From e53e6b4c1031143843a4fc9f4e68a8e37933052f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Thu, 7 Nov 2024 17:10:05 +0100 Subject: [PATCH] Rework provisioning isos --- fediversity-services.nix | 9 --- flake.lock | 31 +++++++++ flake.nix | 52 +++++++++----- gitea-runner.nix | 41 ----------- hardware-configuration.nix | 56 --------------- procolix-configuration.nix | 104 --------------------------- procolixVm.nix | 139 +++++++++++++++++++++++++++++++++++++ 7 files changed, 204 insertions(+), 228 deletions(-) delete mode 100644 fediversity-services.nix delete mode 100644 gitea-runner.nix delete mode 100644 hardware-configuration.nix delete mode 100644 procolix-configuration.nix create mode 100644 procolixVm.nix diff --git a/fediversity-services.nix b/fediversity-services.nix deleted file mode 100644 index a002232..0000000 --- a/fediversity-services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - fediversity = { - enable = true; - - domain = "fediversity.niols.fr"; - - pixelfed.enable = true; - }; -} diff --git a/flake.lock b/flake.lock index 556c301..fe557cd 100644 --- a/flake.lock +++ b/flake.lock @@ -36,6 +36,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1725194671, @@ -67,6 +85,18 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1727672256, @@ -135,6 +165,7 @@ "root": { "inputs": { "disko": "disko", + "flake-parts": "flake-parts", "nixpkgs": "nixpkgs_2", "snf": "snf" } diff --git a/flake.nix b/flake.nix index df3660f..14f000d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,32 +1,48 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + flake-parts.url = "github:hercules-ci/flake-parts"; + snf.url = "git+https://git.fediversity.eu/fediversity/simple-nixos-fediverse.git"; disko.url = "github:nix-community/disko"; }; - outputs = { self, nixpkgs, snf, disko }: - let - vmName = "fedi01"; + outputs = inputs@{ self, flake-parts, nixpkgs, snf, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { - in { - nixosConfigurations.${vmName} = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./procolix-configuration.nix - snf.nixosModules.fediversity - ./fediversity-services.nix - # ./gitea-runner.nix + systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ]; - ## Hardware configuration - disko.nixosModules.default - ./hardware-configuration.nix - ]; + perSystem = { config, self', inputs', pkgs, system, ... }: { + devShells.default = pkgs.mkShell { + packages = [ inputs'.nixops4.packages.default ]; + }; }; - ## An ISO that will prepare the machine, format it, and install the above - ## configuration in an automated way. - isoInstallers.${vmName} = snf.mkInstaller nixpkgs self.nixosConfigurations.${vmName}; + flake.allVmIds = ["101" "102" "103" "104" "105" "106" "107" "108" "109" "110"]; + + flake.nixosConfigurations.provisioning = + let + inherit (builtins) map listToAttrs; + makeProvisioningConfiguration = vmid: nixpkgs.lib.nixosSystem { + modules = [ + { procolix.vmid = vmid; } + ./procolixVm.nix + inputs.disko.nixosModules.default + ]; + }; + in + listToAttrs + (map + (vmid: { + name = "fedi${vmid}"; + value = makeProvisioningConfiguration vmid; }) + self.allVmIds); + + flake.isoInstallers.provisioning = + let inherit (builtins) mapAttrs; in + mapAttrs + (_: snf.mkInstaller nixpkgs) + self.nixosConfigurations.provisioning; }; } diff --git a/gitea-runner.nix b/gitea-runner.nix deleted file mode 100644 index ddfb335..0000000 --- a/gitea-runner.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, config, ... }: - -{ - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - - instances.default = { - enable = true; - - name = config.networking.fqdn; - url = "https://git.fediversity.eu"; - token = "MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk"; - - settings = { - log.level = "info"; - runner = { - file = ".runner"; - capacity = 24; - timeout = "3h"; - insecure = false; - fetch_timeout = "5s"; - fetch_interval = "2s"; - }; - }; - - ## This runner supports Docker (with a default Ubuntu image) and native - ## modes. In native mode, it contains a few default packages. - labels = ["docker:docker://node:16-bullseye" "native:host"]; - hostPackages = with pkgs; [ bash git nix nodejs ]; - }; - }; - - ## For the Docker mode of the runner. - virtualisation.docker.enable = true; - - ## The Nix configuration of the system influences the Nix configuration - ## in the workflow, and our workflows are often flake-based. - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; -} diff --git a/hardware-configuration.nix b/hardware-configuration.nix deleted file mode 100644 index a0bfa19..0000000 --- a/hardware-configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix")]; - services.qemuGuest.enable = true; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - - disko.devices.disk.main = { - device = "/dev/sda"; - type = "disk"; - - content = { - type = "gpt"; - - partitions = { - MBR = { - priority = 0; - size = "1M"; - type = "EF02"; - }; - - ESP = { - priority = 1; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - - root = { - priority = 2; - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/procolix-configuration.nix b/procolix-configuration.nix deleted file mode 100644 index bd8aef4..0000000 --- a/procolix-configuration.