From 91eda4f7cd28f94334e0cb26a6beb4a84556223e Mon Sep 17 00:00:00 2001 From: mrsu Date: Tue, 25 Jun 2024 18:19:47 +0100 Subject: [PATCH] created overseer host, upgraded stateVersion to 24.04 --- flake.lock | 63 ++++++++++++----------- flake.nix | 12 ++++- home/common/core/default.nix | 2 +- home/overseer.nix | 14 +++++ home/users/admin/default.nix | 1 - home/users/media/default.nix | 1 - home/users/sam/default.nix | 1 - hosts/common/core/default.nix | 2 +- hosts/overseer/default.nix | 56 ++++++++++++++++++++ hosts/overseer/hardware-configuration.nix | 24 +++++++++ scripts/bootstrap.sh | 2 +- 11 files changed, 140 insertions(+), 38 deletions(-) create mode 100644 home/overseer.nix create mode 100644 hosts/overseer/default.nix create mode 100644 hosts/overseer/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index d330d3e..266bfb0 100644 --- a/flake.lock +++ b/flake.lock @@ -45,15 +45,16 @@ ] }, "locked": { - "lastModified": 1718846788, - "narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=", + "lastModified": 1715070411, + "narHash": "sha256-5CNvkH0Nf7yMwgKhjUNg/lUK40C7DXB4zKOuA2jVO90=", "owner": "nix-community", "repo": "disko", - "rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e", + "rev": "4677f6c53482a8b01ee93957e3bdd569d51261d6", "type": "github" }, "original": { "owner": "nix-community", + "ref": "v1.6.1", "repo": "disko", "type": "github" } @@ -221,11 +222,11 @@ }, "impermanence": { "locked": { - "lastModified": 1717932370, - "narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=", + "lastModified": 1719091691, + "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", "owner": "nix-community", "repo": "impermanence", - "rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f", + "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", "type": "github" }, "original": { @@ -261,11 +262,11 @@ ] }, "locked": { - "lastModified": 1718662658, - "narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=", + "lastModified": 1719128254, + "narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "29b3096a6e283d7e6779187244cb2a3942239fdf", + "rev": "50581970f37f06a4719001735828519925ef8310", "type": "github" }, "original": { @@ -277,11 +278,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1718651801, - "narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=", + "lastModified": 1719333598, + "narHash": "sha256-f587IOaoY3UYHzXzVPsfexkZ82N3UXPTNQths8+a8TA=", "ref": "refs/heads/master", - "rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566", - "revCount": 94, + "rev": "53dcdfe690d3393a16c3e110c1c183d0ec1d6711", + "revCount": 116, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, @@ -292,11 +293,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718835956, - "narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=", + "lastModified": 1719145550, + "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309", + "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", "type": "github" }, "original": { @@ -323,11 +324,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1718478900, - "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", + "lastModified": 1719099622, + "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c884223af91820615a6146af1ae1fea25c107005", + "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924", "type": "github" }, "original": { @@ -339,11 +340,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1718895438, - "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", + "lastModified": 1719075281, + "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", + "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", "type": "github" }, "original": { @@ -367,11 +368,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1718966331, - "narHash": "sha256-JKc3awrDQhdYT9LUAVgt74rFVcSrZ+VgNTsWLo2Kp24=", + "lastModified": 1719131261, + "narHash": "sha256-rtcRg/aaZ72Fb7NCFz87ATvmS7LyHKbkY9gwJRqhJK8=", "owner": "nix-community", "repo": "nixvim", - "rev": "1cd17226d5c75d20df2ebb754c3fc60ccc735a25", + "rev": "066485bf4c4cd83f01a75d46556ba2037e716604", "type": "github" }, "original": { @@ -383,11 +384,11 @@ }, "nur": { "locked": { - "lastModified": 1719053107, - "narHash": "sha256-gUnarEm0XN7xVK2s9t7eEEixctynaERMruLdzkDloV8=", + "lastModified": 1719326701, + "narHash": "sha256-IDEPbakCvjk61uX19cnmSB8fsdFTmMe5Wt4bCyIUGdA=", "owner": "nix-community", "repo": "NUR", - "rev": "f1b52ba4df9226117b0f33b5226ccea7aad08068", + "rev": "a331f41142ed524ce58ed0df1c72a7d0b13ec867", "type": "github" }, "original": { @@ -418,11 +419,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1718506969, - "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", + "lastModified": 