yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clanCore: init machine_id_v3

Browse Source
This commit is contained in:
Qubasa
2024-09-13 12:17:49 +02:00
parent 755010df8b
commit 787599ebb6
16 changed files with 346 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clanModules/disk-id/README.md Normal file
View File

@@ -0,0 +1,3 @@
---
description = "Generates a uuid for use in disk device naming"
---

26
clanModules/disk-id/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{
config,
pkgs,
...
}:
{
config = {
clan.core.vars.generators.disk-id = {
files.diskId.secret = false;
runtimeInputs = [
pkgs.coreutils
pkgs.bash
];
script = ''
uuid=$(bash ${../uuid4.sh})
# Remove the hyphens from the UUID
uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-')
echo -n "$uuid_no_hyphens" > "$out/diskId"
'';
};
};
}

1
clanModules/disk-id/roles/default.nix Normal file
View File

@@ -0,0 +1 @@
{ }

2
clanModules/flake-module.nix
View File

@@ -5,6 +5,8 @@
borgbackup = ./borgbackup; borgbackup = ./borgbackup;
borgbackup-static = ./borgbackup-static; borgbackup-static = ./borgbackup-static;
deltachat = ./deltachat; deltachat = ./deltachat;
machine-id = ./machine-id;
disk-id = ./disk-id;
dyndns = ./dyndns; dyndns = ./dyndns;
ergochat = ./ergochat; ergochat = ./ergochat;
garage = ./garage; garage = ./garage;

3
clanModules/machine-id/README.md Normal file
View File

@@ -0,0 +1,3 @@
---
description = "Sets the /etc/machine-id and exposes it as a nix option"
---

45
clanModules/machine-id/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
pkgs,
lib,
...
}:
let
var = config.clan.core.vars.generators.machine-id.files.machineId or { };
in
{
config = lib.mkMerge [
(lib.mkIf ((var.machineId.value or null) != null) {
assertions = [
{
assertion = lib.stringLength var.machineId.value == 32;
message = "machineId must be exactly 32 characters long.";
}
];
boot.kernelParams = [
''systemd.machine_id=${var.machineId.value}''
];
environment.etc."machine-id" = {
text = var.machineId.value;
};
})
{
clan.core.vars.generators.machine-id = {
files.machineId.secret = false;
runtimeInputs = [
pkgs.coreutils
pkgs.bash
];
script = ''
uuid=$(bash ${../uuid4.sh})
# Remove the hyphens from the UUID
uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-')
echo -n "$uuid_no_hyphens" > "$out/machineId"
'';
};
}
];
}

1
clanModules/machine-id/roles/default.nix Normal file
View File

@@ -0,0 +1 @@
{ }

20
clanModules/uuid4.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env bash
# Read 16 bytes from /dev/urandom
uuid=$(dd if=/dev/urandom bs=1 count=16 2>/dev/null | od -An -tx1 | tr -d ' \n')
# Break the UUID into pieces and apply the required modifications
byte6=${uuid:12:2}
byte8=${uuid:16:2}
# Construct the correct version and variant
hex_byte6=$(printf "%x" $((0x$byte6 & 0x0F | 0x40)))
hex_byte8=$(printf "%x" $((0x$byte8 & 0x3F | 0x80)))
# Rebuild the UUID with the correct fields
uuid_v4="${uuid:0:12}${hex_byte6}${uuid:14:2}${hex_byte8}${uuid:18:14}"
# Format the UUID correctly 8-4-4-4-12
uuid_formatted="${uuid_v4:0:8}-${uuid_v4:8:4}-${uuid_v4:12:4}-${uuid_v4:16:4}-${uuid_v4:20:12}"
echo -n "$uuid_formatted"

