yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clanCore: init machine_id_v3

Browse Source
This commit is contained in:
Qubasa
2024-09-13 12:17:49 +02:00
parent 755010df8b
commit 787599ebb6
16 changed files with 346 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clanModules/disk-id/README.md Normal file
View File

@@ -0,0 +1,3 @@
---
description = "Generates a uuid for use in disk device naming"
---

26
clanModules/disk-id/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{
config,
pkgs,
...
}:
{
config = {
clan.core.vars.generators.disk-id = {
files.diskId.secret = false;
runtimeInputs = [
pkgs.coreutils
pkgs.bash
];
script = ''
uuid=$(bash ${../uuid4.sh})
# Remove the hyphens from the UUID
uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-')
echo -n "$uuid_no_hyphens" > "$out/diskId"
'';
};
};
}

1
clanModules/disk-id/roles/default.nix Normal file
View File

@@ -0,0 +1 @@
{ }

2
clanModules/flake-module.nix
View File

@@ -5,6 +5,8 @@
borgbackup = ./borgbackup; borgbackup = ./borgbackup;
borgbackup-static = ./borgbackup-static; borgbackup-static = ./borgbackup-static;
deltachat = ./deltachat; deltachat = ./deltachat;
machine-id = ./machine-id;
disk-id = ./disk-id;
dyndns = ./dyndns; dyndns = ./dyndns;
ergochat = ./ergochat; ergochat = ./ergochat;
garage = ./garage; garage = ./garage;

3
clanModules/machine-id/README.md Normal file
View File

@@ -0,0 +1,3 @@
---
description = "Sets the /etc/machine-id and exposes it as a nix option"
---

45
clanModules/machine-id/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
pkgs,
lib,
...
}:
let
var = config.clan.core.vars.generators.machine-id.files.machineId or { };
in
{
config = lib.mkMerge [
(lib.mkIf ((var.machineId.value or null) != null) {
assertions = [
{
assertion = lib.stringLength var.machineId.value == 32;
message = "machineId must be exactly 32 characters long.";
}
];
boot.kernelParams = [
''systemd.machine_id=${var.machineId.value}''
];
environment.etc."machine-id" = {
text = var.machineId.value;
};
})
{
clan.core.vars.generators.machine-id = {
files.machineId.secret = false;
runtimeInputs = [
pkgs.coreutils
pkgs.bash
];
script = ''
uuid=$(bash ${../uuid4.sh})
# Remove the hyphens from the UUID
uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-')
echo -n "$uuid_no_hyphens" > "$out/machineId"
'';
};
}
];
}

1
clanModules/machine-id/roles/default.nix Normal file
View File

@@ -0,0 +1 @@
{ }

20
clanModules/uuid4.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env bash
# Read 16 bytes from /dev/urandom
uuid=$(dd if=/dev/urandom bs=1 count=16 2>/dev/null | od -An -tx1 | tr -d ' \n')
# Break the UUID into pieces and apply the required modifications
byte6=${uuid:12:2}
byte8=${uuid:16:2}
# Construct the correct version and variant
hex_byte6=$(printf "%x" $((0x$byte6 & 0x0F | 0x40)))
hex_byte8=$(printf "%x" $((0x$byte8 & 0x3F | 0x80)))
# Rebuild the UUID with the correct fields
uuid_v4="${uuid:0:12}${hex_byte6}${uuid:14:2}${hex_byte8}${uuid:18:14}"
# Format the UUID correctly 8-4-4-4-12
uuid_formatted="${uuid_v4:0:8}-${uuid_v4:8:4}-${uuid_v4:12:4}-${uuid_v4:16:4}-${uuid_v4:20:12}"
echo -n "$uuid_formatted"

