Add Nodens, a VM to install NixOS VMs

This commit is contained in:
Gonne 2024-11-29 11:55:58 +01:00
parent ac85711356
commit 717f91028f
5 changed files with 84 additions and 24 deletions

View file

@ -94,7 +94,7 @@ In any case, to switch the system configuration you will need to have root privi
## Installing a new machine ## Installing a new machine
You have written a configuration and now want to deploy it as a new machine. You need to get the build configuration on the You have written a configuration and now want to deploy it as a new machine. You need to get the build configuration on the
`nixos-installer` machine (regarding this machine see issue [#10]). You can either use either any of the `nodens` machine. You can either use either any of the
versions above, or just continue then the machine will build the configuration implicitly. versions above, or just continue then the machine will build the configuration implicitly.
### Disk layout ### Disk layout
@ -111,22 +111,14 @@ reflect those.
- `"/boot"` the place for bootloader configuration and kernel also persistent - `"/boot"` the place for bootloader configuration and kernel also persistent
- any additional data paths for your machine specific needs. Choose filesystems accordingly. - any additional data paths for your machine specific needs. Choose filesystems accordingly.
My recommendation is to put `"/persist"` and `"/nix"` on a joint btrfs as subvolumes and `"/boot"` on separate disks (because grub My recommendation is to put `"/persist"` and `"/nix"` on a joint btrfs labelled `nixos` as subvolumes and `"/boot"` on a separate disk labelled `boot` (because grub
will give you a hard time if you do it as a subvolume or bind mount (even though that should be possible but is an upstream problem)). will give you a hard time if you do it as a subvolume or bind mount (even though that should be possible but is an upstream problem)).
For how to configure additional persistent data For how to configure additional persistent data to be stored in `"/persist"` look at the impermanence section.
to be stored in `"/persist"` look at the impermanence section as soon it is merged. Before this look at issue [#9].
I do not recommend this for actual high access application data like databases mailboxes and things like it. You should I do not recommend this for actual high access application data like databases mailboxes and things like it. You should
think about this as data that if lost can be regenerated with only little problems and read/written only a few times think about this as data that if lost can be regenerated with only little problems and read/written only a few times
during setup. (Like the server ssh keys for example). The configuration also setups some paths for `"/persist"` automatically, during setup. (Like the server ssh keys for example). The configuration also setups some paths for `"/persist"` automatically,
again look at the impermanence sections. again look at the impermanence sections.
#### File system uuids
You might end with a bit of a chicken/egg problem regarding filesystem uuids. See you need to set them in your system configuration.
There are two ways around that. Either generate the filesystems read out the uuids, and push them into the repository holding
the configuration you want to build, or generate the uuids first, have them in your configuration and set them upon filesystem creation. Most
`mkfs` utilities have an option for that.
### Installing ### Installing
Just run Just run
@ -151,13 +143,16 @@ A good skeleton is probably:
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../roles ../../roles
./network.nix ../../roles/vm.nix
../../vmNetwork.nix
<your additional imports here> <your additional imports here>
]; ];
<your system config here> <your system config here>
vmNetwork.ipv4 = "192.168.0.XX";
networking.hostname = "<your hostname>"; # this will hopefully disappear if I have time to refactor this. networking.hostname = "<your hostname>"; # this will hopefully disappear if I have time to refactor this.
system.stateVersion = "<state version at time of install>"; system.stateVersion = "<state version at time of install>";
} }
@ -173,9 +168,6 @@ The `flake-inputs` argument is optional, but you can use it if you need to get a
else this is a complete normal nixos system configuration module (with a lot of settings already imorted else this is a complete normal nixos system configuration module (with a lot of settings already imorted
from `../../roles`). from `../../roles`).
As of moment of writing `network.nix` should contain ip, nameserver and default gateway setup. As parts of
this is constant across all systems and will undergo refactor soon.
I would recommend to split your configuration into small files you import. If this is something machine specific (like I would recommend to split your configuration into small files you import. If this is something machine specific (like
tied to your ip address hostname), put it into the machine directory. If it is not, put it into `/nixos/roles/` if it tied to your ip address hostname), put it into the machine directory. If it is not, put it into `/nixos/roles/` if it
is not but has options to set, put it in `/nixos/modules`. is not but has options to set, put it in `/nixos/modules`.
@ -202,14 +194,12 @@ network configuration. And service configuration that are too closely interwoven
mailserver configuration depends heavily on network settings). It also mailserver configuration depends heavily on network settings). It also
contains the root configuration for that machine called `configuration.nix`. This file usually only includes other modules. contains the root configuration for that machine called `configuration.nix`. This file usually only includes other modules.
These `configuration.nix` files are almost usual nix configurations. The only difference is that they take as an extra argument These `configuration.nix` files are almost usual nix configurations. The only difference is that they take as an extra argument
the flake inputs. This allows them to load modules from these flakes. For example, nyarlathotep loads the simple-nixos-mailserver the flake inputs. This allows them to load modules from these flakes. For example, lobon loads the mathebau-mailman module that way.
module that way.
#### roles #### roles
`nixos/roles` contains configuration that is potentially shared by some machines. It is expected that `nixos/roles/default.nix` `nixos/roles` contains configuration that is potentially shared by some machines. It is expected that `nixos/roles/default.nix`
is imported as (`../../roles`) in every machine. Notable are the files `nixos/roles/admins.nix` which contains is imported as (`../../roles`) in every machine. Notable are the files `nixos/roles/admins.nix` which contains
common admin accounts for these machines and `nixos/roles/nix_keys.nix` which contains the additional trusted common admin accounts for these machines and the additional trusted keys for the nix store.
keys for the nix store.
## sops ## sops
@ -289,7 +279,7 @@ by the circumstances or by the person that didn't run fast enough. So we are hap
mean that we don't need to have some level of quality, people after us needs to work with it. It is live infrastructure mean that we don't need to have some level of quality, people after us needs to work with it. It is live infrastructure
and downtime hurts someone (and in the wrong moment even really bad (Matheball ticket sales for example)). and downtime hurts someone (and in the wrong moment even really bad (Matheball ticket sales for example)).
So here are some Guidelines. So here are some guidelines.
## Coding style and linting. ## Coding style and linting.
If you run `nix flake check` there are automated checks in place, please make sure to pass them. If you run `nix flake check` there are automated checks in place, please make sure to pass them.

