bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Installer configuration and baldur boot

Browse source
This commit is contained in:
Filippo Berto 2022-12-18 15:31:07 +01:00
parent fb2c2128d1
commit 44af181073
Signed by: bertof
GPG key ID: 9DBF7E6A1D2CE9ED
4 changed files with 67 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

12
baldur/configuration.nix
View file

@ -1,7 +1,17 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
with lib; { with lib; {
boot.loader.systemd-boot.enable = true; boot = {
growPartition = true;
kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
initrd.kernelModules = [ "virtio_scsi" ];
kernelModules = [ "virtio_pci" "virtio_net" ];
loader = {
grub.device = "/dev/vda";
timeout = 0;
grub.configurationLimit = 0;
};
};
# boot = { # boot = {
# # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; # # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];

50
flake.lock generated
View file

@ -3,7 +3,9 @@
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nixpkgs": "nixpkgs", "nixpkgs": [
"nixpkgs"
],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
@ -151,7 +153,9 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs_2" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1671355134, "lastModified": 1671355134,
@ -184,16 +188,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1648219316, "lastModified": 1670939335,
"narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=", "narHash": "sha256-AJmruD+RI6smxiVnfpmNT7275mZsUdCS5zczeQCyy3o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634", "rev": "8d6da33644bbd082b8a13f73ea2c7338190d7429",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "release-22.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -230,38 +234,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1637186689,
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1670939335,
"narHash": "sha256-AJmruD+RI6smxiVnfpmNT7275mZsUdCS5zczeQCyy3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8d6da33644bbd082b8a13f73ea2c7338190d7429",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -321,7 +293,7 @@
"nix-rice": "nix-rice", "nix-rice": "nix-rice",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs",
"nixpkgs-u": "nixpkgs-u", "nixpkgs-u": "nixpkgs-u",
"pre-commit-hooks": "pre-commit-hooks_2" "pre-commit-hooks": "pre-commit-hooks_2"
} }

64
flake.nix
View file

@ -12,22 +12,12 @@
# url = "github:nix-community/home-manager"; # url = "github:nix-community/home-manager";
# inputs.nixpkgs.follows = "nixpkgs-u"; # inputs.nixpkgs.follows = "nixpkgs-u";
# }; # };
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs = { url = "github:serokell/deploy-rs"; inputs = { nixpkgs.follows = "nixpkgs"; }; };
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
nixos-generators.url = "github:nix-community/nixos-generators"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs = { nixpkgs.follows = "nixpkgs"; }; };
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
nix-rice = { nix-rice = { url = "github:bertof/nix-rice"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; }; };
url = "github:bertof/nix-rice"; pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; }; };
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
}; };
outputs = outputs =
@ -37,11 +27,10 @@
, home-manager , home-manager
, deploy-rs , deploy-rs
, flake-utils , flake-utils
, # , nixos-generators , nixos-generators
nixos-hardware , nixos-hardware
, nix-rice , nix-rice
, pre-commit-hooks , pre-commit-hooks
, nixos-generators
, ... , ...
}: }:
let let
@ -107,6 +96,7 @@
shellHook = '' shellHook = ''
${self.checks.${system}.pre-commit-check.shellHook} ${self.checks.${system}.pre-commit-check.shellHook}
''; '';
LOCAL_KEY = "/etc/nix/key";
}; };
}); });
@ -214,6 +204,7 @@
modules = commonModules ++ [ modules = commonModules ++ [
./baldur/hardware-configuration.nix ./baldur/hardware-configuration.nix
./baldur/configuration.nix ./baldur/configuration.nix
./nixos_modules/digitalocean.nix ./nixos_modules/digitalocean.nix
# { home-manager.users.bertof = import ./baldur/hm.nix; } # { home-manager.users.bertof = import ./baldur/hm.nix; }
]; ];
@ -249,26 +240,35 @@
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki; path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki;
}; };
}; };
baldur = {
hostname = "164.90.208.134";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.baldur;
};
};
}; };
}; };
images = with flake-utils.lib; eachSystem [ system.x86_64-linux system.aarch64-linux ] (system: { images = with flake-utils.lib; eachSystem [ system.x86_64-linux system.aarch64-linux ] (system:
packages = { {
# Installer ISO packages = {
install-iso = nixos-generators.nixosGenerate { # Installer ISO
inherit system; install-iso = nixos-generators.nixosGenerate {
modules = commonModules ++ [{ services.openssh = { enable = true; openFirewall = true; }; }]; inherit system;
format = "install-iso"; modules = commonModules ++ [ ./nixos_modules/installer.nix ];
}; format = "install-iso";
};
# Installer DigitalOcean # Installer DigitalOcean
do = nixos-generators.nixosGenerate { do = nixos-generators.nixosGenerate {
inherit system; inherit system;
modules = commonModules ++ [{ services.openssh = { enable = true; openFirewall = true; }; }]; modules = commonModules ++ [ ./nixos_modules/installer.nix ];
format = "do"; format = "do";
};
}; };
}; });
});
in in
builtins.foldl' nixpkgs.lib.recursiveUpdate { } [ builtins.foldl' nixpkgs.lib.recursiveUpdate { } [

13
nixos_modules/installer.nix Normal file
View file

@ -0,0 +1,13 @@
{
services.openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W"
];
};
}