From 4608d5a65fca787a80b303fd5948e40e678dc032 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Fri, 22 Sep 2023 15:09:01 +0200 Subject: [PATCH 1/9] added sensible credentials to nerf user --- nixos/roles/admins.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 nixos/roles/admins.nix diff --git a/nixos/roles/admins.nix b/nixos/roles/admins.nix new file mode 100644 index 0000000..4f189e0 --- /dev/null +++ b/nixos/roles/admins.nix @@ -0,0 +1,30 @@ +{lib, ...} : +with lib; + +let + admins = { + nerf = { + hashedPassword = + "$6$rounds=424242$FaEtIXMUScxgAYyF$Fl8GbPFgiEv.1iwrhtVpTixG1BTJys3aIfLyTzocQYZV4JymrYEXtnyCTURmVDe8stxbxgDutmtlyElfn1DQc/"; + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2" + ]; + }; + }; + + mkAdmin = name : + {hashedPassword, keys}: { + "${name}" = { + isNormalUser = true; + createHome = true; + extraGroups = [ "wheel" ]; + group = "users"; + home = "/home/${name}"; + openssh.authorizedKeys = { inherit keys; }; + inherit hashedPassword; + }; + }; + +in { + users.users = mkMerge (mapAttrsToList mkAdmin admins); +} From f9672df9cd866b6d893f2e83335c65f74f3ad1bd Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Mon, 12 Jun 2023 08:37:49 +0200 Subject: [PATCH 2/9] first working steps on nyarlathotep --- nixos/machines/nyarlathotep/configuration.nix | 7 +++ nixos/machines/nyarlathotep/mail.nix | 46 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 nixos/machines/nyarlathotep/configuration.nix create mode 100644 nixos/machines/nyarlathotep/mail.nix diff --git a/nixos/machines/nyarlathotep/configuration.nix b/nixos/machines/nyarlathotep/configuration.nix new file mode 100644 index 0000000..b2714bb --- /dev/null +++ b/nixos/machines/nyarlathotep/configuration.nix @@ -0,0 +1,7 @@ +flake-inputs: +{config, pkgs, lib, ... }: { + +imports = [(import ./mail.nix flake-inputs)]; + +# System configuration here +} diff --git a/nixos/machines/nyarlathotep/mail.nix b/nixos/machines/nyarlathotep/mail.nix new file mode 100644 index 0000000..ebf1d38 --- /dev/null +++ b/nixos/machines/nyarlathotep/mail.nix @@ -0,0 +1,46 @@ +flake-inputs: +{pkgs, config, lib, ...}: { + imports = [flake-inputs.nixos-mailserver.nixosModule]; + + mailserver = { + enable = true; + debug = true; # TODO disable + fqdn = "mathebau.de"; + sendingFqdn = "fb04184.mathematik.tu-darmstadt.de"; + domains = [ + "mathebau.de" + "lists.mathebau.de" + ]; + # forwards = #TODO + # loginAccounts = #TODO + # extraVirtualAliases = # TODO # only for local things (maybe don't use?) + certificateDomains = ["imap.mathebau.de"]; + # certificateScheme = "manual"; # Do we need CERTS? We don't want to run a webmailer YES IMAP!! + # certificateFile = #TODO + # keyFile = #TODO + + enableSubmission = false; # no starttls smtp + + # Fun dovecot stuff : + + # mailDirectory = "/var/vmail/"; # directory to store mail leave at default. + + hierarchySeparator = "/"; # seperator for imap mailboxes from client view + + # Caching of search indices + indexDir = "/var/lib/dovecot/indices"; + fullTextSearch = { + enforced = "body"; # only brute force headers if no search index is available + }; + lmtpSaveToDetailMailbox = "no"; + # no starttls + enableImap = false; + + + # TODO checkout redis `config.services.redis.servers.rspamd.` + + # TODO + # borgbackup = { + # }; + }; +} From 2b0eec7dbf8727ece90dd7d7599b3c76302cc908 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Fri, 22 Sep 2023 14:20:11 +0200 Subject: [PATCH 3/9] added actual hardware identifiers & atual network config --- nixos/machines/.gitkeep | 0 nixos/machines/nyarlathotep/boot.nix | 8 +++ nixos/machines/nyarlathotep/configuration.nix | 10 +++- .../nyarlathotep/hardware-configuration.nix | 24 +++++++++ nixos/machines/nyarlathotep/mail.nix | 4 +- nixos/machines/nyarlathotep/network.nix | 15 ++++++ nixos/roles/default.nix | 49 +++++++++++++++++++ 