ppetru/alo-cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ppetru:93d59fe7621c351fe8d6c89e4565e8a4cc695f84
Branches Tags
ppetru:master
...
compare: ppetru:558b8f827c7cd41bdf053337804d503097b6ac1d
Branches Tags
ppetru:master

5 Commits
93d59fe762 ... 558b8f827c

Author SHA1 Message Date
Petru Paler
558b8f827c Convert c1 & c2 to disko and cleanup old keys. 2024-09-13 12:04:10 +01:00
Petru Paler
85fd5ad6f0 Switch zippy to disko. 2024-09-13 12:03:25 +01:00
Petru Paler
2638e596e9 Merge home manager config. 2024-09-13 11:04:13 +01:00
Petru Paler
4e24ac988f Restrict permissions on /boot to protect the random seed. 2024-09-13 10:31:44 +01:00
Petru Paler
8588d7f09f Update impermanence. 2024-09-13 10:31:31 +01:00
17 changed files with 139 additions and 157 deletions
Expand all files Collapse all files

3
common/encrypted-btrfs-layout.nix
View File

@@ -31,6 +31,9 @@ in
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [
"umask=0077" # to avoid the random seed being world readable
];
}; };
}; };
luksroot = { luksroot = {

38
flake.lock generated
View File

@@ -61,16 +61,15 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"ppetru-home",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1725703823,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -82,11 +81,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1724489415, "lastModified": 1725690722,
"narHash": "sha256-ey8vhwY/6XCKoh7fyTn3aIQs7WeYSYtLbYEG87VCzX4=", "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "c7f5b394397398c023000cf843986ee2571a1fd7", "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -127,35 +126,14 @@
"type": "github" "type": "github"
} }
}, },
"ppetru-home": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1726077552,
"narHash": "sha256-I2u/iI8e/pRVtfAs6juLOrPa+zWZjtUzFv3OxemNHfE=",
"ref": "refs/heads/master",
"rev": "0242d6da9aba2ccb530870b944d1837d4cac6b54",
"revCount": 6,
"type": "git",
"url": "file:/home/ppetru/ppetru-home"
},
"original": {
"type": "git",
"url": "file:/home/ppetru/ppetru-home"
}
},
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable"
"ppetru-home": "ppetru-home"
} }
}, },
"systems": { "systems": {

25
flake.nix
View File

@@ -9,13 +9,13 @@
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
ppetru-home = { home-manager = {
url = "git+file:/home/ppetru/ppetru-home"; url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, disko, ppetru-home, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, disko, ... }@inputs:
let let
inherit (self); inherit (self);
@@ -31,6 +31,13 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
}) })
disko.nixosModules.disko disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.ppetru = import ./home;
};
}
] ++ modules; ] ++ modules;
specialArgs = { inherit inputs self; }; specialArgs = { inherit inputs self; };
}; };
@@ -94,10 +101,6 @@
user = "root"; user = "root";
path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations.nix-dev; path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations.nix-dev;
}; };
ppetru = {
user = "ppetru";
path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.home-manager ppetru-home.homeConfigurations.ppetru;
};
}; };
}; };
alo-cloud-1 = { alo-cloud-1 = {
@@ -116,10 +119,6 @@
user = "root"; user = "root";
path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations.zippy; path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations.zippy;
}; };
ppetru = {
user = "ppetru";
path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.home-manager ppetru-home.homeConfigurations.ppetru;
};
}; };
}; };
chilly = { chilly = {
@@ -129,10 +128,6 @@
user = "root"; user = "root";
path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations.chilly; path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations.chilly;
}; };
ppetru = {
user = "ppetru";
path = (deployPkgsFor "x86_64-linux").deploy-rs.lib.activate.home-manager ppetru-home.homeConfigurations.ppetru;
};
}; };
}; };
}; };

20
home/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... }:
let
packages = import ./packages.nix { inherit pkgs; };
in {
home = {
inherit packages;
stateVersion = "24.05"; # TODO: unify this with the references in flake.nix:inputs
sessionVariables = {
MOSH_SERVER_NETWORK_TMOUT = 604800;
NOMAD_ADDR = "http://nomad.service.consul:4646";
};
shellAliases = {
reload-home-manager-config = "home-manager switch --flake ${builtins.toString ./.}";
};
};
programs = import ./programs.nix;
}

12
home/packages.nix Normal file
View File

@@ -0,0 +1,12 @@
{ pkgs }:
let
nixTools = with pkgs; [
git
home-manager
mosh
tmux
vim
zsh
];
in nixTools

64
home/programs.nix Normal file
View File

@@ -0,0 +1,64 @@
{
git = {
enable = true;
userEmail = "petru@paler.net";
userName = "Petru Paler";
};
home-manager = {
enable = true;
};
less.enable = true;
neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
};
tmux = {
enable = true;
prefix = "C-t";
terminal = "screen-256color";
historyLimit = 20000;
keyMode = "vi";
extraConfig = ''
set -g status-left ""
set -g status-right ""
'';
};
zsh = {
enable = true;
history = {
save = 1000000;
size = 1000000;
};
prezto = {
enable = true;
pmodules = [
"gnu-utility"
"environment"
"terminal"
"editor"
"history"
"directory"
"spectrum"
"utility"
"completion"
"syntax-highlighting"
"prompt"
];
gnuUtility.prefix = "g";
prompt.theme = "pure";
utility.safeOps = false;
syntaxHighlighting.highlighters = [
"main"
"brackets"
"pattern"
"root"
];
};
};
}

