disk = lib.genAttrs disks (disk: { - name = disk; + #name = disk; type = "disk"; device = "/dev/${disk}"; content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "ESP"; - start = "0"; - end = "500MiB"; - bootable = true; + #type = "table"; + type = "gpt"; + partitions = { + boot = { + #start = "0"; + #end = "1M"; + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + #start = "1M"; + #end = "500M"; + size = "500M"; + type = "EF00"; + # bootable = true; content = { type = "filesystem"; format = "vfat"; - mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}"; + # mountpoint = "/boot"; + mountpoint = "/boot_${disk}"; mountOptions = [ "defaults" ]; }; - } - { - name = "zfs"; - start = "500MiB"; - end = "500GiB"; + }; + #{ + # name = "ESP"; + # start = "1M"; + # end = "500MiB"; + # bootable = true; + # content = { + # type = "filesystem"; + # format = "vfat"; + # mountpoint = "/boot_${disk}"; + # mountOptions = [ "defaults" ]; + # }; + #} + root = { + #name = "zfs"; + #start = "500M"; + #end = "500G"; + size = "500G"; + # content = { + # type = "luks"; + # name = "root_${disk}"; + # settings = { + # # if you want to use the key for interactive login be sure there is no trailing newline + # # for example use `echo -n "password" > /run/secret.key` + # # or use nixos-anywhere --disk-encryption-keys /run/secret.key + # keyFile = "/run/secret.key"; + # allowDiscards = true; + # }; content = { - type = "luks"; - name = "root_${disk}"; - settings = { - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /run/secret.key` - # or use nixos-anywhere --disk-encryption-keys /run/secret.key - keyFile = "/run/secret.key"; - allowDiscards = true; - }; - content = { - type = "zfs"; - pool = "zroot"; - }; + type = "zfs"; + pool = "zroot"; }; - } - { - name = "zfs"; - start = "500GiB"; - end = "100%"; - content = { - type = "luks"; - settings = { - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /run/secret.key` - keyFile = "/run/secret.key"; - allowDiscards = true; - }; - name = "media_${disk}"; - content = { - type = "zfs"; - pool = "zmedia"; - }; - }; - } - ]; + # }; + }; + #media = { + # #name = "zfs"; + # #start = "500G"; + # #end = "100%"; + # size = "100%"; + # # content = { + # # type = "luks"; + # # settings = { + # # # if you want to use the key for interactive login be sure there is no trailing newline + # # # for example use `echo -n "password" > /run/secret.key` + # # keyFile = "/run/secret.key"; + # # allowDiscards = true; + # # }; + # # name = "media_${disk}"; + # content = { + # type = "zfs"; + # pool = "zmedia"; + # }; + # # }; + #}; + }; }; }); @@ -111,39 +133,39 @@ in }; # `zpool import -f zraid` once on the first boot and reboot - zmedia = { - type = "zpool"; - rootFsOptions = { - mountpoint = "none"; - canmount = "off"; - }; - datasets = { - "media" = { - type = "zfs_fs"; - mountpoint = "/media"; - options = { - mountpoint = "legacy"; - compression = "lz4"; - #"com.sun:auto-snapshot:daily" = false; - #"com.sun:auto-snapshot:weekly" = false; - #"com.sun:auto-snapshot:monthly" = false; - }; - }; - # todo make sure this disk has some minimum space - "nextcloud" = { - type = "zfs_fs"; - mountpoint = "/var/lib/nextcloud"; - options = { - mountpoint = "legacy"; - compression = "lz4"; - "com.sun:auto-snapshot:hourly" = toString true; - "com.sun:auto-snapshot:daily" = toString true; - #"com.sun:auto-snapshot:weekly" = false; - #"com.sun:auto-snapshot:monthly" = false; - }; - }; - }; - }; + #zmedia = { + # type = "zpool"; + # rootFsOptions = { + # mountpoint = "none"; + # canmount = "off"; + # }; + # datasets = { + # "media" = { + # type = "zfs_fs"; + # mountpoint = "/media"; + # options = { + # mountpoint = "legacy"; + # compression = "lz4"; + # #"com.sun:auto-snapshot:daily" = false; + # #"com.sun:auto-snapshot:weekly" = false; + # #"com.sun:auto-snapshot:monthly" = false; + # }; + # }; + # # todo make sure this disk has some minimum space + # "nextcloud" = { + # type = "zfs_fs"; + # mountpoint = "/var/lib/nextcloud"; + # options = { + # mountpoint = "legacy"; + # compression = "lz4"; + # "com.sun:auto-snapshot:hourly" = toString true; + # "com.sun:auto-snapshot:daily" = toString true; + # #"com.sun:auto-snapshot:weekly" = false; + # #"com.sun:auto-snapshot:monthly" = false; + # }; + # }; + # }; + #}; }; }; diff --git a/nixos/machines/orbi/hardware-configuration.nix b/nixos/machines/orbi/hardware-configuration.nix index 5e9cebd..2efd98b 100644 --- a/nixos/machines/orbi/hardware-configuration.nix +++ b/nixos/machines/orbi/hardware-configuration.nix @@ -1,18 +1,3 @@ -## Do not modify this file! It was generated by ‘nixos-generate-config’ -## and may be overwritten by future invocations. Please make changes -## to /etc/nixos/configuration.nix instead. -#{ config, lib, pkgs, modulesPath, ... }: -# -#{ -# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; -# -# boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ]; -# boot.initrd.kernelModules = [ "dm-snapshot" ]; -# boot.kernelModules = [ "kvm-intel" ]; -# boot.extraModulePackages = [ ]; -# -#} - # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. diff --git a/nixos/machines/orbi/hetzner.nix b/nixos/machines/orbi/hetzner.nix index d3f4a9a..95cf8aa 100644 --- a/nixos/machines/orbi/hetzner.nix +++ b/nixos/machines/orbi/hetzner.nix @@ -27,12 +27,6 @@ let in { - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - # needed lvm for raid #boot.initrd.kernelModules = [ ]; boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass"; @@ -45,12 +39,12 @@ in boot.loader.systemd-boot.enable = false; boot.loader.grub = { enable = true; - efiSupport = false; + efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines. }; - boot.loader.grub.mirroredBoots = [ - { path = "/boot"; devices = [ "/dev/sda" ]; } - { path = "/boot_sda"; devices = [ "/dev/sdb" ]; } - ]; + #boot.loader.grub.mirroredBoots = [ + # { path = "/boot_sda"; devices = [ "/dev/sda" ]; } + # { path = "/boot_sdb"; devices = [ "/dev/sdb" ]; } + #]; networking.hostName = hostName; @@ -91,18 +85,18 @@ in # "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" #]; - boot.kernelParams = [ "ip=dhcp" ]; - boot.initrd.availableKernelModules = [ networkInterfaceModule ]; - boot.initrd.network.enable = true; - boot.initrd.network.ssh = { - enable = true; - authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; - port = 2222; - hostKeys = [ - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_ed25519_key - ]; - }; + #boot.kernelParams = [ "ip=dhcp" ]; + #boot.initrd.availableKernelModules = [ networkInterfaceModule ]; + #boot.initrd.network.enable = true; + #boot.initrd.network.ssh = { + # enable = true; + # authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; + # port = 2222; + # hostKeys = [ + # /etc/ssh/ssh_host_rsa_key + # /etc/ssh/ssh_host_ed25519_key + # ]; + #}; }