7 files changed, 107 insertions(+), 3 deletions(-) delete mode 100644 nixos/machines/.gitkeep create mode 100644 nixos/machines/nyarlathotep/boot.nix create mode 100644 nixos/machines/nyarlathotep/hardware-configuration.nix create mode 100644 nixos/machines/nyarlathotep/network.nix create mode 100644 nixos/roles/default.nix diff --git a/nixos/machines/.gitkeep b/nixos/machines/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/nixos/machines/nyarlathotep/boot.nix b/nixos/machines/nyarlathotep/boot.nix new file mode 100644 index 0000000..745f410 --- /dev/null +++ b/nixos/machines/nyarlathotep/boot.nix @@ -0,0 +1,8 @@ +{ + imports = [ ]; + boot.loader.grub = { + device = "nodev"; + enable = true; + }; +} + diff --git a/nixos/machines/nyarlathotep/configuration.nix b/nixos/machines/nyarlathotep/configuration.nix index b2714bb..1a0e12a 100644 --- a/nixos/machines/nyarlathotep/configuration.nix +++ b/nixos/machines/nyarlathotep/configuration.nix @@ -1,7 +1,15 @@ flake-inputs: {config, pkgs, lib, ... }: { -imports = [(import ./mail.nix flake-inputs)]; +imports = [ + ./hardware-configuration.nix + (import ./mail.nix flake-inputs) + ../../roles + ./boot.nix + ./network.nix +]; # System configuration here + + system.stateVersion = "23.11"; } diff --git a/nixos/machines/nyarlathotep/hardware-configuration.nix b/nixos/machines/nyarlathotep/hardware-configuration.nix new file mode 100644 index 0000000..078d8e1 --- /dev/null +++ b/nixos/machines/nyarlathotep/hardware-configuration.nix @@ -0,0 +1,24 @@ +{config, lib, pkgs, modulesPath, ...}: { + imports = [ ]; + + boot.initrd.availableKernelModules = + [ "ata_piix" "sr_mod" "xen_bklfront" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/a72da670-f631-49b1-bcb3-6d378cc1f2d0"; + fsType = "ext4"; + }; + fileSystems."/var/mail" = { + device = "/dev/disk/by-uuid/23c44c93-5035-4e29-9e46-75c1c08f4cea"; + fsType = "ext4"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/8bc30d17-3c08-4648-ab18-8c723523be1a"; }]; + + nix.settings.max-jobs = lib.mkDefault 4; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/machines/nyarlathotep/mail.nix b/nixos/machines/nyarlathotep/mail.nix index ebf1d38..a954a5d 100644 --- a/nixos/machines/nyarlathotep/mail.nix +++ b/nixos/machines/nyarlathotep/mail.nix @@ -23,12 +23,12 @@ flake-inputs: # Fun dovecot stuff : - # mailDirectory = "/var/vmail/"; # directory to store mail leave at default. + mailDirectory = "/var/mail/vmail/"; # directory to store mail hierarchySeparator = "/"; # seperator for imap mailboxes from client view # Caching of search indices - indexDir = "/var/lib/dovecot/indices"; + indexDir = "/var/mail/lib/dovecot/indices"; fullTextSearch = { enforced = "body"; # only brute force headers if no search index is available }; diff --git a/nixos/machines/nyarlathotep/network.nix b/nixos/machines/nyarlathotep/network.nix new file mode 100644 index 0000000..3641375 --- /dev/null +++ b/nixos/machines/nyarlathotep/network.nix @@ -0,0 +1,15 @@ +# We sohuld put that config somewhere in roles and give it a parameter or something, +# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways +# depend on the same thing +{ + imports = [ ]; + networking = { + interfaces.enX0.ipv4.addresses = [ { + addresses = "192.168.0.28"; + prefixLength = 16; + } ]; + defaultGateway = "192.168.0.155"; + nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"]; + }; +} + diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix new file mode 100644 index 0000000..6a6fe3d --- /dev/null +++ b/nixos/roles/default.nix @@ -0,0 +1,49 @@ +{pkgs, config, lib, ...