diff --git a/deployment/check/common/data-model.nix b/deployment/check/common/data-model.nix index a760c650..cb0637e4 100644 --- a/deployment/check/common/data-model.nix +++ b/deployment/check/common/data-model.nix @@ -96,6 +96,7 @@ let with lib; attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); extraGroups = lib.optional config.wheel "wheel"; + password = "password"; }; }; }; @@ -112,7 +113,10 @@ let }; implementation = cfg: { resources = lib.optionalAttrs cfg.enable { - hello.login-shell.packages.hello = pkgs.hello; + hello.login-shell = { + wheel = true; + packages.hello = pkgs.hello; + }; }; }; }; @@ -128,12 +132,19 @@ let # tests need this, however outside tests this (and esp its import nixos-test-base) must not be used ../common/targetNode.nix "${nixpkgs}/nixos/modules/profiles/minimal.nix" - "${nixpkgs}/nixos/modules/profiles/perlless.nix" + # "${nixpkgs}/nixos/modules/profiles/perlless.nix" # failed under disko "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - ../../../infra/common/nixos/repart.nix + # systemd-repart + # ../../../infra/common/nixos/repart.nix + # disko + "${sources.disko}/module.nix" + ../../../infra/common/proxmox-qemu-vm.nix ]; + # # non-disko + # boot.loader.grub.enable = false; # boot.loader.systemd-boot.enable = true; + # boot.loader.efi.efiSysMountPoint = "/boot"; # boot.loader.systemd-boot.edk2-uefi-shell.enable = true; # boot.loader.efi.canTouchEfiVariables = true; @@ -142,8 +153,19 @@ let # boot.growPartition = true; # boot.loader.timeout = 1; + nixpkgs.hostPlatform = "x86_64-linux"; + system.stateVersion = "25.05"; services.qemuGuest.enable = true; + systemd.services.qemu-guest-agent = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; networking = { firewall.enable = false; usePredictableInterfaceNames = false; @@ -175,13 +197,46 @@ let ]; }; - users.users = environment.config.resources."operator-environment".login-shell.apply { - resources = lib.filterAttrs (_name: value: value ? login-shell) ( - lib.concatMapAttrs ( - k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources - ) requests - ); - }; + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + + users.mutableUsers = false; + users.users = + { + root = { + # password = "password"; # cannot log in + hashedPassword = "$y$j9T$QoArNaV2VrjPhQ6BMG1AA.$uq8jw0.g.dJwIfepqipxzeUD1ochgUs8A5QmVe4qbJ6"; # cannot log in + # hashedPasswordFile = pkgs.writeText "root-password" "$y$j9T$QoArNaV2VrjPhQ6BMG1AA.$uq8jw0.g.dJwIfepqipxzeUD1ochgUs8A5QmVe4qbJ6"; # type not null/string + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" + ]; + }; + # can log in + kiara = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + password = "password"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" + ]; + }; + # cannot log in + operator = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + password = "password"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" + ]; + }; + } + // environment.config.resources."operator-environment".login-shell.apply { + resources = lib.filterAttrs (_name: value: value ? login-shell) ( + lib.concatMapAttrs ( + k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources + ) requests + ); + }; }; in { @@ -291,7 +346,10 @@ let }; }; single-nixos-vm-tf-proxmox = environment: { - resources."operator-environment".login-shell.username = "operator"; + resources."operator-environment".login-shell = { + wheel = true; + username = "operator"; + }; implementation = { required-resources, diff --git a/deployment/check/common/targetNode.nix b/deployment/check/common/targetNode.nix index 27047a9e..e6daaad1 100644 --- a/deployment/check/common/targetNode.nix +++ b/deployment/check/common/targetNode.nix @@ -44,7 +44,7 @@ in networking.firewall.allowedTCPPorts = [ 22 ]; # Test VMs don't have a bootloader by default. - boot.loader.grub.enable = false; + # boot.loader.grub.enable = false; } (mkIf config.enableAcme { diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 0f5a3a8d..912cca30 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -397,140 +397,200 @@ let tf-proxmox-host = mkOption { description = "A Terraform deployment by SSH to update a single existing NixOS host."; # type = submodule (tf-host: { - type = submodule (tf-host: { - options = { - system = mkOption { - description = "The architecture of the system to deploy to."; - type = types.str; + type = submodule ( + tf-host: + let + raw = { + # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw.nix"; + formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw-efi.nix"; + formatAttr = "raw"; + fileExtension = ".img"; }; - inherit nixos-configuration; - ssh = host-ssh; - # TODO: add proxmox info - module = mkOption { - description = "The module to call to obtain the NixOS configuration from."; - type = types.str; - }; - args = mkOption { - description = "The arguments with which to call the module to obtain the NixOS configuration."; - type = types.attrs; - }; - deployment-name = mkOption { - description = "The name of the deployment for which to obtain the NixOS configuration."; - type = types.str; - }; - root-path = mkOption { - description = "The path to the root of the repository."; - type = types.path; - }; - proxmox-user = mkOption { - description = "The ProxmoX user to use."; - type = types.str; - default = "root@pam"; - }; - # TODO: is sensitivity here handled properly? - proxmox-password = mkOption { - description = "The ProxmoX password to use."; - type = types.str; - }; - node-name = mkOption { - description = "the name of the ProxmoX node to use."; - type = types.str; - }; - run = mkOption { - type = types.package; - # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times. - # readOnly = true; - default = - let - inherit (tf-host.config) - system - ssh - module - args - deployment-name - root-path - proxmox-user - proxmox-password - node-name - ; - inherit (ssh) - host - username - key-file - sshOpts - ; - deployment-type = "tf-proxmox-host"; - nixos_conf = writeConfig { - inherit + format = raw; + # qcow = { + # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow.nix"; + # formatAttr = "qcow"; + # fileExtension = ".qcow2"; + # }; + # format = qcow; + # qcow-efi = { + # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow-efi.nix"; + # formatAttr = "qcow-efi"; + # fileExtension = ".qcow2"; + # }; + # format = qcow-efi; + inherit (format) formatConfig fileExtension formatAttr; + in + { + options = { + system = mkOption { + description = "The architecture of the system to deploy to."; + type = types.str; + }; + inherit nixos-configuration; + ssh = host-ssh; + # TODO: add proxmox info + module = mkOption { + description = "The module to call to obtain the NixOS configuration from."; + type = types.str; + }; + args = mkOption { + description = "The arguments with which to call the module to obtain the NixOS configuration."; + type = types.attrs; + }; + deployment-name = mkOption { + description = "The name of the deployment for which to obtain the NixOS configuration."; + type = types.str; + }; + root-path = mkOption { + description = "The path to the root of the repository."; + type = types.path; + }; + proxmox-user = mkOption { + description = "The ProxmoX user to use."; + type = types.str; + default = "root@pam"; + }; + # TODO: is sensitivity here handled properly? + proxmox-password = mkOption { + description = "The ProxmoX password to use."; + type = types.str; + }; + node-name = mkOption { + description = "the name of the ProxmoX node to use."; + type = types.str; + }; + run = mkOption { + type = types.package; + # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times. + # readOnly = true; + default = + let + inherit (tf-host.config) system + ssh module args deployment-name root-path - deployment-type + proxmox-user + proxmox-password + node-name ; - }; - # machine = import nixos_conf; - machine = import ./nixos.nix { - inherit sources system; - configuration = tf-host.config.nixos-configuration; - }; - inherit (machine.config.boot.uki) name; - - environment = { - key_file = key-file; - ssh_opts = sshOpts; - inherit + inherit (ssh) host - nixos_conf + username + key-file + sshOpts ; - proxmox_user = proxmox-user; - proxmox_password = proxmox-password; - ssh_user = username; - node_name = node-name; - # image = "${machine.config.system.build.image}/${name}.raw"; - }; - tf-env = pkgs.callPackage ./run/tf-proxmox/tf-env.nix { }; - proxmox-host = "192.168.51.81"; # root@fediversity-proxmox - vm-names = [ "test14" ]; - vm_name = "test14"; - in - lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox.sh" - (withPackages [ - pkgs.jq - pkgs.qemu - pkgs.nixos-generators - pkgs.httpie - (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) - ]) - '' - set -xe + deployment-type = "tf-proxmox-host"; + nixos_conf = writeConfig { + inherit + system + module + args + deployment-name + root-path + deployment-type + ; + }; + # machine = import nixos_conf; + machine = import ./nixos.nix { + inherit sources system; + configuration = tf-host.config.nixos-configuration; + # configuration = { ... }: { + # imports = [ + # tf-host.config.nixos-configuration + # ../infra/common/nixos/repart.nix + # ]; + # }; + }; + # inherit (machine.config.boot.uki) name; + name = "monkey"; - # bash ./infra/proxmox-remove.sh \ - # --api-url "https://${proxmox-host}:8006/api2/json" \ - # --username "${proxmox-user}" \ - # --password "${proxmox-password}" \ - # --node "${node-name}" \ - # 7014 - # # ^ hardcoded ID of test14 - # # ${lib.concatStringsSep " " vm-names} + # # systemd-repart + # better for cross-compilation, worse for pre-/post-processing, doesn't support MBR: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973 + # raw = "${machine.config.system.build.image}/${name}.raw"; - # TODO after install: $nix_host_keys - # cp $tmpdir/${vm_name}_host_key /mnt/etc/ssh/ssh_host_ed25519_key - # chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key - # cp $tmpdir/${vm_name}_host_key.pub /mnt/etc/ssh/ssh_host_ed25519_key.pub - # chmod 644 /mnt/etc/ssh/ssh_host_ed25519_key.pub + # disko + # worse for cross-compilation, better for pre-/post-processing, needs manual `imageSize`, random failures: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973 + raw = "${machine.config.system.build.diskoImages}/main.raw"; - # .qcow2 is around half the size of .raw, on top of supporting backups - be it apparently at the cost of performance - qemu-img convert -f raw -O qcow2 -C "${machine.config.system.build.image}/${name}.raw" /tmp/${name}.qcow2 + # # nixos-generators: note it can straight-up do qcow2 as well, if we settle for nixos-generators + # # `mount: /run/nixos-etc-metadata.J3iARWBtna: failed to setup loop device for /nix/store/14ka2bmx6lcnyr8ah2yl787sqcgxz5ni-etc-metadata.erofs.` + # # [`Error: Failed to parse os-release`](https://github.com/NixOS/nixpkgs/blob/5b1861820a3bc4ef2f60b0afcffb71ea43f5d000/pkgs/by-name/sw/switch-to-configuration-ng/src/src/main.rs#L151) + # raw = let + # # TODO parameterize things to let this flow into the terraform + # # btw qcow can be made by nixos-generators (qcow, qcow-efi) or by `image.repart` + # # wait, so i generate an image for the nixos config from the data model? how would i then propagate that to deploy? + # gen = import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { + # inherit system formatConfig; + # inherit (sources) nixpkgs; + # configuration = tf-host.config.nixos-configuration; + # }; + # in + # "${gen.config.system.build.${formatAttr}}/nixos${fileExtension}"; - env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \ - TF_VAR_image=/tmp/${name}.qcow2 \ - tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh - ''; + environment = { + key_file = key-file; + ssh_opts = sshOpts; + inherit + host + nixos_conf + ; + proxmox_user = proxmox-user; + proxmox_password = proxmox-password; + ssh_user = username; + node_name = node-name; + }; + tf-env = pkgs.callPackage ./run/tf-proxmox/tf-env.nix { }; + proxmox-host = "192.168.51.81"; # root@fediversity-proxmox + vm-names = [ "test14" ]; + vm_name = "test14"; + in + lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox.sh" + (withPackages [ + pkgs.jq + pkgs.qemu + pkgs.nixos-generators + pkgs.httpie + (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) + ]) + '' + set -xe + + # bash ./infra/proxmox-remove.sh \ + # --api-url "https://${proxmox-host}:8006/api2/json" \ + # --username "${proxmox-user}" \ + # --password "${proxmox-password}" \ + # --node "${node-name}" \ + # 7014 + # # ^ hardcoded ID of test14 + # # ${lib.concatStringsSep " " vm-names} + + # TODO after install: $nix_host_keys + # cp $tmpdir/${vm_name}_host_key /mnt/etc/ssh/ssh_host_ed25519_key + # chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key + # cp $tmpdir/${vm_name}_host_key.pub /mnt/etc/ssh/ssh_host_ed25519_key.pub + # chmod 644 /mnt/etc/ssh/ssh_host_ed25519_key.pub + + # nixos-generate gives the burden of building revisions, while systemd-repart handles partitioning ~~at the burden of version revisions~~ + # .qcow2 is around half the size of .raw, on top of supporting backups - be it apparently at the cost of performance + qemu-img convert -f raw -O qcow2 -C "${raw}" /tmp/${name}.qcow2 + + ls -l ${raw} + ls -l /tmp/${name}.qcow2 + + env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \ + TF_VAR_image=/tmp/${name}.qcow2 \ + tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh + ''; + # # don't really wanna deal with having to do versioned updates for now + # qemu-img convert -f raw -O qcow2 -C "${machine.config.system.build.image}/${name}.raw" /tmp/${name}.qcow2 + }; }; - }; - }); + } + ); }; }; in diff --git a/deployment/run/tf-proxmox/main.tf b/deployment/run/tf-proxmox/main.tf index 584032d3..62db1414 100644 --- a/deployment/run/tf-proxmox/main.tf +++ b/deployment/run/tf-proxmox/main.tf @@ -16,6 +16,7 @@ provider "proxmox" { endpoint = "https://${var.host}:8006/" insecure = true + # used only for files and creating custom disks ssh { agent = true # uncomment and configure if using api_token instead of password @@ -49,10 +50,12 @@ provider "proxmox" { # program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ..)\\\"}\""] # } +# FIXME handle known-hosts in TF state # FIXME move to host # FIXME switch to base image shared between jobs as upload seems a bottleneck? e.g. by: # - recursive TF # - hash in name over overwrite +# won't notice file changes: https://github.com/bpg/terraform-provider-proxmox/issues/677 resource "proxmox_virtual_environment_file" "upload" { # # https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts # timeouts { @@ -96,9 +99,12 @@ resource "proxmox_virtual_environment_file" "upload" { resource "proxmox_virtual_environment_vm" "nix_vm" { lifecycle { - ignore_changes = ["disk.import_from"] + # wait, would this not disseminate any changes to this property, + # or just defer syncing when only this changed? + ignore_changes = [ + disk["import_from"], + ] } - node_name = var.node_name pool_id = var.pool_id description = var.description @@ -107,7 +113,9 @@ resource "proxmox_virtual_environment_vm" "nix_vm" { # https://wiki.nixos.org/wiki/Virt-manager#Guest_Agent agent { enabled = true - # timeout = "15m" + # timeout = "5m" + timeout = "40s" + trim = true } cpu { @@ -133,10 +141,12 @@ resource "proxmox_virtual_environment_vm" "nix_vm" { backup = false cache = "none" - # import_from = "local:import/vzdump-qemu-nixos-fediversity-test.qcow2" - # import_from = "local:import/vzdump-qemu-nixos-fediversity-test.raw" + # FIXME make the provider allow this as a distinct block to allow making this depend on VM id? + # import_from = "local:import/${proxmox_virtual_environment_vm.nix_vm.vm_id}-${local.dump_name}" # bogus import name to test if it would accept self-referential values here # may not refer to itself + # import_from = "local:import/${local.dump_name}" import_from = proxmox_virtual_environment_file.upload.id # import_from = proxmox_virtual_environment_download_file.latest_ubuntu_22_jammy_qcow2_img.id + # import_from = "local:import/jammy-server-cloudimg-amd64.qcow2" } efi_disk { @@ -149,7 +159,7 @@ resource "proxmox_virtual_environment_vm" "nix_vm" { network_device { model = "virtio" bridge = "ovsbr0" - vlan_id = 1305 + vlan_id = 1305 } operating_system { @@ -158,18 +168,170 @@ resource "proxmox_virtual_environment_vm" "nix_vm" { scsi_hardware = "virtio-scsi-single" bios = "ovmf" + + # # used only for cloud-init + # initialization { + # ip_config { + # ipv4 { + # gateway = "eth0" + # address = "95.215.187.${proxmox_virtual_environment_vm.nix_vm.vm_id}" # error: self-referential block + # } + # ipv6 { + # gateway = "eth0" + # address = "2a00:51c0:13:1305::${proxmox_virtual_environment_vm.nix_vm.vm_id}" + # } + # } + # } } +# FIXME expose (and handle thru) [`exec`](https://pve.proxmox.com/pve-docs/api-viewer/#/nodes/{node}/qemu/{vmid}/agent/exec) endpoint in proxmox TF provider? wait, what command would i use it for?: https://github.com/bpg/terraform-provider-proxmox/issues/1576 module "nixos-rebuild" { - depends_on = [ - proxmox_virtual_environment_vm.nix_vm - ] - source = "../tf-single-host" - nixos_conf = var.nixos_conf - username = var.ssh_user - host = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[0][0] + # username = var.ssh_user # refers to the proxmox ssh user, not the VM one + username = "root" + # host = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[1][0] # does not exist (in time) + host = "95.215.187.