From cfffd4b3b8946182daa1f40a2de5769a1d227d20 Mon Sep 17 00:00:00 2001 From: Gonne Date: Fri, 1 Dec 2023 12:39:11 +0100 Subject: [PATCH 1/3] nix flake update --- flake.lock | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index f6b3be5..118e9e2 100644 --- a/flake.lock +++ b/flake.lock @@ -21,11 +21,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1698882062, - "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1695910380, - "narHash": "sha256-CyzeiXQGm8ceEOSK1dffBCfO7JNp8XhQeNkUiJ5HxgY=", - "ref": "master", - "rev": "84783b661ecf33927c534b6476beb74ea3308968", - "revCount": 572, + "lastModified": 1700085753, + "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=", + "ref": "refs/heads/master", + "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae", + "revCount": 573, "type": "git", "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" }, @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699099776, - "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", + "lastModified": 1702151865, + "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", + "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", "type": "github" }, "original": { @@ -138,11 +138,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", "type": "github" }, "original": { @@ -155,11 +155,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1699110214, - "narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=", + "lastModified": 1702148972, + "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee", + "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227", "type": "github" }, "original": { @@ -178,11 +178,11 @@ "nixpkgs-stable": [] }, "locked": { - "lastModified": 1699271226, - "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", + "lastModified": 1702325376, + "narHash": "sha256-biLGx2LzU2+/qPwq+kWwVBgXs3MVYT1gPa0fCwpLplU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", + "rev": "e1d203c2fa7e2593c777e490213958ef81f71977", "type": "github" }, "original": { @@ -209,11 +209,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1699252567, - "narHash": "sha256-WCzEBCu17uXilT9OZ3XSy/c4Gk/j3L7AUxBRHzNlQ4Y=", + "lastModified": 1702177193, + "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "0a9d5e41f6013a1b8b66573822f9beb827902968", + "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9", "type": "github" }, "original": { From 0e1c7651a7f8bfd97cfb5f9fc61469c736a6141e Mon Sep 17 00:00:00 2001 From: Gonne Date: Mon, 18 Dec 2023 17:52:53 +0100 Subject: [PATCH 2/3] Differentiate hardware and vms in roles --- nixos/roles/default.nix | 4 ++-- nixos/roles/hardware.nix | 10 ++++++++++ nixos/roles/vm.nix | 8 ++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 nixos/roles/hardware.nix create mode 100644 nixos/roles/vm.nix diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index 60284a7..155e259 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -2,15 +2,15 @@ pkgs, lib, modulesPath, + vm ? true, ... }: { imports = [ ./admins.nix ./nix_keys.nix ./prometheusNodeExporter.nix - (modulesPath + "/virtualisation/xen-domU.nix") ../modules/impermanence.nix - ]; + ] ++ (if vm then [./vm.nix] else [./hardware.nix]); nix = { extraOptions = '' experimental-features = nix-command flakes diff --git a/nixos/roles/hardware.nix b/nixos/roles/hardware.nix new file mode 100644 index 0000000..ae7d2db --- /dev/null +++ b/nixos/roles/hardware.nix @@ -0,0 +1,10 @@ +{ + ... +}: { + imports = [ + ]; + + # Bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/nixos/roles/vm.nix b/nixos/roles/vm.nix new file mode 100644 index 0000000..45a995e --- /dev/null +++ b/nixos/roles/vm.nix @@ -0,0 +1,8 @@ +{ + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/virtualisation/xen-domU.nix") + ]; +} From 82d46c73526dd641ffb1db59eec24f6a06f353d1 Mon Sep 17 00:00:00 2001 From: Gonne Date: Mon, 18 Dec 2023 17:55:00 +0100 Subject: [PATCH 3/3] Create backuphost Bragi --- nixos/machines/bragi/configuration.nix | 11 +++++++ .../machines/bragi/hardware-configuration.nix | 30 +++++++++++++++++++ nixos/machines/bragi/network.nix | 16 ++++++++++ 3 files changed, 57 insertions(+) create mode 100644 nixos/machines/bragi/configuration.nix create mode 100644 nixos/machines/bragi/hardware-configuration.nix create mode 100644 nixos/machines/bragi/network.nix diff --git a/nixos/machines/bragi/configuration.nix b/nixos/machines/bragi/configuration.nix new file mode 100644 index 0000000..1f6ac2c --- /dev/null +++ b/nixos/machines/bragi/configuration.nix @@ -0,0 +1,11 @@ +{ ... }@args :{ + imports = [ + ./hardware-configuration.nix + (import ../../roles/default.nix (args // {vm=false;})) + ./network.nix + ]; + + # System configuration here + networking.hostName = "bragi"; + system.stateVersion = "23.11"; +} diff --git a/nixos/machines/bragi/hardware-configuration.nix b/nixos/machines/bragi/hardware-configuration.nix new file mode 100644 index 0000000..13a0333 --- /dev/null +++ b/nixos/machines/bragi/hardware-configuration.nix @@ -0,0 +1,30 @@ +{lib, ...}: { + imports = []; + + fileSystems."/" = { + device = "gha-root"; + fsType = "tmpfs"; + options = ["size=1G" "mode=755"]; + }; + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/"; #TODO + fsType = "btrfs"; + options = ["subvol=persist"]; + neededForBoot = true; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/"; #TODO + fsType = "ext4"; + }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/"; #TODO + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + swapDevices = [{device = "/dev/disk/by-uuid/";}]; #TODO + + nix.settings.max-jobs = lib.mkDefault 4; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/machines/bragi/network.nix b/nixos/machines/bragi/network.nix new file mode 100644 index 0000000..88b395a --- /dev/null +++ b/nixos/machines/bragi/network.nix @@ -0,0 +1,16 @@ +# We sohuld put that config somewhere in roles and give it a parameter or something, +# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways +# depend on the same thing +{ + imports = []; + networking = { + interfaces.enp4s0f1.ipv4.addresses = [ + { + address = "192.168.1.11"; + prefixLength = 24; + } + ]; + defaultGateway = "192.168.1.137"; + nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"]; + }; +}