} : { + +imports = [ ./admins.nix ]; +nix = { + extraOptions = '' + experimental-features = nix-command flakes + builders-use-substitutes = true + ''; +}; + +networking = { + firewall = { # these shoud be default, but better make sure! + enable = true; + allowPing = true; + }; + nftables.enable = true; + useDHCP = false; # We don't speak DHCP and even if we would, we should enable it per interface + # hosts = # TODO write something to autogenerate ip adresses! +}; + +users = { + mutableUsers = false; +}; + +environment = { + systemPackages = builtins.attrValues { + inherit (pkgs) + htop lsof tmux btop; + }; +}; + +services = { + journald.extraConfig = "SystemMaxUse=5G"; + + nginx = { + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedTlsSettings = true; + }; + + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; +}; +} From 10ec752fa6507f6b03b720c68d6550006a446836 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Fri, 22 Sep 2023 15:32:16 +0200 Subject: [PATCH 4/9] updated dependencies --- flake.lock | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 4f71017..64650eb 100644 --- a/flake.lock +++ b/flake.lock @@ -21,11 +21,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1685662779, - "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "type": "github" }, "original": { @@ -39,14 +39,15 @@ "flake-compat": [], "nixpkgs": [], "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", "utils": "utils" }, "locked": { - "lastModified": 1686468558, - "narHash": "sha256-K69Ojlx3N8I6tRTZsrKFMIqK4yrnJ6/PjfKZi3wchYg=", + "lastModified": 1689976554, + "narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=", "ref": "refs/heads/master", - "rev": "290d00f6db4e80467013728819ad73dd4a394d9a", - "revCount": 554, + "rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e", + "revCount": 570, "type": "git", "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" }, @@ -57,11 +58,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686412476, - "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=", + "lastModified": 1695145219, + "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "21951114383770f96ae528d0ae68824557768e81", + "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", "type": "github" }, "original": { @@ -86,14 +87,29 @@ "type": "indirect" } }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1685564631, - "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=", + "lastModified": 1693471703, + "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a", + "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "type": "github" }, "original": { From fc1fb670612778337b2a24eba12149bd2d90e06f Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Fri, 22 Sep 2023 19:36:48 +0200 Subject: [PATCH 5/9] first running config (fingers crossed) --- nixos/machines/nyarlathotep/hardware-configuration.nix | 2 +- nixos/machines/nyarlathotep/network.nix | 2 +- nixos/roles/nix_keys.nix | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 nixos/roles/nix_keys.nix diff --git a/nixos/machines/nyarlathotep/hardware-configuration.nix b/nixos/machines/nyarlathotep/hardware-configuration.nix index 078d8e1..bc541e1 100644 --- a/nixos/machines/nyarlathotep/hardware-configuration.nix +++ b/nixos/machines/nyarlathotep/hardware-configuration.nix @@ -2,7 +2,7 @@ imports = [ ]; boot.initrd.availableKernelModules = - [ "ata_piix" "sr_mod" "xen_bklfront" ]; + [ "ata_piix" "sr_mod" "xen_blkfront" ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/nixos/machines/nyarlathotep/network.nix b/nixos/machines/nyarlathotep/network.nix index 3641375..b5389eb 100644 --- a/nixos/machines/nyarlathotep/network.nix +++ b/nixos/machines/nyarlathotep/network.nix @@ -5,7 +5,7 @@ imports = [ ]; networking = { interfaces.enX0.ipv4.addresses = [ { - addresses = "192.168.0.28"; + address = "192.168.0.28"; prefixLength = 16; } ]; defaultGateway = "192.168.0.155"; diff --git a/nixos/roles/nix_keys.nix b/nixos/roles/nix_keys.nix new file mode 100644 index 0000000..af3f21d --- /dev/null +++ b/nixos/roles/nix_keys.nix @@ -0,0 +1,4 @@ +{lib, ...