feat: run octoprint on testienix

2024-08-25 15:56:17 +02:00 · 2024-08-25 15:56:17 +02:00 · 5707be0b11
parent 85690a03d5
commit 5707be0b11
19 changed files with 155 additions and 62 deletions
--- a/README.md
+++ b/README.md
@ -82,9 +82,9 @@ These are notable external flakes which this config depend upon
    - This might take multiple minutes(~10)
    - Alternatively boot an official nixos image connect with password
 3. Copy ISO to usb using dd
-3. After booting copy the installer to the live system using `nix copy --to <target> .#packages.<target-system>.installer-package.<target>`
+3. After booting copy the installer to the live system using `nix copy --to <target> .#nodes.<target-system>.config.system.build.installFromLive`
 4. Run the installer script from the nix store of the live system
-    - you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
+    - you can get the path using `nix path-info .#nodes.<target-system>.config.system.build.installFromLive`
 4. Export all zpools and reboot into system
 6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub`
 5. Deploy system
--- a/config/basic/default.nix
+++ b/config/basic/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./boot.nix
    ./generate-installer-package.nix
    ./home-manager.nix
    ./impermanence.nix
    ./inputrc.nix
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@ -38,7 +38,7 @@ let
  ipOf =
    hostName:
    if hostName == "octoprint" then
-      nodes.patricknix.config.wireguard.elisabeth.ipv4
+      nodes.testienix.config.wireguard.elisabeth.ipv4
    else
      nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
 in
--- a/hosts/octoprint/default.nix
+++ b/hosts/octoprint/default.nix
@ -1,15 +0,0 @@
 { inputs, lib, ... }:
 {
  imports = [
    ../../config/basic
    ../../config/services/octoprint.nix
    inputs.nixos-hardware.nixosModules.raspberry-pi-3
    ./fs.nix
    ./net.nix
  ];
  nixpkgs.hostPlatform = "aarch64-linux";
  boot.loader.generic-extlinux-compatible.enable = true;
  boot.loader.systemd-boot.enable = lib.mkForce false;
  hardware.enableRedistributableFirmware = true;
 }
--- a/hosts/octoprint/fs.nix
+++ b/hosts/octoprint/fs.nix
@ -1,10 +0,0 @@
 { lib, ... }:
 {
  fileSystems = lib.mkForce {
    "/" = {
      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
      fsType = "ext4";
    };
  };
  environment.persistence = lib.mkForce { };
 }
--- a/hosts/octoprint/net.nix
+++ b/hosts/octoprint/net.nix
@ -1,31 +0,0 @@
 { config, ... }:
 {
  networking = {
    inherit (config.secrets.secrets.local.networking) hostId;
    wireless.iwd = {
      enable = true;
    };
  };
  systemd.network.networks = {
    "01-lan1" = {
      DHCP = "yes";
      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
      networkConfig = {
        IPv6PrivacyExtensions = "yes";
        MulticastDNS = true;
      };
      dhcpV4Config.RouteMetric = 10;
      dhcpV6Config.RouteMetric = 10;
    };
    "01-wlan1" = {
      DHCP = "yes";
      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
      networkConfig = {
        IPv6PrivacyExtensions = "yes";
        MulticastDNS = true;
      };
      dhcpV4Config.RouteMetric = 40;
      dhcpV6Config.RouteMetric = 40;
    };
  };
 }
--- a/hosts/octoprint/secrets/host.pub
+++ b/hosts/octoprint/secrets/host.pub
@ -1 +0,0 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG
--- a/hosts/octoprint/secrets/secrets.nix.age
+++ b/hosts/octoprint/secrets/secrets.nix.age
--- a/hosts/patricknix/default.nix
+++ b/hosts/patricknix/default.nix
@ -18,8 +18,6 @@
    ../../config/hardware/prime-offload.nix
    ../../config/hardware/yubikey.nix
    ../../config/services/octoprint.nix
    ../../config/optional/dev.nix
    ../../config/optional/graphical.nix
    ../../config/optional/printing.nix
--- a/hosts/testienix/default.nix
+++ b/hosts/testienix/default.nix
@ -0,0 +1,28 @@
 {
  inputs,
  lib,
  minimal,
  ...
