From 44af1810734f824e49e40cb9d78d97ac9e0f5bd4 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Sun, 18 Dec 2022 15:31:07 +0100 Subject: [PATCH] Installer configuration and baldur boot --- baldur/configuration.nix | 12 ++++++- flake.lock | 50 +++++++---------------------- flake.nix | 64 ++++++++++++++++++------------------- nixos_modules/installer.nix | 13 ++++++++ 4 files changed, 67 insertions(+), 72 deletions(-) create mode 100644 nixos_modules/installer.nix diff --git a/baldur/configuration.nix b/baldur/configuration.nix index 50dc97e..2a2faee 100644 --- a/baldur/configuration.nix +++ b/baldur/configuration.nix @@ -1,7 +1,17 @@ { pkgs, lib, ... }: with lib; { - boot.loader.systemd-boot.enable = true; + boot = { + growPartition = true; + kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; + initrd.kernelModules = [ "virtio_scsi" ]; + kernelModules = [ "virtio_pci" "virtio_net" ]; + loader = { + grub.device = "/dev/vda"; + timeout = 0; + grub.configurationLimit = 0; + }; + }; # boot = { # # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; diff --git a/flake.lock b/flake.lock index 6caaf5b..f8f1559 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,9 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { @@ -151,7 +153,9 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1671355134, @@ -184,16 +188,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1648219316, - "narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=", + "lastModified": 1670939335, + "narHash": "sha256-AJmruD+RI6smxiVnfpmNT7275mZsUdCS5zczeQCyy3o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634", + "rev": "8d6da33644bbd082b8a13f73ea2c7338190d7429", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "release-22.11", "repo": "nixpkgs", "type": "github" } @@ -230,38 +234,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1637186689, - "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1670939335, - "narHash": "sha256-AJmruD+RI6smxiVnfpmNT7275mZsUdCS5zczeQCyy3o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8d6da33644bbd082b8a13f73ea2c7338190d7429", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-utils": [ @@ -321,7 +293,7 @@ "nix-rice": "nix-rice", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "nixpkgs-u": "nixpkgs-u", "pre-commit-hooks": "pre-commit-hooks_2" } diff --git a/flake.nix b/flake.nix index e9cbce4..b13f5c2 100644 --- a/flake.nix +++ b/flake.nix @@ -12,22 +12,12 @@ # url = "github:nix-community/home-manager"; # inputs.nixpkgs.follows = "nixpkgs-u"; # }; - deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs = { url = "github:serokell/deploy-rs"; inputs = { nixpkgs.follows = "nixpkgs"; }; }; flake-utils.url = "github:numtide/flake-utils"; - nixos-generators.url = "github:nix-community/nixos-generators"; + nixos-generators = { url = "github:nix-community/nixos-generators"; inputs = { nixpkgs.follows = "nixpkgs"; }; }; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nix-rice = { - url = "github:bertof/nix-rice"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - pre-commit-hooks = { - url = "github:cachix/pre-commit-hooks.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; + nix-rice = { url = "github:bertof/nix-rice"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; }; }; + pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; }; }; }; outputs = @@ -37,11 +27,10 @@ , home-manager , deploy-rs , flake-utils - , # , nixos-generators - nixos-hardware + , nixos-generators + , nixos-hardware , nix-rice , pre-commit-hooks - , nixos-generators , ... }: let @@ -107,6 +96,7 @@ shellHook = '' ${self.checks.${system}.pre-commit-check.shellHook} ''; + LOCAL_KEY = "/etc/nix/key"; }; }); @@ -214,6 +204,7 @@ modules = commonModules ++ [ ./baldur/hardware-configuration.nix ./baldur/configuration.nix + ./nixos_modules/digitalocean.nix # { home-manager.users.bertof = import ./baldur/hm.nix; } ]; @@ -249,26 +240,35 @@ path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki; }; }; + + baldur = { + hostname = "164.90.208.134"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.baldur; + }; + }; }; }; - images = with flake-utils.lib; eachSystem [ system.x86_64-linux system.aarch64-linux ] (system: { - packages = { - # Installer ISO - install-iso = nixos-generators.nixosGenerate { - inherit system; - modules = commonModules ++ [{ services.openssh = { enable = true; openFirewall = true; }; }]; - format = "install-iso"; - }; + images = with flake-utils.lib; eachSystem [ system.x86_64-linux system.aarch64-linux ] (system: + { + packages = { + # Installer ISO + install-iso = nixos-generators.nixosGenerate { + inherit system; + modules = commonModules ++ [ ./nixos_modules/installer.nix ]; + format = "install-iso"; + }; - # Installer DigitalOcean - do = nixos-generators.nixosGenerate { - inherit system; - modules = commonModules ++ [{ services.openssh = { enable = true; openFirewall = true; }; }]; - format = "do"; + # Installer DigitalOcean + do = nixos-generators.nixosGenerate { + inherit system; + modules = commonModules ++ [ ./nixos_modules/installer.nix ]; + format = "do"; + }; }; - }; - }); + }); in builtins.foldl' nixpkgs.lib.recursiveUpdate { } [ diff --git a/nixos_modules/installer.nix b/nixos_modules/installer.nix new file mode 100644 index 0000000..30ea565 --- /dev/null +++ b/nixos_modules/installer.nix @@ -0,0 +1,13 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + permitRootLogin = "prohibit-password"; + passwordAuthentication = false; + }; + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" + ]; + }; +}