2
docs/mkdocs.yml
View File

@@ -60,6 +60,7 @@ nav:
- reference/clanModules/borgbackup.md - reference/clanModules/borgbackup.md
- reference/clanModules/deltachat.md - reference/clanModules/deltachat.md
- reference/clanModules/dyndns.md - reference/clanModules/dyndns.md
- reference/clanModules/disk-id.md
- reference/clanModules/ergochat.md - reference/clanModules/ergochat.md
- reference/clanModules/garage.md - reference/clanModules/garage.md
- reference/clanModules/golem-provider.md - reference/clanModules/golem-provider.md
@@ -69,6 +70,7 @@ nav:
- reference/clanModules/localbackup.md - reference/clanModules/localbackup.md
- reference/clanModules/localsend.md - reference/clanModules/localsend.md
- reference/clanModules/matrix-synapse.md - reference/clanModules/matrix-synapse.md
- reference/clanModules/machine-id.md
- reference/clanModules/moonlight.md - reference/clanModules/moonlight.md
- reference/clanModules/mumble.md - reference/clanModules/mumble.md
- reference/clanModules/nginx.md - reference/clanModules/nginx.md

41
docs/site/getting-started/disk-encryption.md
View File

@@ -14,21 +14,24 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
=== "**Single Disk**" === "**Single Disk**"
Below is the configuration for `disko.nix` Below is the configuration for `disko.nix`
```nix hl_lines="14 40" ```nix hl_lines="16 47"
{ lib, ... }: { lib, clan-core, ... }:
let let
suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
mirrorBoot = idx: { mirrorBoot = idx: {
# suffix is to prevent disk name collisions
name = idx + suffix;
type = "disk"; type = "disk";
device = "/dev/disk/by-id/${idx}"; device = "/dev/disk/by-id/${idx}";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
"${config.networking.hostName}-boot" = { "boot" = {
size = "1M"; size = "1M";
type = "EF02"; # for grub MBR type = "EF02"; # for grub MBR
priority = 1; priority = 1;
}; };
"${config.networking.hostName}-ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") { "ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
size = "1G"; size = "1G";
type = "EF00"; type = "EF00";
content = { content = {
@@ -38,7 +41,7 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
mountOptions = [ "nofail" ]; mountOptions = [ "nofail" ];
}; };
}; };
"${config.networking.hostName}-root" = { "root" = {
size = "100%"; size = "100%";
content = { content = {
type = "zfs"; type = "zfs";
@@ -50,6 +53,11 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
}; };
in in
{ {
imports = [
clan-core.clanModules.disk-id
];
config = {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
disko.devices = { disko.devices = {
@@ -98,28 +106,33 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
}; };
}; };
}; };
};
} }
``` ```
=== "**Raid 1**" === "**Raid 1**"
Below is the configuration for `disko.nix` Below is the configuration for `disko.nix`
```nix hl_lines="14 40 41" ```nix hl_lines="16 47 48"
{ lib, ... }: { lib, clan-core, ... }:
let let
suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
mirrorBoot = idx: { mirrorBoot = idx: {
# suffix is to prevent disk name collisions
name = idx + suffix;
type = "disk"; type = "disk";
device = "/dev/disk/by-id/${idx}"; device = "/dev/disk/by-id/${idx}";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
boot = { "boot" = {
size = "1M"; size = "1M";
type = "EF02"; # for grub MBR type = "EF02"; # for grub MBR
priority = 1; priority = 1;
}; };
ESP = lib.mkIf (idx == "nvme-eui.002538b931b59865") { "ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
size = "1G"; size = "1G";
type = "EF00"; type = "EF00";
content = { content = {
@@ -129,7 +142,7 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
mountOptions = [ "nofail" ]; mountOptions = [ "nofail" ];
}; };
}; };
zfs = { "root" = {
size = "100%"; size = "100%";
content = { content = {
type = "zfs"; type = "zfs";
@@ -141,12 +154,17 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
}; };
in in
{ {
imports = [
clan-core.clanModules.disk-id
];
config = {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
disko.devices = { disko.devices = {
disk = { disk = {
x = mirrorBoot "nvme-eui.002538b931b59865"; x = mirrorBoot "nvme-eui.002538b931b59865";
y = mirrorBoot "myOtherDrive" y = mirrorBoot "my-other-disk";
}; };
zpool = { zpool = {
zroot = { zroot = {
@@ -190,6 +208,7 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
}; };
}; };
}; };
};
} }
``` ```