} : + nix.settings.trusted-public-keys = [ + "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc=" + ]; From 23283f6141245c9bae7916be98864ce5786fce7c Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Fri, 22 Sep 2023 20:00:35 +0200 Subject: [PATCH 6/9] fixed small error in trusted nix keys handling --- nixos/roles/admins.nix | 2 +- nixos/roles/default.nix | 5 ++++- nixos/roles/nix_keys.nix | 4 +++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/nixos/roles/admins.nix b/nixos/roles/admins.nix index 4f189e0..43a86aa 100644 --- a/nixos/roles/admins.nix +++ b/nixos/roles/admins.nix @@ -5,7 +5,7 @@ let admins = { nerf = { hashedPassword = - "$6$rounds=424242$FaEtIXMUScxgAYyF$Fl8GbPFgiEv.1iwrhtVpTixG1BTJys3aIfLyTzocQYZV4JymrYEXtnyCTURmVDe8stxbxgDutmtlyElfn1DQc/"; + "$y$j9T$SJcjUIcs3JYuM5oyxfEQa/$tUBQT07FK4cb9xm.A6ZKVnFIPNOYMOKC6Dt6hadCuJ7"; keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2" ]; diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index 6a6fe3d..dcfab4f 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -1,6 +1,9 @@ {pkgs, config, lib, ...} : { -imports = [ ./admins.nix ]; +imports = [ + ./admins.nix + ./nix_keys.nix + ]; nix = { extraOptions = '' experimental-features = nix-command flakes diff --git a/nixos/roles/nix_keys.nix b/nixos/roles/nix_keys.nix index af3f21d..85c7835 100644 --- a/nixos/roles/nix_keys.nix +++ b/nixos/roles/nix_keys.nix @@ -1,4 +1,6 @@ -{lib, ...} : +{ + imports = [ ]; nix.settings.trusted-public-keys = [ "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc=" ]; +} From 9d0eb749287d1e9e793811759dfa29469ab706dc Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Fri, 22 Sep 2023 21:33:23 +0200 Subject: [PATCH 7/9] /var/mail is special OOOPS --- nixos/machines/nyarlathotep/hardware-configuration.nix | 2 +- nixos/machines/nyarlathotep/mail.nix | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/machines/nyarlathotep/hardware-configuration.nix b/nixos/machines/nyarlathotep/hardware-configuration.nix index bc541e1..81be995 100644 --- a/nixos/machines/nyarlathotep/hardware-configuration.nix +++ b/nixos/machines/nyarlathotep/hardware-configuration.nix @@ -10,7 +10,7 @@ device = "/dev/disk/by-uuid/a72da670-f631-49b1-bcb3-6d378cc1f2d0"; fsType = "ext4"; }; - fileSystems."/var/mail" = { + fileSystems."/var/vmail" = { device = "/dev/disk/by-uuid/23c44c93-5035-4e29-9e46-75c1c08f4cea"; fsType = "ext4"; }; diff --git a/nixos/machines/nyarlathotep/mail.nix b/nixos/machines/nyarlathotep/mail.nix index a954a5d..9eb7ce1 100644 --- a/nixos/machines/nyarlathotep/mail.nix +++ b/nixos/machines/nyarlathotep/mail.nix @@ -23,12 +23,13 @@ flake-inputs: # Fun dovecot stuff : - mailDirectory = "/var/mail/vmail/"; # directory to store mail + mailDirectory = "/var/vmail/vmail/"; # directory to store mail it was /var/mail/vmail but + # /var/mail ist special hierarchySeparator = "/"; # seperator for imap mailboxes from client view # Caching of search indices - indexDir = "/var/mail/lib/dovecot/indices"; + indexDir = "/var/vmail/lib/dovecot/indices"; fullTextSearch = { enforced = "body"; # only brute force headers if no search index is available }; From e1912d8538ced67c5a1ef4aac05431c089b8addd Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Sun, 24 Sep 2023 01:50:41 +0200 Subject: [PATCH 8/9] some documentation I wrote without proofreading at 2 in the morning --- README.md | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 03dc6fa..a09d76c 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,111 @@ # nixConfig ## Build a machine -### Local -If you want to build the machineconfiguration for machine -run +There are multiple ways to build and deploy a machine configuration. Which is the +most appropriate depends on the context and scenario. So first there will be a general +explanation how this works and afterwards we will talk about some scenarios. + +If you run `nix flake show` you should get an output similiar to this ``` -nix build .