1
hosts/alo-cloud-1/hardware.nix
View File

@@ -36,6 +36,7 @@
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/FF9C-DC81"; { device = "/dev/disk/by-uuid/FF9C-DC81";
fsType = "vfat"; fsType = "vfat";
options = [ "umask=0077" ]; # to avoid the random seed being world readable
}; };
swapDevices = [ { swapDevices = [ {

8
hosts/c1/default.nix
View File

@@ -3,10 +3,16 @@
imports = [ imports = [
../../common/global ../../common/global
../../common/compute-node.nix ../../common/compute-node.nix
../../common/encrypted-btrfs-layout.nix
./hardware.nix ./hardware.nix
]; ];
diskLayout = {
mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW256HEHP-000H1_S340NX0K910298";
#keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777640496-0:0";
keyDiskDevice = "/dev/sdb";
};
networking.hostName = "c1"; networking.hostName = "c1";
boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
services.tailscaleAutoconnect.authkey = "tskey-auth-kmFvBT3CNTRL-wUbELKSd5yhuuTwTcgJZxhPUTxKgcYKF"; services.tailscaleAutoconnect.authkey = "tskey-auth-kmFvBT3CNTRL-wUbELKSd5yhuuTwTcgJZxhPUTxKgcYKF";
} }

36
hosts/c1/hardware.nix
View File

@@ -10,42 +10,6 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/7fa539a0-6c91-49ec-9df2-e81708a07662";
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
fsType = "btrfs";
options = [ "subvol=persist" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D8C2-9216";
fsType = "vfat";
};
swapDevices = [ {
device = "/dev/disk/by-id/nvme-eui.002538b981b03d98-part2";
randomEncryption.enable = true;
}];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
} }

0
nixos-setup/keys/c1.key → hosts/c1/key.bin
View File

8
hosts/c2/default.nix
View File

@@ -3,10 +3,16 @@
imports = [ imports = [
../../common/global ../../common/global
../../common/compute-node.nix ../../common/compute-node.nix
../../common/encrypted-btrfs-layout.nix
./hardware.nix ./hardware.nix
]; ];
diskLayout = {
mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB256HAHQ-000H1_S425NA1M132963";
#keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777650675-0:0";
keyDiskDevice = "/dev/sda";
};
networking.hostName = "c2"; networking.hostName = "c2";
boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
services.tailscaleAutoconnect.authkey = "tskey-auth-kbYnZK2CNTRL-SpUVCuzS6P3ApJiDaB6RM3M4b8M9TXgS"; services.tailscaleAutoconnect.authkey = "tskey-auth-kbYnZK2CNTRL-SpUVCuzS6P3ApJiDaB6RM3M4b8M9TXgS";
} }

36
hosts/c2/hardware.nix
View File

@@ -10,42 +10,6 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/03ee7c3b-19d5-491d-bc2e-3b0681e6506f";
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
fsType = "btrfs";
options = [ "subvol=persist" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B543-374F";
fsType = "vfat";
};
swapDevices = pkgs.lib.mkForce [ {
device = "/dev/disk/by-id/nvme-eui.002538819102bebe-part2";
randomEncryption.enable = true;
}];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
} }

0
nixos-setup/keys/c2.key → hosts/c2/key.bin
View File

8
hosts/zippy/default.nix
View File

@@ -4,10 +4,16 @@
../../common/global ../../common/global
../../common/compute-node.nix ../../common/compute-node.nix
../../common/dev-node.nix ../../common/dev-node.nix
../../common/encrypted-btrfs-layout.nix
./hardware.nix ./hardware.nix
]; ];
diskLayout = {
mainDiskDevice = "/dev/disk/by-id/ata-KINGSTON_SKC600MS1024G_50026B7785AE0A92";
#keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777660702-0:0";
keyDiskDevice = "/dev/sdb";
};
networking.hostName = "zippy"; networking.hostName = "zippy";
boot.initrd.luks.devices."luksroot".keyFile = "/dev/sdb";
services.tailscaleAutoconnect.authkey = "tskey-auth-ktKyQ59f2p11CNTRL-ut8E71dLWPXsVtb92hevNX9RTjmk4owBf"; services.tailscaleAutoconnect.authkey = "tskey-auth-ktKyQ59f2p11CNTRL-ut8E71dLWPXsVtb92hevNX9RTjmk4owBf";
} }

37
hosts/zippy/hardware.nix
View File

@@ -10,43 +10,6 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/3fb5eb41-34d3-4ef6-8f3e-5db5a788ceef";
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
fsType = "btrfs";
options = [ "subvol=persist" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F3C9-A38F";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ {
device = "/dev/disk/by-id/ata-KINGSTON_SKC600MS1024G_50026B7785AE0A92-part2";
randomEncryption.enable = true;
}];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
} }

0
nixos-setup/keys/zippy.key → hosts/zippy/key.bin
View File

BIN
nixos-setup/keys/c3.key
View File

Binary file not shown.