From beded7c21f45e645e351e1a6006eb50d6e8f47a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 15 Jul 2024 16:50:36 +0200 Subject: [PATCH] add flake-parts template --- templates/flake-parts/flake.nix | 111 ++++++++++++++++++ .../machines/jon/configuration.nix | 38 ++++++ .../machines/jon/hardware-configuration.nix | 14 +++ .../machines/sara/configuration.nix | 39 ++++++ .../machines/sara/hardware-configuration.nix | 10 ++ templates/flake-parts/modules/disko.nix | 41 +++++++ templates/flake-parts/modules/shared.nix | 7 ++ 7 files changed, 260 insertions(+) create mode 100644 templates/flake-parts/flake.nix create mode 100644 templates/flake-parts/machines/jon/configuration.nix create mode 100644 templates/flake-parts/machines/jon/hardware-configuration.nix create mode 100644 templates/flake-parts/machines/sara/configuration.nix create mode 100644 templates/flake-parts/machines/sara/hardware-configuration.nix create mode 100644 templates/flake-parts/modules/disko.nix create mode 100644 templates/flake-parts/modules/shared.nix diff --git a/templates/flake-parts/flake.nix b/templates/flake-parts/flake.nix new file mode 100644 index 000000000..47b3e1f9f --- /dev/null +++ b/templates/flake-parts/flake.nix @@ -0,0 +1,111 @@ +{ + description = ""; + + inputs.clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs.nixpkgs.url = "clan/nixpkgs"; + inputs.flake-parts.url = "github:hercules-ci/flake-parts"; + inputs.flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; + + outputs = + inputs@{ + self, + clan-core, + flake-parts, + ... + }: + flake-parts.lib.mkFlake { inherit inputs; } ({ + systems = [ + "x86_64-linux" + "aarch64-linux" + + "x86_64-darwin" + "aarch64-darwin" + ]; + imports = [ inputs.clan-core.flakeModules.default ]; + # https://docs.clan.lol/getting-started/flake-parts/ + clan = { + meta.name = "__CHANGE_ME__"; # Ensure this is unique among all clans you want to use. + + # Make flake available in modules + specialArgs.self = { + inherit (self) inputs nixosModules packages; + }; + directory = self; + machines = + { pkgs, ... }: + { + # "jon" will be the hostname of the machine + jon = { + imports = [ + ./modules/shared.nix + ./modules/disko.nix + ./machines/jon/configuration.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + # Set this for clan commands use ssh i.e. `clan machines update` + # If you change the hostname, you need to update this line to root@ + # This only works however if you have avahi running on your admin machine else use IP + clan.core.networking.targetHost = pkgs.lib.mkDefault "root@jon"; + + # ssh root@flash-installer.local lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT + disko.devices.disk.main = { + device = "/dev/disk/by-id/__CHANGE_ME__"; + }; + + # IMPORTANT! Add your SSH key here + # e.g. > cat ~/.ssh/id_ed25519.pub + users.users.root.openssh.authorizedKeys.keys = throw '' + Don't forget to add your SSH key here! + users.users.root.openssh.authorizedKeys.keys = [ "" ] + ''; + + # Zerotier needs one controller to accept new nodes. Once accepted + # the controller can be offline and routing still works. + clan.core.networking.zerotier.controller.enable = true; + }; + # "sara" will be the hostname of the machine + sara = { + imports = [ + ./modules/shared.nix + ./modules/disko.nix + ./machines/sara/configuration.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + # Set this for clan commands use ssh i.e. `clan machines update` + # If you change the hostname, you need to update this line to root@ + # This only works however if you have avahi running on your admin machine else use IP + clan.core.networking.targetHost = pkgs.lib.mkDefault "root@sara"; + + # ssh root@flash-installer.local lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT + disko.devices.disk.main = { + device = "/dev/disk/by-id/__CHANGE_ME__"; + }; + + # IMPORTANT! Add your SSH key here + # e.g. > cat ~/.ssh/id_ed25519.pub + users.users.root.openssh.authorizedKeys.keys = throw '' + Don't forget to add your SSH key here! + users.users.root.openssh.authorizedKeys.keys = [ "" ] + ''; + + /* + After jon is deployed, uncomment the following line + This will allow sara to share the VPN overlay network with jon + The networkId is generated by the first deployment of jon + */ + # clan.core.networking.zerotier.networkId = builtins.readFile ../jon/facts/zerotier-network-id; + }; + + }; + }; + perSystem = + { pkgs, inputs', ... }: + { + devShells.default = pkgs.mkShell { packages = [ inputs'.clan-core.packages.clan-cli ]; }; + }; + }); +} diff --git a/templates/flake-parts/machines/jon/configuration.nix b/templates/flake-parts/machines/jon/configuration.nix new file mode 100644 index 000000000..9fa9a41cd --- /dev/null +++ b/templates/flake-parts/machines/jon/configuration.nix @@ -0,0 +1,38 @@ +{ config, ... }: +let + username = config.networking.hostName; +in +{ + imports = [ ./hardware-configuration.nix ]; + + # Locale service discovery and mDNS + services.avahi.enable = true; + + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; + # Disable the default gnome apps to speed up deployment + services.gnome.core-utilities.enable = false; + + # Enable automatic login for the user. + services.displayManager.autoLogin = { + enable = true; + user = username; + }; + + users.users.${username} = { + initialPassword = username; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "audio" + "input" + "dialout" + "disk" + ]; + uid = 1000; + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + }; +} diff --git a/templates/flake-parts/machines/jon/hardware-configuration.nix b/templates/flake-parts/machines/jon/hardware-configuration.nix new file mode 100644 index 000000000..bade5e920 --- /dev/null +++ b/templates/flake-parts/machines/jon/hardware-configuration.nix @@ -0,0 +1,14 @@ +# Replace this file with an actual hardware-configuration.nix! +throw '' + Did you forget to generate your hardware config? + + Run the following command: + + 'clan machines hw-generate ' + + OR: + + 'ssh root@ nixos-generate-config --no-filesystems --show-hardware-config > hardware-configuration.nix' + + And manually eplace this file with the generated "hardware-configuration.nix". +'' diff --git a/templates/flake-parts/machines/sara/configuration.nix b/templates/flake-parts/machines/sara/configuration.nix new file mode 100644 index 000000000..df02f6cad --- /dev/null +++ b/templates/flake-parts/machines/sara/configuration.nix @@ -0,0 +1,39 @@ +{ config, ... }: + +let + username = config.networking.hostName; +in +{ + imports = [ ./hardware-configuration.nix ]; + + # Locale service discovery and mDNS + services.avahi.enable = true; + + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; + # Disable the default gnome apps to speed up deployment + services.gnome.core-utilities.enable = false; + + # Enable automatic login for the user. + services.displayManager.autoLogin = { + enable = true; + user = username; + }; + + users.users.${username} = { + initialPassword = username; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "audio" + "input" + "dialout" + "disk" + ]; + uid = 1000; + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + }; +} diff --git a/templates/flake-parts/machines/sara/hardware-configuration.nix b/templates/flake-parts/machines/sara/hardware-configuration.nix new file mode 100644 index 000000000..e4db1a9f2 --- /dev/null +++ b/templates/flake-parts/machines/sara/hardware-configuration.nix @@ -0,0 +1,10 @@ +# Replace this file with an actual hardware-configuration.nix! +throw '' + Did you forget to generate your hardware config? + + Run the following command: + + 'ssh root@ nixos-generate-config --no-filesystems --show-hardware-config > hardware-configuration.nix' + + Then replace this file with the generated "hardware-configuration.nix". +'' diff --git a/templates/flake-parts/modules/disko.nix b/templates/flake-parts/modules/disko.nix new file mode 100644 index 000000000..7a7509584 --- /dev/null +++ b/templates/flake-parts/modules/disko.nix @@ -0,0 +1,41 @@ +{ lib, ... }: +{ + boot.loader.grub.efiSupport = lib.mkDefault true; + boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; + disko.devices = { + disk = { + main = { + type = "disk"; + # Set the following in flake.nix for each maschine: + # device = ; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/templates/flake-parts/modules/shared.nix b/templates/flake-parts/modules/shared.nix new file mode 100644 index 000000000..bcd3118ec --- /dev/null +++ b/templates/flake-parts/modules/shared.nix @@ -0,0 +1,7 @@ +{ clan-core, ... }: +{ + imports = [ + clan-core.clanModules.sshd + clan-core.clanModules.root-password + ]; +}