2
docs/mkdocs.yml
View File

@@ -60,6 +60,7 @@ nav:
- reference/clanModules/borgbackup.md - reference/clanModules/borgbackup.md
- reference/clanModules/deltachat.md - reference/clanModules/deltachat.md
- reference/clanModules/dyndns.md - reference/clanModules/dyndns.md
- reference/clanModules/disk-id.md
- reference/clanModules/ergochat.md - reference/clanModules/ergochat.md
- reference/clanModules/garage.md - reference/clanModules/garage.md
- reference/clanModules/golem-provider.md - reference/clanModules/golem-provider.md
@@ -69,6 +70,7 @@ nav:
- reference/clanModules/localbackup.md - reference/clanModules/localbackup.md
- reference/clanModules/localsend.md - reference/clanModules/localsend.md
- reference/clanModules/matrix-synapse.md - reference/clanModules/matrix-synapse.md
- reference/clanModules/machine-id.md
- reference/clanModules/moonlight.md - reference/clanModules/moonlight.md
- reference/clanModules/mumble.md - reference/clanModules/mumble.md
- reference/clanModules/nginx.md - reference/clanModules/nginx.md

297
docs/site/getting-started/disk-encryption.md
View File

@@ -14,183 +14,202 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
=== "**Single Disk**" === "**Single Disk**"
Below is the configuration for `disko.nix` Below is the configuration for `disko.nix`
```nix hl_lines="14 40" ```nix hl_lines="16 47"
{ lib, ... }: { lib, clan-core, ... }:
let let
mirrorBoot = idx: { suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
type = "disk"; mirrorBoot = idx: {
device = "/dev/disk/by-id/${idx}"; # suffix is to prevent disk name collisions
content = { name = idx + suffix;
type = "disk";
device = "/dev/disk/by-id/${idx}";
content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
"${config.networking.hostName}-boot" = { "boot" = {
size = "1M"; size = "1M";
type = "EF02"; # for grub MBR type = "EF02"; # for grub MBR
priority = 1; priority = 1;
};
"ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
}; };
"${config.networking.hostName}-ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") { };
size = "1G"; "root" = {
type = "EF00"; size = "100%";
content = { content = {
type = "filesystem"; type = "zfs";
format = "vfat"; pool = "zroot";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
"${config.networking.hostName}-root" = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
}; };
};
}; };
};
}; };
}; in
in {
{ imports = [
boot.loader.systemd-boot.enable = true; clan-core.clanModules.disk-id
];
disko.devices = { config = {
disk = { boot.loader.systemd-boot.enable = true;
x = mirrorBoot "nvme-eui.002538b931b59865";
}; disko.devices = {
zpool = { disk = {
zroot = { x = mirrorBoot "nvme-eui.002538b931b59865";
};
zpool = {
zroot = {
type = "zpool"; type = "zpool";
rootFsOptions = { rootFsOptions = {
compression = "lz4"; compression = "lz4";
acltype = "posixacl"; acltype = "posixacl";
xattr = "sa"; xattr = "sa";
"com.sun:auto-snapshot" = "true"; "com.sun:auto-snapshot" = "true";
mountpoint = "none"; mountpoint = "none";
}; };
datasets = { datasets = {
"root" = { "root" = {
type = "zfs_fs"; type = "zfs_fs";
options = { options = {
mountpoint = "none"; mountpoint = "none";
encryption = "aes-256-gcm"; encryption = "aes-256-gcm";
keyformat = "passphrase"; keyformat = "passphrase";
keylocation = "file:///tmp/secret.key"; keylocation = "file:///tmp/secret.key";
};
}; };
"root/nixos" = { };
type = "zfs_fs"; "root/nixos" = {
options.mountpoint = "/"; type = "zfs_fs";
mountpoint = "/"; options.mountpoint = "/";
}; mountpoint = "/";
"root/home" = { };
type = "zfs_fs"; "root/home" = {