View file

@ -14,7 +14,13 @@
importedConfig = import (./. + "/machines/${name}/configuration.nix"); importedConfig = import (./. + "/machines/${name}/configuration.nix");
systemConfig = systemConfig =
if lib.isFunction importedConfig if lib.isFunction importedConfig
then x: importedConfig (x // {flake-inputs = inputs;}) then
x:
importedConfig (x
// {
flake-inputs = inputs;
inherit pkgs;
})
else importedConfig; else importedConfig;
in in
pkgs.nixos { pkgs.nixos {

View file

@ -7,17 +7,17 @@
options = ["size=1G" "mode=755"]; options = ["size=1G" "mode=755"];
}; };
fileSystems."/persist" = { fileSystems."/persist" = {
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; device = "/dev/disk/by-label/nixos";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=persist"]; options = ["subvol=persist"];
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7"; device = "/dev/disk/by-label/boot";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; device = "/dev/disk/by-label/nixos";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=nix"]; options = ["subvol=nix"];
}; };

View file

@ -0,0 +1,16 @@
{pkgs, ...}: {
imports = [
./hardware-configuration.nix
../../roles
../../roles/vm.nix
../../modules/vmNetwork.nix
];
# System configuration here
environment.systemPackages = [pkgs.git];
networking.hostName = "nodens";
vmNetwork.ipv4 = "192.168.0.18";
system.stateVersion = "24.11";
}

View file

@ -0,0 +1,48 @@
# A machine that exists to install other NixOS machines from some config
{
lib,
pkgs,
...
}: {
fileSystems."/" = {
device = "root";
fsType = "tmpfs";
options = ["size=1G" "mode=755"];
};
# Different than usual names in order to automount other VMs
fileSystems."/persist" = {
device = "/dev/disk/by-label/nixosNodens";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/bootNodens";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/nixosNodens";
fsType = "btrfs";
options = ["subvol=nix"];
};
#Machine to be installed
fileSystems."/mnt/persist" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=persist"];
};
fileSystems."/mnt/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "ext4";
};
fileSystems."/mnt/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix"];
};
swapDevices = [{device = "/dev/disk/by-uuid/89e13a83-506a-43b4-b06a-09424500ceda";}];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}