diff --git a/templates/clan/new-clan/flake.nix b/templates/clan/new-clan/flake.nix index 6cdbfbe86..846a81081 100644 --- a/templates/clan/new-clan/flake.nix +++ b/templates/clan/new-clan/flake.nix @@ -8,59 +8,25 @@ # Usage see: https://docs.clan.lol clan = clan-core.clanLib.buildClan { inherit self; - # Ensure this is unique among all clans you want to use. meta.name = "__CHANGE_ME__"; - # Information about your machines. Machines under ./machines will be auto-imported. - inventory.machines = { - somemachine.tags = [ "desktop" ]; - somemachine.deploy.targetHost = "root@somemachine"; - }; + # All machines in ./machines will be imported. - # Clan services to use. See https://docs.clan.lol/reference/clanServices - inventory.instances = { - - admin = { - module = { - name = "admin"; - input = "clan"; - }; - roles.default.tags.all = { }; - }; - - zerotier = { - module = { - name = "zerotier"; - input = "clan"; - }; - roles.peer.tags.all = { }; - }; - }; - - # A mapping of machine names to their nixos configuration. Allows specifying - # additional configuration. + # Prerequisite: boot into the installer. + # See: https://docs.clan.lol/guides/getting-started/installer + # local> mkdir -p ./machines/machine1 + # local> Edit ./machines//configuration.nix to your liking. machines = { - somemachine = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ asciinema ]; - }; + # You can also specify additional machines here. + # somemachine = { + # imports = [ ./some-machine/configuration.nix ]; + # } }; }; in { - - # Expose clan structures as flake outputs. clanInternals is needed for - # the clan-cli. Exposing nixosConfigurations allows using `nixos-rebuild` as before. - inherit (clan) - nixosConfigurations - nixosModules - clanInternals - darwinConfigurations - darwinModules - ; - + inherit (clan) nixosConfigurations nixosModules clanInternals; # Add the Clan cli tool to the dev shell. # Use "nix develop" to enter the dev shell. devShells = diff --git a/templates/clan/new-clan/machines/.gitkeep b/templates/clan/new-clan/machines/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/templates/clan/new-clan/machines/jon/configuration.nix b/templates/clan/new-clan/machines/jon/configuration.nix new file mode 100644 index 000000000..a675ce882 --- /dev/null +++ b/templates/clan/new-clan/machines/jon/configuration.nix @@ -0,0 +1,35 @@ +{ + imports = [ + # contains your disk format and partitioning configuration. + ../../modules/disko.nix + # this file is shared among all machines + ../../modules/shared.nix + # enables GNOME desktop (optional) + ../../modules/gnome.nix + ]; + + # This is your user login name. + users.users.user.name = ""; + + # Set this for clan commands use ssh i.e. `clan machines update` + # If you change the hostname, you need to update this line to root@ + # This only works however if you have avahi running on your admin machine else use IP + clan.core.networking.targetHost = "root@"; + + # You can get your disk id by running the following command on the installer: + # Replace with the IP of the installer printed on the screen or by running the `ip addr` command. + # ssh root@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT + disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__"; + + # IMPORTANT! Add your SSH key here + # e.g. > cat ~/.ssh/id_ed25519.pub + users.users.root.openssh.authorizedKeys.keys = [ + '' + __YOUR_SSH_KEY__ + '' + ]; + + # Zerotier needs one controller to accept new nodes. Once accepted + # the controller can be offline and routing still works. + clan.core.networking.zerotier.controller.enable = true; +} diff --git a/templates/clan/new-clan/machines/sara/configuration.nix b/templates/clan/new-clan/machines/sara/configuration.nix new file mode 100644 index 000000000..66da728a1 --- /dev/null +++ b/templates/clan/new-clan/machines/sara/configuration.nix @@ -0,0 +1,34 @@ +{ + imports = [ + ../../modules/disko.nix + ../../modules/shared.nix + # enables GNOME desktop (optional) + ../../modules/gnome.nix + ]; + # Put your username here for login + users.users.user.name = ""; + + # Set this for clan commands use ssh i.e. `clan machines update` + # If you change the hostname, you need to update this line to root@ + # This only works however if you have avahi running on your admin machine else use IP + clan.core.networking.targetHost = "root@"; + + # You can get your disk id by running the following command on the installer: + # Replace with the IP of the installer printed on the screen or by running the `ip addr` command. + # ssh root@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT + disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__"; + + # IMPORTANT! Add your SSH key here + # e.g. > cat ~/.ssh/id_ed25519.pub + users.users.root.openssh.authorizedKeys.keys = [ + '' + __YOUR_SSH_KEY__ + '' + ]; + /* + After jon is deployed, uncomment the following line + This will allow sara to share the VPN overlay network with jon + The networkId is generated by the first deployment of jon + */ + # clan.core.networking.zerotier.networkId = builtins.readFile ../../vars/per-machine/jon/zerotier/zerotier-network-id/value; +} diff --git a/templates/clan/new-clan/modules/disko.nix b/templates/clan/new-clan/modules/disko.nix new file mode 100644 index 000000000..d42864893 --- /dev/null +++ b/templates/clan/new-clan/modules/disko.nix @@ -0,0 +1,61 @@ +{ + lib, + clan-core, + config, + ... +}: + +let + suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; +in +{ + imports = [ + clan-core.clanModules.disk-id + ]; + + # DO NOT EDIT THIS FILE AFTER INSTALLATION of a machine + # Otherwise your system might not boot because of missing partitions / filesystems + boot.loader.grub.efiSupport = lib.mkDefault true; + boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; + disko.devices = { + disk = { + "main" = { + # suffix is to prevent disk name collisions + name = "main-" + suffix; + type = "disk"; + # Set the following in flake.nix for each maschine: + # device = ; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + "ESP" = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "nofail" ]; + }; + }; + "root" = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + # format = "btrfs"; + # format = "bcachefs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/templates/clan/new-clan/modules/gnome.nix b/templates/clan/new-clan/modules/gnome.nix new file mode 100644 index 000000000..bcbc5a148 --- /dev/null +++ b/templates/clan/new-clan/modules/gnome.nix @@ -0,0 +1,5 @@ +{ + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; +} diff --git a/templates/clan/new-clan/modules/shared.nix b/templates/clan/new-clan/modules/shared.nix new file mode 100644 index 000000000..23f8a3fb3 --- /dev/null +++ b/templates/clan/new-clan/modules/shared.nix @@ -0,0 +1,38 @@ +{ + config, + clan-core, + # Optional, if you want to access other flakes: + # self, + ... +}: +{ + imports = [ + # Enables the OpenSSH server for remote access + clan-core.clanModules.sshd + # Set a root password + clan-core.clanModules.root-password + clan-core.clanModules.user-password + clan-core.clanModules.state-version + + # You can access other flakes imported in your flake via `self` like this: + # self.inputs.nix-index-database.nixosModules.nix-index + ]; + + # Locale service discovery and mDNS + services.avahi.enable = true; + + # generate a random password for our user below + # can be read using `clan secrets get -user-password` command + clan.user-password.user = "user"; + users.users.user = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + uid = 1000; + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + }; +}