${proxmox_virtual_environment_vm.nix_vm.vm_id}" + # host = "2a00:51c0:13:1305::${proxmox_virtual_environment_vm.nix_vm.vm_id}" + # host = "95.215.187.101" + # host = "2a00:51c0:13:1305::101" key_file = var.key_file ssh_opts = var.ssh_opts } + +# vm output: { +# "acpi" = true +# "agent" = tolist([ +# { +# "enabled" = true +# "timeout" = "15m" +# "trim" = false +# "type" = "virtio" +# }, +# ]) +# "amd_sev" = tolist([]) +# "audio_device" = tolist([]) +# "bios" = "ovmf" +# "boot_order" = tolist(null) /* of string */ +# "cdrom" = tolist([]) +# "clone" = tolist([]) +# "cpu" = tolist([ +# { +# "affinity" = "" +# "architecture" = "" +# "cores" = 1 +# "flags" = tolist(null) /* of string */ +# "hotplugged" = 0 +# "limit" = 0 +# "numa" = true +# "sockets" = 1 +# "type" = "x86-64-v2-AES" +# "units" = 1024 +# }, +# ]) +# "description" = "" +# "disk" = tolist([ +# { +# "aio" = "io_uring" +# "backup" = false +# "cache" = "none" +# "datastore_id" = "local" +# "discard" = "on" +# "file_format" = "qcow2" +# "file_id" = "" +# "import_from" = "local:import/qemu-nixos-fediversity-test.qcow2" +# "interface" = "scsi0" +# "iothread" = true +# "path_in_datastore" = "101/vm-101-disk-1.qcow2" +# "replicate" = true +# "serial" = "" +# "size" = 32 +# "speed" = tolist([]) +# "ssd" = true +# }, +# ]) +# "efi_disk" = tolist([ +# { +# "datastore_id" = "local" +# "file_format" = "qcow2" +# "pre_enrolled_keys" = false +# "type" = "4m" +# }, +# ]) +# "hook_script_file_id" = tostring(null) +# "hostpci" = tolist([]) +# "id" = "101" +# "initialization" = tolist([]) +# "ipv4_addresses" = tolist([]) +# "ipv6_addresses" = tolist([]) +# "keyboard_layout" = "en-us" +# "kvm_arguments" = "" +# "mac_addresses" = tolist([]) +# "machine" = "" +# "memory" = tolist([ +# { +# "dedicated" = 2048 +# "floating" = 0 +# "hugepages" = "" +# "keep_hugepages" = false +# "shared" = 0 +# }, +# ]) +# "migrate" = false +# "name" = "" +# "network_device" = tolist([ +# { +# "bridge" = "vnet1306" +# "disconnected" = false +# "enabled" = true +# "firewall" = false +# "mac_address" = "BC:24:11:DE:E5:A8" +# "model" = "virtio" +# "mtu" = 0 +# "queues" = 0 +# "rate_limit" = 0 +# "trunks" = "" +# "vlan_id" = 0 +# }, +# ]) +# "network_interface_names" = tolist([]) +# "node_name" = "node051" +# "numa" = tolist([]) +# "on_boot" = true +# "operating_system" = tolist([ +# { +# "type" = "l26" +# }, +# ]) +# "pool_id" = "Fediversity" +# "protection" = false +# "reboot" = false +# "reboot_after_update" = true +# "rng" = tolist([]) +# "scsi_hardware" = "virtio-scsi-single" +# "serial_device" = tolist([]) +# "smbios" = tolist([]) +# "started" = true +# "startup" = tolist([]) +# "stop_on_destroy" = false +# "tablet_device" = true +# "tags" = tolist(null) /* of string */ +# "template" = false +# "timeout_clone" = 1800 +# "timeout_create" = 1800 +# "timeout_migrate" = 1800 +# "timeout_move_disk" = 1800 +# "timeout_reboot" = 1800 +# "timeout_shutdown_vm" = 1800 +# "timeout_start_vm" = 1800 +# "timeout_stop_vm" = 300 +# "tpm_state" = tolist([]) +# "usb" = tolist([]) +# "vga" = tolist([]) +# "virtiofs" = tolist([]) +# "vm_id" = 101 +# "watchdog" = tolist([]) +# } +output "ips" { + value = proxmox_virtual_environment_vm.nix_vm +} diff --git a/infra/common/proxmox-qemu-vm.nix b/infra/common/proxmox-qemu-vm.nix index 4c85ffb0..7992e2ea 100644 --- a/infra/common/proxmox-qemu-vm.nix +++ b/infra/common/proxmox-qemu-vm.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { _class = "nixos"; @@ -11,6 +11,12 @@ # ]; boot = { + loader.grub = { + enable = true; + efiSupport = lib.mkDefault true; + efiInstallAsRemovable = lib.mkDefault true; + device = "nodev"; + }; initrd = { availableKernelModules = [ "ata_piix" @@ -23,8 +29,9 @@ }; disko.devices.disk.main = { - device = "/dev/vda"; + device = "/dev/sda"; type = "disk"; + imageSize = "20G"; # needed for image generation content = { type = "gpt";