patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: added nixos generators

Browse source
This commit is contained in:
Patrick Großmann 2023-08-30 16:38:30 +02:00
parent c869e5fc62
commit 440048e60c
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
9 changed files with 159 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -75,6 +75,10 @@
1. Create and fill `default.nix` 1. Create and fill `default.nix`
1. Fill `net.nix` 1. Fill `net.nix`
1. Fill `fs.nix` 1. Fill `fs.nix`
2. Don't forget to add necesarry config for filesystems, etc.
3. Generate ISO image with `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
3. Copy ISO to usb and boot
5. Copy installer from local machine to live systemd
## Deploy ## Deploy

37
flake.lock
View file

@ -286,6 +286,42 @@
"type": "github" "type": "github"
} }
}, },
"nixlib": {
"locked": {
"lastModified": 1689469483,
"narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1690133435,
"narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1690200740, "lastModified": 1690200740,
@ -370,6 +406,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",

37
flake.nix
View file

@ -12,6 +12,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
# should use system nixpkgs instead of their own # should use system nixpkgs instead of their own
@ -73,8 +78,12 @@
colmena, colmena,
agenix-rekey, agenix-rekey,
devshell, devshell,
nixos-generators,
... ...
} @ inputs: } @ inputs: let
inherit (nixpkgs) lib;
stateVersion = "23.05";
in
{ {
secretsConfig = { secretsConfig = {
masterIdentities = [./secrets/NIXOSc.key.pub]; masterIdentities = [./secrets/NIXOSc.key.pub];
@ -82,7 +91,7 @@
extraEncryptionPubkeys = [./secrets/recipients.txt]; extraEncryptionPubkeys = [./secrets/recipients.txt];
}; };
stateVersion = "23.05"; inherit stateVersion;
hosts = builtins.fromTOML (builtins.readFile ./hosts.toml); hosts = builtins.fromTOML (builtins.readFile ./hosts.toml);
@ -92,6 +101,14 @@
# todo add microvmNodes # todo add microvmNodes
nodes = self.colmenaNodes; nodes = self.colmenaNodes;
inherit
(lib.foldl' lib.recursiveUpdate {}
(lib.mapAttrsToList
(import ./nix/generate-installer-package.nix inputs)
self.colmenaNodes))
packages
;
} }
// flake-utils.lib.eachDefaultSystem (system: rec { // flake-utils.lib.eachDefaultSystem (system: rec {
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -100,6 +117,22 @@
# TODO fix this to only allow specific unfree packages # TODO fix this to only allow specific unfree packages
config.allowUnfree = true; config.allowUnfree = true;
}; };
images.live-iso = nixos-generators.nixosGenerate {
inherit pkgs;
modules = [
./nix/installer-configuration.nix
./hosts/common/core/ssh.nix
{system.stateVersion = stateVersion;}
];
format =
{
x86_64-linux = "install-iso";
aarch64-linux = "sd-aarch64-installer";
}
.${system};
};
apps = agenix-rekey.defineApps self pkgs self.nodes; apps = agenix-rekey.defineApps self pkgs self.nodes;
checks = import ./nix/checks.nix inputs system; checks = import ./nix/checks.nix inputs system;
devShell = import ./nix/devshell.nix inputs system; devShell = import ./nix/devshell.nix inputs system;

1
hosts/common/hardware/laptop.nix
View file

@ -7,7 +7,6 @@
physlock.enable = true; physlock.enable = true;
tlp = { tlp = {
enable = true; enable = true;
# currently broken. Issue open at https://github.com/linrunner/TLP/issues/692
settings = { settings = {
USB_EXCLUDE_PHONE = 1; USB_EXCLUDE_PHONE = 1;
}; };

6
hosts/common/hardware/nvidia.nix
View file

@ -1,8 +1,4 @@
{ {lib, ...}: {
lib,
pkgs,
...
}: {
services.xserver.videoDrivers = lib.mkForce ["nvidia"]; services.xserver.videoDrivers = lib.mkForce ["nvidia"];
hardware = { hardware = {

14
hosts/desktopnix/default.nix
View file

@ -8,7 +8,21 @@
../common/core ../common/core
../common/dev ../common/dev
../common/graphical/fonts.nix
../common/graphical/steam.nix
../common/hardware/bluetooth.nix
../common/hardware/intel.nix
../common/hardware/physical.nix
../common/hardware/pipewire.nix
../common/hardware/yubikey.nix
../common/hardware/zfs.nix
./smb-mounts.nix
./net.nix ./net.nix
./fs.nix ./fs.nix
../../users/patrick
]; ];
} }

34
nix/generate-installer-package.nix Normal file
View file

@ -0,0 +1,34 @@
{self, ...}: nodeName: nodeAttrs: let
inherit (self.hosts.${nodeName}) system;
pkgs = self.pkgs.${system};
disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}";
disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
install-system = pkgs.writeShellScriptBin "install-system" ''
set -euo pipefail
echo "Formatting disks..."
${disko-script}/bin/disko-script
echo "Installing system..."
nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
echo "Done!"
'';
installer-package = pkgs.symlinkJoin {
name = "installer-package-${nodeName}";
paths = [
disko-script
disko-mount
disko-format
install-system
];
};
in {
# Everything required for the installer as a single package,
# so it can be used from an existing live system by copying the derivation.
packages.${system}.installer-package.${nodeName} = installer-package;
}

32
nix/installer-configuration.nix Normal file
View file

@ -0,0 +1,32 @@
{pkgs, ...}: {
nix.extraOptions = ''
experimental-features = nix-command flakes recursive-nix
'';
console = {
keyMap = "de-latin1-nodeadkeys";
};
users.users.root = {
password = "nixos";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
];
};
environment = {
variables.EDITOR = "nvim";
systemPackages = with pkgs; [
neovim
git
parted
ripgrep
bat
curl
];
etc.issue.text = ''
Gey
'';
};
}

3
users/patrick/ssh.nix
View file

@ -1,4 +1,5 @@
{ {
# yubikey public key parts
home.file.".ssh/1.pub".text = '' home.file.".ssh/1.pub".text = ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM cardno:15 489 049 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM cardno:15 489 049
''; '';
@ -16,7 +17,7 @@
inherit identityFile; inherit identityFile;
}; };
"patricknix" = { "patricknix" = {
hostname = "localhost"; hostname = "patricknix.local";
user = "root"; user = "root";
inherit identityFile; inherit identityFile;
}; };