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ pkgs, ... }: - -{ - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking = { - hostName = "fedi01"; - domain = "procolix.com"; - interfaces = { - eth0 = { - ipv4 = { - addresses = [ - { - address = "95.215.187.101"; - prefixLength = 24; - } - ]; - }; - ipv6 = { - addresses = [ - { - address = "2a00:51c0:13:1305::101"; - prefixLength = 64; - } - ]; - }; - }; - }; - defaultGateway = { - address = "95.215.187.1"; - interface = "eth0"; - }; - defaultGateway6 = { - address = "2a00:51c0:13:1305::1"; - interface = "eth0"; - }; - nameservers = [ "95.215.185.6" "95.215.185.7" ]; - # firewall.enable = false; - }; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.root.hashedPassword = "$y$j9T$WXvLAUqArJJusuC017FCW0$.rfMOeyx/BsClkJFi5hLcynrSk.njWmfiB6Uy.9th3A"; - - users.users.procolix = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - hashedPassword = "$y$j9T$UH8Dh/poTCCZ3PXk43au6/$iYen8VUEVvv7SIPqteNtTPKktLxny3TbqvjUwhvi.6B"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1" - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2" - ]; - }; - - users.users.niols = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - hashedPassword = "$y$j9T$PlqgzCwoXxCXbTFwt//B.0$pIB.7NZwmdyXKJSnnJhZwampSPow8nMccN7gbhfDOC0"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkQXv/VRZLfV0wNN9PHedmKWyAIfpPUCdaznHZNIDkS niols@orianne/fediversity" - ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - (pkgs.vim_configurable.customize { - name = "vim"; - vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { - start = [ vim-nix ]; # load plugin on startup - }; - vimrcConfig.customRC = '' - " your custom vimrc - set nocompatible - set backspace=indent,eol,start - " Turn on syntax highlighting by default - syntax on - " ... - ''; - }) - wget - ]; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? -} diff --git a/procolixVm.nix b/procolixVm.nix new file mode 100644 index 0000000..99a61c2 --- /dev/null +++ b/procolixVm.nix @@ -0,0 +1,139 @@ +{ lib, config, modulesPath, ... }: + +let + inherit (lib) mkOption; + inherit (lib.types) types; + +in +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix")]; + + options = { + procolix = { + vmid = mkOption { + type = types.str; + description = '' + Identifier of the machine. This is a number between 10 and 255, padded + with zeroes to always be three characters. + ''; + }; + }; + }; + + config = { + ######################################################################## + ## Network + + services.openssh.enable = true; + + networking = { + hostName = "fedi${config.procolix.vmid}"; + domain = "procolix.com"; + + interfaces = { + eth0 = { + ipv4 = { + addresses = [ + { + address = "95.215.187.${config.procolix.vmid}"; + prefixLength = 24; + } + ]; + }; + ipv6 = { + addresses = [ + { + address = "2a00:51c0:13:1305::${config.procolix.vmid}"; + prefixLength = 64; + } + ]; + }; + }; + }; + + defaultGateway = { + address = "95.215.187.1"; + interface = "eth0"; + }; + defaultGateway6 = { + address = "2a00:51c0:13:1305::1"; + interface = "eth0"; + }; + + nameservers = [ "95.215.185.6" "95.215.185.7" ]; + }; + + ######################################################################## + ## Hardware + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + initrd = { + availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + kernelModules = [ "dm-snapshot" ]; + }; + }; + + disko.devices.disk.main = { + device = "/dev/sda"; + type = "disk"; + + content = { + type = "gpt"; + + partitions = { + MBR = { + priority = 0; + size = "1M"; + type = "EF02"; + }; + + ESP = { + priority = 1; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + root = { + priority = 2; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + ######################################################################## + ## Miscellaneous + + services.qemuGuest.enable = true; + + time.timeZone = "Europe/Amsterdam"; + + i18n.defaultLocale = "en_US.UTF-8"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY" + ]; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + system.stateVersion = "24.05"; # Did you read the comment? + }; +}