 }:
 {
  imports = [
    inputs.nixos-hardware.nixosModules.common-pc
    inputs.nixos-hardware.nixosModules.common-pc-ssd
    ../../config/basic
    ../../config/optional/initrd-ssh.nix
    ../../config/hardware/physical.nix
    ../../config/optional/zfs.nix
    ../../config/services/octoprint.nix
    ./net.nix
    ./fs.nix
  ] ++ lib.lists.optionals (!minimal) [ ];
  services.xserver.xkb = {
    layout = "de";
  };
  services.thermald.enable = lib.mkForce false;
  nixpkgs.hostPlatform = "x86_64-linux";
 }
--- a/hosts/testienix/fs.nix
+++ b/hosts/testienix/fs.nix
@ -0,0 +1,83 @@
 { config, lib, ... }:
 {
  disko.devices = {
    disk = {
      internal-hdd = {
        type = "disk";
        device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.internal-hdd}";
        content = with lib.disko.gpt; {
          type = "gpt";
          partitions = {
            boot = partEfi "1G";
            swap = partSwap "16G";
            rpool = lib.attrsets.recursiveUpdate (partLuksZfs "rpool" "rpool" "100%") {
              content.extraFormatArgs = [ "--pbkdf pbkdf2" ];
            };
          };
        };
      };
    };
    zpool = with lib.disko.zfs; {
      rpool = mkZpool { datasets = impermanenceZfsDatasets; };
    };
  };
  services.zrepl = {
    enable = true;
    settings = {
      global = {
        logging = [
          {
            type = "syslog";
            level = "info";
            format = "human";
          }
        ];
        # TODO Monitoring
      };
      jobs = [
        #{
        #  type = "push";
        #  name = "push-to-remote";
        #}
        {
          type = "snap";
          name = "mach-schnipp-schusss";
          filesystems = {
            "rpool/local/state<" = true;
            "rpool/safe<" = true;
          };
          snapshotting = {
            type = "periodic";
            prefix = "zrepl-";
            interval = "10m";
            timestamp_format = "iso-8601";
          };
          pruning = {
            keep = [
              {
                type = "regex";
                regex = "^zrepl-.*$";
                negate = true;
              }
              {
                type = "grid";
                grid = lib.concatStringsSep " | " [
                  "1x1d(keep=all)"
                  "142x1h(keep=2)"
                  "90x1d(keep=2)"
                  "500x7d"
                ];
                regex = "^zrepl-.*$";
              }
            ];
          };
        }
      ];
    };
  };
  fileSystems."/state".neededForBoot = true;
  fileSystems."/persist".neededForBoot = true;
 }
--- a/hosts/testienix/net.nix
+++ b/hosts/testienix/net.nix
@ -0,0 +1,18 @@
 { config, ... }:
 {
  networking = {
    inherit (config.secrets.secrets.local.networking) hostId;
  };
  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan01" ];
  systemd.network.networks = {
    "lan01" = {
      address = [ "192.168.178.32/24" ];
      gateway = [ "192.168.178.1" ];
      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
      networkConfig = {
        IPv6PrivacyExtensions = "yes";
        MulticastDNS = true;
      };
    };
  };
 }
--- a/hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
+++ b/hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
--- a/hosts/testienix/secrets/host.pub
+++ b/hosts/testienix/secrets/host.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXcDQbZKe8mcPj7ZqAcNrbVbXCW4po+A004yMjauQjD
--- a/hosts/testienix/secrets/secrets.nix.age
+++ b/hosts/testienix/secrets/secrets.nix.age
--- a/secrets/wireguard/elisabeth/keys/testienix.age
+++ b/secrets/wireguard/elisabeth/keys/testienix.age
--- a/secrets/wireguard/elisabeth/keys/testienix.pub
+++ b/secrets/wireguard/elisabeth/keys/testienix.pub
@ -0,0 +1 @@
 YFUko5BLbPFUxgMBOdRmuaP3W8MyKqcbKfGs+kJsaHQ=
--- a/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
+++ b/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
@ -0,0 +1,15 @@
 age-encryption.org/v1
 -> X25519 GQbCMDf/v7ZWCbkWrxPHb3eRRhBu3OgoUVM5Wcd2YWg
 Ktg5wWDrv9xGlz2RxkbaLM1JnzncvFiDKNU7Q/ALkPg
 -> piv-p256 ZFgiIw A6/M1WnmlEwOkaL4Gof2DJQ1ED88c14rHjoKFMBZ+nXM
 XI9XhL0lE01DBbR8bNCaTEqDEAYzaswFucfY97HsWEA
 -> piv-p256 XTQkUA A+dXpvz/ARcQj/RrRjgm7L4K1Jg1P/mnlL4M0nYWrTid
 XoxIGKavpr13hvz7RimZlj5Ah9jqAKIph1Gh2RGMha0
 -> piv-p256 ZFgiIw AipDvQ/vmWF820Swf/UYPGcQdI5SOHDmrBRRQuPysnJ0
 AoQ/EEvxmtDptmqQP2AZ4i5ExLsWzrXXvvVcIKZlP50
 -> piv-p256 5vmPtQ AvMIvmMcOwkzIiWvGLVs1x3zU+CDntwP88lxqNhNGgAR
 3S9QPobzy1KFKLk3GaCxDdNIChph3lG45DdLG1d4KZ4
 -> MO-grease A~ wj@o(6
 JpQ
 --- wg4II0uOKrdUdzbRGlhxu6nQ9W2Cdj29nmBVc0nNRvI
 ü6A<EFBFBD>6ýÊ<EFBFBD>S	ƒîhƒt^WSMÀîµÜãE‰E`ä ¨$=72½:°<>ññ!ª˜™ÿcÞ|PÀI§K¾R„ÞÝÌÐÛhDA$ó‚
--- a/users/patrick/ssh.nix
+++ b/users/patrick/ssh.nix
@ -24,6 +24,11 @@
          user = "root";
        };
        "testienix" = {
          hostname = "testienix.local";
          user = "root";
        };
        "patricknix" = {
          hostname = "patricknix.local";
          user = "root";
		`@ -1 +0,0 @@`
			`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXcDQbZKe8mcPj7ZqAcNrbVbXCW4po+A004yMjauQjD`
		`@ -0,0 +1 @@`
							`YFUko5BLbPFUxgMBOdRmuaP3W8MyKqcbKfGs+kJsaHQ=`