ppetru/alo-cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ppetru:264f43de508e2b93ac028fe63ee450262c5af9dd
Branches Tags
ppetru:master
..
compare: ppetru:c565aba76c67f9113ccc42856d6a6834ba6e1127
Branches Tags
ppetru:master

5 Commits
264f43de50 ... c565aba76c

Author SHA1 Message Date
Petru Paler
c565aba76c Put impermanence behind an option to make kopia work. 2024-09-25 10:33:27 +01:00
Petru Paler
92a59e004a WIP: container config for kopia. 2024-09-25 10:26:44 +01:00
Petru Paler
e460d69ebb Fix tailscale option. 2024-09-25 10:13:13 +01:00
Petru Paler
cdc8f49013 Make it possible to have nixos configs without home manager. 2024-09-25 10:01:55 +01:00
Petru Paler
6d78075aa5 WIP: remove nixos-generators, aim for nspawn now. 2024-09-25 09:48:15 +01:00
8 changed files with 124 additions and 153 deletions
Expand all files Collapse all files

11
common/container-node.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, ... }:
{
imports = [
./impermanence.nix # TODO: find a way to avoid needing this here
];
boot.isContainer = true;
custom.impermanence.enable = false;
custom.tailscale.enable = false;
networking.useDHCP = lib.mkForce false;
}

5
common/global/tailscale.nix
View File

@@ -7,9 +7,10 @@ in
imports = [ ./tailscale_lib.nix ]; imports = [ ./tailscale_lib.nix ];
options.custom.tailscale = { options.custom.tailscale = {
enable = mkEnableOption { enable = mkOption {
description = "Enable Tailscale"; type = lib.types.bool;
default = true; default = true;
description = "Whether to enable Tailscale";
}; };
}; };

131
common/impermanence.nix
View File

@@ -1,71 +1,84 @@
{ pkgs, inputs, ... }: { pkgs, inputs, lib, config, ... }:
let
cfg = config.custom.impermanence;
in
{ {
environment.persistence = { options.custom.impermanence = {
"/persist" = { enable = lib.mkOption {
directories = [ "/var/lib/nixos" ]; type = lib.types.bool;
files = [ default = true;
"/etc/machine-id" description = "Enable impermanent root fs";
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
}; };
}; };
fileSystems."/".options = [ config = lib.mkIf cfg.enable {
"compress=zstd" environment.persistence = {
"noatime" "/persist" = {
]; directories = [ "/var/lib/nixos" ];
fileSystems."/nix".options = [ files = [
"compress=zstd" "/etc/machine-id"
"noatime" "/etc/ssh/ssh_host_ed25519_key"
]; "/etc/ssh/ssh_host_ed25519_key.pub"
fileSystems."/persist".options = [ "/etc/ssh/ssh_host_rsa_key"
"compress=zstd" "/etc/ssh/ssh_host_rsa_key.pub"
"noatime" ];
]; };
fileSystems."/persist".neededForBoot = true; };
fileSystems."/var/log".options = [
"compress=zstd"
"noatime"
];
fileSystems."/var/log".neededForBoot = true;
users.mutableUsers = false; fileSystems."/".options = [
"compress=zstd"
"noatime"
];
fileSystems."/nix".options = [
"compress=zstd"
"noatime"
];
fileSystems."/persist".options = [
"compress=zstd"
"noatime"
];
fileSystems."/persist".neededForBoot = true;
fileSystems."/var/log".options = [
"compress=zstd"
"noatime"
];
fileSystems."/var/log".neededForBoot = true;
# rollback results in sudo lectures after each reboot users.mutableUsers = false;
security.sudo.extraConfig = ''
Defaults lecture = never
'';
# needed for allowOther in the home-manager impermanence config # rollback results in sudo lectures after each reboot
programs.fuse.userAllowOther = true; security.sudo.extraConfig = ''
Defaults lecture = never
'';
# reset / at each boot # needed for allowOther in the home-manager impermanence config
# Note `lib.mkBefore` is used instead of `lib.mkAfter` here. programs.fuse.userAllowOther = true;
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir /mnt
mount /dev/mapper/luksroot /mnt
if [[ -e /mnt/root ]]; then
mkdir -p /mnt/old_roots
timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /mnt/root "/mnt/old_roots/$timestamp"
fi
delete_subvolume_recursively() { # reset / at each boot
IFS=$'\n' # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
delete_subvolume_recursively "/mnt/$i" mkdir /mnt
done mount /dev/mapper/luksroot /mnt
btrfs subvolume delete "$1" if [[ -e /mnt/root ]]; then
} mkdir -p /mnt/old_roots
timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /mnt/root "/mnt/old_roots/$timestamp"
fi
for i in $(find /mnt/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively() {
delete_subvolume_recursively "$i" IFS=$'\n'
done for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/mnt/$i"
done
btrfs subvolume delete "$1"
}
btrfs subvolume create /mnt/root for i in $(find /mnt/old_roots/ -maxdepth 1 -mtime +30); do
umount /mnt delete_subvolume_recursively "$i"
''; done
btrfs subvolume create /mnt/root
umount /mnt
'';
};
} }

