palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

working on orbi partition type.

Browse source
This commit is contained in:
Ingolf Wagner 2024-02-26 09:44:59 +01:00
parent 3993efb345
commit 96a7ec46f5
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
6 changed files with 280 additions and 129 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

163
flake.lock
View file

@ -186,6 +186,28 @@
"type": "github" "type": "github"
} }
}, },
"disko_2": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701905325,
"narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=",
"owner": "nix-community",
"repo": "disko",
"rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"dns": { "dns": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -467,6 +489,27 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1614513358, "lastModified": 1614513358,
@ -798,6 +841,29 @@
"type": "github" "type": "github"
} }
}, },
"nixos-anywhere": {
"inputs": {
"disko": "disko_2",
"flake-parts": "flake-parts",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1708558490,
"narHash": "sha256-bpW7plldI3VaCbYy0sTqkJQBXNCBupCJbcbezonOB+I=",
"owner": "nix-community",
"repo": "nixos-anywhere",
"rev": "b6abac7b0e2405b1ee4da44b6130c4571b2ed8bb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-anywhere",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1706782449, "lastModified": 1706782449,
@ -813,6 +879,47 @@
"type": "github" "type": "github"
} }
}, },
"nixos-images": {
"inputs": {
"nixos-2311": [
"nixos-anywhere",
"nixos-stable"
],
"nixos-unstable": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702375325,
"narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1702233072,
"narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1636416043, "lastModified": 1636416043,
@ -978,6 +1085,22 @@
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": {
"lastModified": 1702310776,
"narHash": "sha256-T2KJpsNjAytMsP6+xrhXfAb2KTG6Yt2D4hTTugpsJFo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "120a26f8ce32ac2bdc0e49a9fed830b7446416b4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1706515015, "lastModified": 1706515015,
"narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=", "narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=",
@ -993,7 +1116,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1701263465, "lastModified": 1701263465,
"narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=", "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
@ -1009,7 +1132,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1632855891, "lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=", "narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -1023,7 +1146,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1706173671, "lastModified": 1706173671,
"narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=", "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=",
@ -1039,7 +1162,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1707929101, "lastModified": 1707929101,
"narHash": "sha256-mF639zYYhQ6+LZgIP33weVdOmLbY7GHAhK+XsIFEEqU=", "narHash": "sha256-mF639zYYhQ6+LZgIP33weVdOmLbY7GHAhK+XsIFEEqU=",
@ -1138,7 +1261,7 @@
"overviewer": { "overviewer": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"pandoc_template": "pandoc_template" "pandoc_template": "pandoc_template"
}, },
"locked": { "locked": {
@ -1211,7 +1334,7 @@
"polygon-art": { "polygon-art": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1688766095, "lastModified": 1688766095,
@ -1285,8 +1408,9 @@
"kmonad": "kmonad", "kmonad": "kmonad",
"landingpage": "landingpage", "landingpage": "landingpage",
"nixinate": "nixinate", "nixinate": "nixinate",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-fmt": "nixpkgs-fmt", "nixpkgs-fmt": "nixpkgs-fmt",
"nixpkgs-legacy_2105": "nixpkgs-legacy_2105", "nixpkgs-legacy_2105": "nixpkgs-legacy_2105",
"nixpkgs-legacy_2205": "nixpkgs-legacy_2205", "nixpkgs-legacy_2205": "nixpkgs-legacy_2205",
@ -1401,7 +1525,7 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
@ -1420,7 +1544,7 @@
}, },
"srvos": { "srvos": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1708003942, "lastModified": 1708003942,
@ -1536,6 +1660,27 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702376629,
"narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"ts-fold": { "ts-fold": {
"flake": false, "flake": false,
"locked": { "locked": {

4
flake.nix
View file

@ -13,6 +13,8 @@
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -98,6 +100,7 @@
, kmonad , kmonad
, landingpage , landingpage
, nixinate , nixinate
, nixos-anywhere
, nixos-hardware , nixos-hardware
, nixpkgs , nixpkgs
, nixpkgs-fmt , nixpkgs-fmt
@ -287,6 +290,7 @@
pkgs.mkShell { pkgs.mkShell {
buildInputs = [ buildInputs = [
nixpkgs-fmt.defaultPackage.${system} nixpkgs-fmt.defaultPackage.${system}
nixos-anywhere.packages.${system}.nixos-anywhere
]; ];
}; };

1
nixos/machines/orbi/configuration.nix
View file

@ -73,4 +73,5 @@
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4 # head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "5bb982a6"; networking.hostId = "5bb982a6";
} }