1719268571, + "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=", "owner": "mic92", "repo": "sops-nix", - "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", + "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d962aa0..2868e72 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ # Declarative partitioning and formatting disko = { - url = "github:nix-community/disko"; + url = "github:nix-community/disko/v1.6.1"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -115,6 +115,16 @@ } ]; }; + overseer = nixpkgs.lib.nixosSystem { + inherit specialArgs; + modules = [ + ./hosts/overseer + home-manager.nixosModules.home-manager + { + home-manager.extraSpecialArgs = specialArgs; + } + ]; + }; }; }; } diff --git a/home/common/core/default.nix b/home/common/core/default.nix index 2f6d31c..18dcc14 100644 --- a/home/common/core/default.nix +++ b/home/common/core/default.nix @@ -29,5 +29,5 @@ libqalculate ; }; - home.stateVersion = "23.11"; + home.stateVersion = "24.04"; } diff --git a/home/overseer.nix b/home/overseer.nix new file mode 100644 index 0000000..9e3f0c5 --- /dev/null +++ b/home/overseer.nix @@ -0,0 +1,14 @@ +{ ... +}: { + imports = [ + # Import users + ./users/admin + + ./common/core + + # Import optional + ./common/optional/git.nix + ./common/optional/sops.nix + + ]; +} diff --git a/home/users/admin/default.nix b/home/users/admin/default.nix index ea751ef..2db1b84 100644 --- a/home/users/admin/default.nix +++ b/home/users/admin/default.nix @@ -3,7 +3,6 @@ { home.username = "admin"; home.homeDirectory = "/home/admin"; - home.stateVersion = "23.11"; imports = [ ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? diff --git a/home/users/media/default.nix b/home/users/media/default.nix index 257cf51..eeb523b 100644 --- a/home/users/media/default.nix +++ b/home/users/media/default.nix @@ -3,7 +3,6 @@ { home.username = "media"; home.homeDirectory = "/home/media"; - home.stateVersion = "23.11"; imports = [ inputs.impermanence.nixosModules.home-manager.impermanence diff --git a/home/users/sam/default.nix b/home/users/sam/default.nix index c8b1836..1892d84 100644 --- a/home/users/sam/default.nix +++ b/home/users/sam/default.nix @@ -3,7 +3,6 @@ { home.username = "sam"; home.homeDirectory = "/home/sam"; - home.stateVersion = "23.11"; imports = [ ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 1cfd3a6..e109f5a 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -44,5 +44,5 @@ in pkgs.vim ]; - system.stateVersion = "23.11"; + system.stateVersion = "24.05"; } diff --git a/hosts/overseer/default.nix b/hosts/overseer/default.nix new file mode 100644 index 0000000..cc7c9fe --- /dev/null +++ b/hosts/overseer/default.nix @@ -0,0 +1,56 @@ +{ inputs, config, lib, pkgs, outputs, ... }: +let + # Disko setup + fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence + dev = "/dev/vda"; # depends on target hardware + encrypted = false; # currrently only applies to btrfs + btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; + user = "admin"; +in +{ + imports = + [ + # Create users for this host + ../common/users/${user} + + # Disk configuration + inputs.disko.nixosModules.disko + (import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; }) + + # Impermanence + inputs.impermanence.nixosModules.impermanence + (import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; }) + + # Import core options + ./hardware-configuration.nix + ../common/core + + # Import optional options + ../common/optional/persistence.nix + ../common/optional/openssh.nix + + ]; + + boot = { + blacklistedKernelModules = [ "snd_hda_intel" "snd_soc_skl" ]; + kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + timeout = 3; + }; + }; + + hardware.firmware = [ + pkgs.sof-firmware + ]; + + networking = { + hostName = "overseer"; + networkmanager.enable = true; + enableIPv6 = false; + }; + + services.libinput.enable = true; +} + diff --git a/hosts/overseer/hardware-configuration.nix b/hosts/overseer/hardware-configuration.nix new file mode 100644 index 0000000..0a2bb19 --- /dev/null +++ b/hosts/overseer/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index b09e550..8ed71c0 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -70,7 +70,7 @@ just update-sops-secrets && just update-flake-secrets && just update-flake cp -prv . "$temp/persist/etc/nixos" # Install Nixos to target -SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" +SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" [ $? != 0 ] && echo "Error installing Nixos" && exit 1 ## Delete keys from local known_hosts