7
common/lxc-node.nix
View File

@@ -1,7 +0,0 @@
{
imports = [
];
custom.tailscale.enable = false;
proxmoxLXC.manageNetwork = true;
}

37
flake.lock generated
View File

@@ -261,42 +261,6 @@
"type": "github" "type": "github"
} }
}, },
"nixlib": {
"locked": {
"lastModified": 1726966855,
"narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1727053438,
"narHash": "sha256-t/+z1Tf7hSaStU1pBYkY7i0/GkG+YIPSmfeRrK8eYUw=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "e8c1cd886cc17e31e424f915efd32e84d8af0ce9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1726320982, "lastModified": 1726320982,
@@ -388,7 +352,6 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",

67
flake.nix
View File

@@ -17,10 +17,6 @@
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -42,7 +38,6 @@
disko, disko,
home-manager, home-manager,
sops-nix, sops-nix,
nixos-generators,
impermanence, impermanence,
... ...
}@inputs: }@inputs:
@@ -66,27 +61,31 @@
disko.nixosModules.disko disko.nixosModules.disko
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.ppetru = {
imports = [
(inputs.impermanence + "/home-manager.nix")
inputs.nix-index-database.hmModules.nix-index
inputs.nixvim.homeManagerModules.nixvim
./home
];
};
};
}
] ++ modules; ] ++ modules;
specialArgs = { specialArgs = {
inherit inputs self; inherit inputs self;
}; };
}; };
mkHMNixos =
system: modules:
mkNixos system ([
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.ppetru = {
imports = [
(inputs.impermanence + "/home-manager.nix")
inputs.nix-index-database.hmModules.nix-index
inputs.nixvim.homeManagerModules.nixvim
./home
];
};
};
}] ++ modules);
pkgsFor = pkgsFor =
system: system:
import nixpkgs { import nixpkgs {
@@ -112,12 +111,13 @@
in in
{ {
nixosConfigurations = { nixosConfigurations = {
c1 = mkNixos "x86_64-linux" [ ./hosts/c1 ]; c1 = mkHMNixos "x86_64-linux" [ ./hosts/c1 ];
c2 = mkNixos "x86_64-linux" [ ./hosts/c2 ]; c2 = mkHMNixos "x86_64-linux" [ ./hosts/c2 ];
c3 = mkNixos "x86_64-linux" [ ./hosts/c3 ]; c3 = mkHMNixos "x86_64-linux" [ ./hosts/c3 ];
alo-cloud-1 = mkNixos "aarch64-linux" [ ./hosts/alo-cloud-1 ]; alo-cloud-1 = mkHMNixos "aarch64-linux" [ ./hosts/alo-cloud-1 ];
zippy = mkNixos "x86_64-linux" [ ./hosts/zippy ]; zippy = mkHMNixos "x86_64-linux" [ ./hosts/zippy ];
chilly = mkNixos "x86_64-linux" [ ./hosts/chilly ]; chilly = mkHMNixos "x86_64-linux" [ ./hosts/chilly ];
kopia = mkNixos "x86_64-linux" [ ./hosts/kopia ];
}; };
deploy = { deploy = {
@@ -173,21 +173,6 @@
}; };
}; };
packages.x86_64-linux = {
kopia-lxc = nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "proxmox-lxc";
modules = [
sops-nix.nixosModules.sops
impermanence.nixosModules.impermanence
./hosts/kopia-lxc
];
specialArgs = {
inherit inputs self;
};
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;

7
hosts/kopia-lxc/default.nix
View File

@@ -1,7 +0,0 @@
{
imports = [
../../common/global
../../common/lxc-node.nix
];
networking.hostName = "kopia";
}

12
hosts/kopia/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ pkgs, ... }:
{
imports = [
../../common/global
../../common/container-node.nix
];
networking.hostName = "kopia";
environment.systemPackages = with pkgs; [
kopia
];
}