options.mountpoint = "/home"; type = "zfs_fs";
mountpoint = "/home"; options.mountpoint = "/home";
}; mountpoint = "/home";
"root/tmp" = { };
type = "zfs_fs"; "root/tmp" = {
mountpoint = "/tmp"; type = "zfs_fs";
options = { mountpoint = "/tmp";
mountpoint = "/tmp"; options = {
sync = "disabled"; mountpoint = "/tmp";
}; sync = "disabled";
}; };
};
}; };
};
}; };
};
}; };
}; }
}
``` ```
=== "**Raid 1**" === "**Raid 1**"
Below is the configuration for `disko.nix` Below is the configuration for `disko.nix`
```nix hl_lines="14 40 41" ```nix hl_lines="16 47 48"
{ lib, ... }: { lib, clan-core, ... }:
let let
mirrorBoot = idx: { suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
type = "disk"; mirrorBoot = idx: {
device = "/dev/disk/by-id/${idx}"; # suffix is to prevent disk name collisions
content = { name = idx + suffix;
type = "disk";
device = "/dev/disk/by-id/${idx}";
content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
boot = { "boot" = {
size = "1M"; size = "1M";
type = "EF02"; # for grub MBR type = "EF02"; # for grub MBR
priority = 1; priority = 1;
};
"ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
}; };
ESP = lib.mkIf (idx == "nvme-eui.002538b931b59865") { };
size = "1G"; "root" = {
type = "EF00"; size = "100%";
content = { content = {
type = "filesystem"; type = "zfs";
format = "vfat"; pool = "zroot";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
}; };
};
}; };
};
}; };
}; in
in {
{ imports = [
boot.loader.systemd-boot.enable = true; clan-core.clanModules.disk-id
];
disko.devices = { config = {
disk = { boot.loader.systemd-boot.enable = true;
x = mirrorBoot "nvme-eui.002538b931b59865";
y = mirrorBoot "myOtherDrive" disko.devices = {
}; disk = {
zpool = { x = mirrorBoot "nvme-eui.002538b931b59865";
zroot = { y = mirrorBoot "my-other-disk";
};
zpool = {
zroot = {
type = "zpool"; type = "zpool";
rootFsOptions = { rootFsOptions = {
compression = "lz4"; compression = "lz4";
acltype = "posixacl"; acltype = "posixacl";
xattr = "sa"; xattr = "sa";
"com.sun:auto-snapshot" = "true"; "com.sun:auto-snapshot" = "true";
mountpoint = "none"; mountpoint = "none";
}; };
datasets = { datasets = {
"root" = { "root" = {
type = "zfs_fs"; type = "zfs_fs";
options = { options = {
mountpoint = "none"; mountpoint = "none";
encryption = "aes-256-gcm"; encryption = "aes-256-gcm";
keyformat = "passphrase"; keyformat = "passphrase";
keylocation = "file:///tmp/secret.key"; keylocation = "file:///tmp/secret.key";
};
}; };
"root/nixos" = { };
type = "zfs_fs"; "root/nixos" = {
options.mountpoint = "/"; type = "zfs_fs";
mountpoint = "/"; options.mountpoint = "/";
}; mountpoint = "/";
"root/home" = { };
type = "zfs_fs"; "root/home" = {
options.mountpoint = "/home"; type = "zfs_fs";
mountpoint = "/home"; options.mountpoint = "/home";
}; mountpoint = "/home";
"root/tmp" = { };
type = "zfs_fs"; "root/tmp" = {
mountpoint = "/tmp"; type = "zfs_fs";
options = { mountpoint = "/tmp";
mountpoint = "/tmp"; options = {
sync = "disabled"; mountpoint = "/tmp";
}; sync = "disabled";
}; };
};
}; };
};
}; };
};
}; };
}; }
}
``` ```
Below is the configuration for `initrd.nix`. Below is the configuration for `initrd.nix`.

3
lib/eval-clan-modules/default.nix
View File

@@ -25,6 +25,9 @@ let
evaled = lib.evalModules { evaled = lib.evalModules {
modules = [ modules = [
baseModule baseModule
{
clan.core.clanDir = ./.;
}
clan-core.nixosModules.clanCore clan-core.nixosModules.clanCore
] ++ (map (name: clanModules.${name}) modulenames); ] ++ (map (name: clanModules.${name}) modulenames);
}; };