176
nixos/machines/orbi/disko-config.nix
View file

@ -17,65 +17,87 @@ in
disko.devices = { disko.devices = {
disk = disk =
lib.genAttrs disks (disk: { lib.genAttrs disks (disk: {
name = disk; #name = disk;
type = "disk"; type = "disk";
device = "/dev/${disk}"; device = "/dev/${disk}";
content = { content = {
type = "table"; #type = "table";
format = "gpt"; type = "gpt";
partitions = [ partitions = {
{ boot = {
name = "ESP"; #start = "0";
start = "0"; #end = "1M";
end = "500MiB"; size = "1M";
bootable = true; type = "EF02"; # for grub MBR
};
ESP = {
#start = "1M";
#end = "500M";
size = "500M";
type = "EF00";
# bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}"; # mountpoint = "/boot";
mountpoint = "/boot_${disk}";
mountOptions = [ "defaults" ]; mountOptions = [ "defaults" ];
}; };
}
{
name = "zfs";
start = "500MiB";
end = "500GiB";
content = {
type = "luks";
name = "root_${disk}";
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
keyFile = "/run/secret.key";
allowDiscards = true;
}; };
#{
# name = "ESP";
# start = "1M";
# end = "500MiB";
# bootable = true;
# content = {
# type = "filesystem";
# format = "vfat";
# mountpoint = "/boot_${disk}";
# mountOptions = [ "defaults" ];
# };
#}
root = {
#name = "zfs";
#start = "500M";
#end = "500G";
size = "500G";
# content = {
# type = "luks";
# name = "root_${disk}";
# settings = {
# # if you want to use the key for interactive login be sure there is no trailing newline
# # for example use `echo -n "password" > /run/secret.key`
# # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
# keyFile = "/run/secret.key";
# allowDiscards = true;
# };
content = { content = {
type = "zfs"; type = "zfs";
pool = "zroot"; pool = "zroot";
}; };
# };
}; };
} #media = {
{ # #name = "zfs";
name = "zfs"; # #start = "500G";
start = "500GiB"; # #end = "100%";
end = "100%"; # size = "100%";
content = { # # content = {
type = "luks"; # # type = "luks";
settings = { # # settings = {
# if you want to use the key for interactive login be sure there is no trailing newline # # # if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key` # # # for example use `echo -n "password" > /run/secret.key`
keyFile = "/run/secret.key"; # # keyFile = "/run/secret.key";
allowDiscards = true; # # allowDiscards = true;
# # };
# # name = "media_${disk}";
# content = {
# type = "zfs";
# pool = "zmedia";
# };
# # };
#};
}; };
name = "media_${disk}";
content = {
type = "zfs";
pool = "zmedia";
};
};
}
];
}; };
}); });
@ -111,39 +133,39 @@ in
}; };
# `zpool import -f zraid` once on the first boot and reboot # `zpool import -f zraid` once on the first boot and reboot
zmedia = { #zmedia = {
type = "zpool"; # type = "zpool";
rootFsOptions = { # rootFsOptions = {
mountpoint = "none"; # mountpoint = "none";
canmount = "off"; # canmount = "off";
}; # };
datasets = { # datasets = {
"media" = { # "media" = {
type = "zfs_fs"; # type = "zfs_fs";
mountpoint = "/media"; # mountpoint = "/media";
options = { # options = {
mountpoint = "legacy"; # mountpoint = "legacy";
compression = "lz4"; # compression = "lz4";
#"com.sun:auto-snapshot:daily" = false; # #"com.sun:auto-snapshot:daily" = false;
#"com.sun:auto-snapshot:weekly" = false; # #"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false; # #"com.sun:auto-snapshot:monthly" = false;
}; # };
}; # };
# todo make sure this disk has some minimum space # # todo make sure this disk has some minimum space
"nextcloud" = { # "nextcloud" = {
type = "zfs_fs"; # type = "zfs_fs";
mountpoint = "/var/lib/nextcloud"; # mountpoint = "/var/lib/nextcloud";
options = { # options = {
mountpoint = "legacy"; # mountpoint = "legacy";
compression = "lz4"; # compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true; # "com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true; # "com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = false; # #"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false; # #"com.sun:auto-snapshot:monthly" = false;
}; # };
}; # };
}; # };
}; #};
}; };
}; };

15
nixos/machines/orbi/hardware-configuration.nix
View file

@ -1,18 +1,3 @@
## Do not modify this file! It was generated by nixos-generate-config
## and may be overwritten by future invocations. Please make changes
## to /etc/nixos/configuration.nix instead.
#{ config, lib, pkgs, modulesPath, ... }:
#
#{
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
#
# boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
# boot.initrd.kernelModules = [ "dm-snapshot" ];
# boot.kernelModules = [ "kvm-intel" ];
# boot.extraModulePackages = [ ];
#
#}
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.

40
nixos/machines/orbi/hetzner.nix
View file

@ -27,12 +27,6 @@ let
in in
{ {
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# needed lvm for raid # needed lvm for raid
#boot.initrd.kernelModules = [ ]; #boot.initrd.kernelModules = [ ];
boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass"; boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
@ -45,12 +39,12 @@ in
boot.loader.systemd-boot.enable = false; boot.loader.systemd-boot.enable = false;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
efiSupport = false; efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
}; };
boot.loader.grub.mirroredBoots = [ #boot.loader.grub.mirroredBoots = [
{ path = "/boot"; devices = [ "/dev/sda" ]; } # { path = "/boot_sda"; devices = [ "/dev/sda" ]; }
{ path = "/boot_sda"; devices = [ "/dev/sdb" ]; } # { path = "/boot_sdb"; devices = [ "/dev/sdb" ]; }
]; #];
networking.hostName = hostName; networking.hostName = hostName;
@ -91,18 +85,18 @@ in
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" # "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
#]; #];
boot.kernelParams = [ "ip=dhcp" ]; #boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.availableKernelModules = [ networkInterfaceModule ]; #boot.initrd.availableKernelModules = [ networkInterfaceModule ];
boot.initrd.network.enable = true; #boot.initrd.network.enable = true;
boot.initrd.network.ssh = { #boot.initrd.network.ssh = {
enable = true; # enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; # authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222; # port = 2222;
hostKeys = [ # hostKeys = [
/etc/ssh/ssh_host_rsa_key # /etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ed25519_key # /etc/ssh/ssh_host_ed25519_key
]; # ];
}; #};
} }