3
lib/eval-clan-modules/default.nix
View File

@@ -25,6 +25,9 @@ let
evaled = lib.evalModules { evaled = lib.evalModules {
modules = [ modules = [
baseModule baseModule
{
clan.core.clanDir = ./.;
}
clan-core.nixosModules.clanCore clan-core.nixosModules.clanCore
] ++ (map (name: clanModules.${name}) modulenames); ] ++ (map (name: clanModules.${name}) modulenames);
}; };

4
pkgs/clan-cli/clan_cli/inventory/update.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/env bash
jsonSchema=$(nix build .#inventory-schema --print-out-paths)/schema.json
nix run .#classgen "$jsonSchema" "$PKG_ROOT/clan_cli/inventory/classes.py"

22
pkgs/installer/flake-module.nix
View File

@@ -1,40 +1,39 @@
{ self, lib, ... }: {
self,
lib,
...
}:
let let
flashInstallerModule = flashInstallerModule =
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
./iwd.nix ./iwd.nix
self.nixosModules.installer self.nixosModules.installer
# Allow to download pre-build binaries from our nix caches
self.clanModules.trusted-nix-caches self.clanModules.trusted-nix-caches
]; ];
system.stateVersion = config.system.nixos.version; system.stateVersion = config.system.nixos.version;
nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
}
// flashDiskoConfig;
# Important: The partition names need to be different to the clan install
flashDiskoConfig = {
boot.loader.grub.efiSupport = lib.mkDefault true; boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = { disko.devices = {
disk = { disk = {
main = { "main" = {
type = "disk"; type = "disk";
device = lib.mkDefault "/dev/null"; device = lib.mkDefault "/dev/null";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
installer-boot = { "boot" = {
size = "1M"; size = "1M";
type = "EF02"; # for grub MBR type = "EF02"; # for grub MBR
priority = 1; priority = 1;
}; };
installer-ESP = { "ESP" = {
size = "512M"; size = "512M";
type = "EF00"; type = "EF00";
content = { content = {
@@ -43,7 +42,7 @@ let
mountpoint = "/boot"; mountpoint = "/boot";
}; };
}; };
installer-root = { "root" = {
size = "100%"; size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
@@ -57,6 +56,7 @@ let
}; };
}; };
}; };
in in
{ {
clan = { clan = {

14
templates/flake-parts/modules/disko.nix
View File

@@ -1,10 +1,20 @@
{ lib, ... }: { lib, clan-core, ... }:
let
suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
in
{ {
imports = [
clan-core.clanModules.disk-id
];
boot.loader.grub.efiSupport = lib.mkDefault true; boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = { disko.devices = {
disk = { disk = {
main = { "main" = {
# suffix is to prevent disk name collisions
name = "main-" + suffix;
type = "disk"; type = "disk";
# Set the following in flake.nix for each maschine: # Set the following in flake.nix for each maschine:
# device = <uuid>; # device = <uuid>;

14
templates/new-clan/modules/disko.nix
View File

@@ -1,12 +1,22 @@
{ lib, ... }: { lib, clan-core, ... }:
let
suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
in
{ {
imports = [
clan-core.clanModules.disk-id
];
# TO NOT EDIT THIS FILE AFTER INSTALLATION of a machine # TO NOT EDIT THIS FILE AFTER INSTALLATION of a machine
# Otherwise your system might not boot because of missing partitions / filesystems # Otherwise your system might not boot because of missing partitions / filesystems
boot.loader.grub.efiSupport = lib.mkDefault true; boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = { disko.devices = {
disk = { disk = {
main = { "main" = {
# suffix is to prevent disk name collisions
name = "main-" + suffix;
type = "disk"; type = "disk";
# Set the following in flake.nix for each maschine: # Set the following in flake.nix for each maschine:
# device = <uuid>; # device = <uuid>;