34
lib/inventory/build-inventory/interface.nix
View File

@@ -23,27 +23,27 @@ let
description = '' description = ''
List of imported '.nix' files. List of imported '.nix' files.
Each filename must be a string and is interpreted relative to the 'directory' passed to buildClan. Each filename must be a string and is interpreted relative to the 'directory' passed to buildClan.
The import only happens if the machine is part of the service or role. The import only happens if the machine is part of the service or role.
## Example ## Example
To import the `special.nix` file To import the `special.nix` file
``` ```
. Clan Directory . Clan Directory
flake.nix flake.nix
... ...
modules modules
special.nix special.nix
... ...
``` ```
```nix ```nix
{ {
imports = [ "modules/special.nix" ]; imports = [ "modules/special.nix" ];
} }
``` ```
''; '';
default = [ ]; default = [ ];

4
pkgs/clan-cli/clan_cli/inventory/update.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/env bash
jsonSchema=$(nix build .#inventory-schema --print-out-paths)/schema.json
nix run .#classgen "$jsonSchema" "$PKG_ROOT/clan_cli/inventory/classes.py"

74
pkgs/installer/flake-module.nix
View File

@@ -1,54 +1,54 @@
{ self, lib, ... }: {
self,
lib,
...
}:
let let
flashInstallerModule = flashInstallerModule =
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
./iwd.nix ./iwd.nix
self.nixosModules.installer self.nixosModules.installer
# Allow to download pre-build binaries from our nix caches
self.clanModules.trusted-nix-caches self.clanModules.trusted-nix-caches
]; ];
system.stateVersion = config.system.nixos.version; system.stateVersion = config.system.nixos.version;
nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
}
// flashDiskoConfig;
# Important: The partition names need to be different to the clan install boot.loader.grub.efiSupport = lib.mkDefault true;
flashDiskoConfig = { boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
boot.loader.grub.efiSupport = lib.mkDefault true; disko.devices = {
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; disk = {
disko.devices = { "main" = {
disk = { type = "disk";
main = { device = lib.mkDefault "/dev/null";
type = "disk"; content = {
device = lib.mkDefault "/dev/null"; type = "gpt";
content = { partitions = {
type = "gpt"; "boot" = {
partitions = { size = "1M";
installer-boot = { type = "EF02"; # for grub MBR
size = "1M"; priority = 1;
type = "EF02"; # for grub MBR
priority = 1;
};
installer-ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
}; };
}; "ESP" = {
installer-root = { size = "512M";
size = "100%"; type = "EF00";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "vfat";
mountpoint = "/"; mountpoint = "/boot";
};
};
"root" = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
}; };
}; };
}; };
@@ -56,7 +56,7 @@ let
}; };
}; };
}; };
};
in in
{ {
clan = { clan = {

14
templates/flake-parts/modules/disko.nix
View File

@@ -1,10 +1,20 @@
{ lib, ... }: { lib, clan-core, ... }:
let
suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
in
{ {
imports = [
clan-core.clanModules.disk-id
];
boot.loader.grub.efiSupport = lib.mkDefault true; boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = { disko.devices = {
disk = { disk = {
main = { "main" = {
# suffix is to prevent disk name collisions
name = "main-" + suffix;
type = "disk"; type = "disk";
# Set the following in flake.nix for each maschine: # Set the following in flake.nix for each maschine:
# device = <uuid>; # device = <uuid>;

14
templates/new-clan/modules/disko.nix
View File

@@ -1,12 +1,22 @@
{ lib, ... }: { lib, clan-core, ... }:
let
suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
in
{ {
imports = [
clan-core.clanModules.disk-id
];
# TO NOT EDIT THIS FILE AFTER INSTALLATION of a machine # TO NOT EDIT THIS FILE AFTER INSTALLATION of a machine
# Otherwise your system might not boot because of missing partitions / filesystems # Otherwise your system might not boot because of missing partitions / filesystems
boot.loader.grub.efiSupport = lib.mkDefault true; boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = { disko.devices = {
disk = { disk = {
main = { "main" = {
# suffix is to prevent disk name collisions
name = "main-" + suffix;
type = "disk"; type = "disk";
# Set the following in flake.nix for each maschine: # Set the following in flake.nix for each maschine:
# device = <uuid>; # device = <uuid>;