#nixosConfiguration..config.system.build.toplevel +$ nix flake show +git+file:///home/nerf/git/nixConfig?ref=refs%2fheads%2fnyarlathtop&rev=9d0eb749287d1e9e793811759dfa29469ab706dc +├───apps +│ └───x86_64-linux +├───checks +│ └───x86_64-linux +├───devShells +│ └───x86_64-linux +├───formatter +├───legacyPackages +│ └───x86_64-linux omitted (use '--legacy' to show) +├───nixosConfigurations +│ └───nyarlathotep: NixOS configuration +├───nixosModules +├───overlays +└───packages + └───x86_64-linux +``` +we can see there is an output callled `nixosConfigurations.nyarlathotep`. Which contains the config of the machine +called nyarlathotep. `nixosConfigurations` is special in that sense, that `nixos-rebuild` will automatically look +for this key and assume how it is structured. The interesting part for us is the derivation `config.system.build.toplevel`. +Its closure contains the whole system and the resulting derivation a script that changes the current system to +that derivation. (called `/bin/switch-to-configuration`). + +So what we want to archive is populate the nix store of the target machine with the closure of the derivation +`.#nixosConfigurations..config.system.build.toplevel` and run the the resulting script on the target machine. + + +### Local +It has multiple benefits to build the system config on the local computer and push it to the target server. +For example one doesn't stress the server with the load coming with evaluating the expression. Also the server +doesn't need to fetch the build dependencies this way. One has a local check if at least the nix syntax was correct. +And so on... + +#### Build +If you have this repository local in your current directory you can just run: +``` +$ nix build .#nixosConfigurations..config.system.build.toplevel ``` +But you don't need to clone this repository for more on flake urls see the `nix flake --help` documentation. + +#### Copy +After we build the derivation we need to get the closure onto the target system. Luckily nix has tools to do that +via ssh. We could just run: +``` +$ nix copy -s --to .#nixosConfigurations..config.system.build.toplevel +``` +we do not need the flake anymore, instead of specifying the derivation name we could also give the store path +directly. + +The `-s` is important it makes the target machine substitute all derivations it can (by default from chache.nixos.org). +So you only upload config files and self build things. + +To be able to copy things to a machine they need to be signed by someone trusted. Additional trusted nix keys are handled +in `./nixos/roles/nix_keys.nix`. So to get yourself trusted you either need to install one derivation from the machine itself, +or find someone who is already trusted. + +For more information on signing and key creation see `nix store sign --help` and `nix key --help`. + +#### Activate +Log into the remote machine and execute +``` +# /nix/store//bin/switch-to-configuration boot +``` +That will setup a configuration switch at reboot. You can also switch the configuration live. For more +details consider the `--help` output of that script. + + +If you have a `nixos-rebuild` available on your system it can automatize these things with the `--flake` and +`--target-host` parameters. But there are some pitfalls so look at the `nixos-rebuild` documentation beforehand. + ### On the machine -clone this repo to `/etc/nixos/` and `nixos-rebuild` that will select -the appropriate machine based on hostname +clone this repo to `/etc/nixos/` and `nixos-rebuild boot` or `nixos-rebuild switch` that will select +the appropriate machine based on hostname. + +If the hostname is not correct, or you don't want to clone this flake you can also use the `--flake` parameter. + +In any case, to switch the system configuration you will need to have root priviledges on the target machine. + + +## How this flake is organized + +This flake uses `flake-parts` see [flake.parts](https://flake.parts) for more details. It makes handling +`system` and some other moudles related things more convenient. +For the general layout of nixos system config and modules, please see the corresponding documentation. + +The toplevel `flake.nix` contains the flake inputs as usual and only calls a file `flake-module.nix` +this toplevel `flake-module.nix` imports further more specialiesed `flake-modules.nix` files from subdirectories. +Right now the only one is `nixos/flake-module.nix`. + +the `nixos` folder contains all machine configurations. It sepreates in two folders `nixos/machines` and `nixos/roles`. + +`nixos/machines` contains all machine specific configuration (in a subfolder per machine). Like hardware configuration, specific +network configuration. And service configuration that are too closely intervowen with the rest of that machine. It also +contains the root config for that machine called `configuration.nix`. This file usually only includes other modules. + +`nixos/roles` contains config that is pontentially shared by some machines. It is expected that `nixos/roles/default.nix` +is imported as (`../../roles`) in every machine. Notable are the files `nixos/roles/admins.nix` which contains +common admin accounts for these machines and `nixos/roles/nix_keys.nix` which contains the additional trusted +keys for the nix store. + From d89313e25d9c66bafdaed10bb11716589472bac3 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Sun, 24 Sep 2023 02:04:39 +0200 Subject: [PATCH 9/9] refactored xen_guest.nix --- nixos/machines/nyarlathotep/boot.nix | 8 -------- nixos/machines/nyarlathotep/configuration.nix | 2 +- .../nyarlathotep/hardware-configuration.nix | 5 ----- nixos/roles/xen_guest.nix | 15 +++++++++++++++ 4 files changed, 16 insertions(+), 14 deletions(-) delete mode 100644 nixos/machines/nyarlathotep/boot.nix create mode 100644 nixos/roles/xen_guest.nix diff --git a/nixos/machines/nyarlathotep/boot.nix b/nixos/machines/nyarlathotep/boot.nix deleted file mode 100644 index 745f410..0000000 --- a/nixos/machines/nyarlathotep/boot.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ ]; - boot.loader.grub = { - device = "nodev"; - enable = true; - }; -} - diff --git a/nixos/machines/nyarlathotep/configuration.nix b/nixos/machines/nyarlathotep/configuration.nix index 1a0e12a..05616fa 100644 --- a/nixos/machines/nyarlathotep/configuration.nix +++ b/nixos/machines/nyarlathotep/configuration.nix @@ -5,7 +5,7 @@ imports = [ ./hardware-configuration.nix (import ./mail.nix flake-inputs) ../../roles - ./boot.nix + ../../roles/xen_guest.nix ./network.nix ]; diff --git a/nixos/machines/nyarlathotep/hardware-configuration.nix b/nixos/machines/nyarlathotep/hardware-configuration.nix index 81be995..d75ae28 100644 --- a/nixos/machines/nyarlathotep/hardware-configuration.nix +++ b/nixos/machines/nyarlathotep/hardware-configuration.nix @@ -1,11 +1,6 @@ {config, lib, pkgs, modulesPath, ...}: { imports = [ ]; - boot.initrd.availableKernelModules = - [ "ata_piix" "sr_mod" "xen_blkfront" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - fileSystems."/" = { device = "/dev/disk/by-uuid/a72da670-f631-49b1-bcb3-6d378cc1f2d0"; fsType = "ext4"; diff --git a/nixos/roles/xen_guest.nix b/nixos/roles/xen_guest.nix new file mode 100644 index 0000000..9c9ee32 --- /dev/null +++ b/nixos/roles/xen_guest.nix @@ -0,0 +1,15 @@ +{...}: { + imports = [ ]; + boot = { + loader.grub = { + device = "nodev"; + enable = true; + }; + initrd = { + availableKernelModules = [ "ata_piix" "sr_mod" "xen_blkfront" ]; + kernelModules = [ ]; + }; + extraModulePackages = [ ]; + }; +} +