feat: run octoprint on testienix

2024-08-25 15:56:17 +02:00 · 2024-08-25 15:56:17 +02:00 · 5707be0b11
parent 85690a03d5
commit 5707be0b11
19 changed files with 155 additions and 62 deletions
--- a/README.md
+++ b/README.md
@ -82,9 +82,9 @@ These are notable external flakes which this config depend upon
    - This might take multiple minutes(~10)
    - Alternatively boot an official nixos image connect with password
 3. Copy ISO to usb using dd
-3. After booting copy the installer to the live system using `nix copy --to <target> .#packages.<target-system>.installer-package.<target>`
+3. After booting copy the installer to the live system using `nix copy --to <target> .#nodes.<target-system>.config.system.build.installFromLive`
 4. Run the installer script from the nix store of the live system
-    - you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
+    - you can get the path using `nix path-info .#nodes.<target-system>.config.system.build.installFromLive`
 4. Export all zpools and reboot into system
 6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub`
 5. Deploy system
--- a/config/basic/default.nix
+++ b/config/basic/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./boot.nix
+    ./generate-installer-package.nix
    ./home-manager.nix
    ./impermanence.nix
    ./inputrc.nix
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@ -38,7 +38,7 @@ let
  ipOf =
    hostName:
    if hostName == "octoprint" then
-      nodes.patricknix.config.wireguard.elisabeth.ipv4
+      nodes.testienix.config.wireguard.elisabeth.ipv4
    else
      nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
 in
--- a/hosts/octoprint/default.nix
+++ b/hosts/octoprint/default.nix
@ -1,15 +0,0 @@
-{ inputs, lib, ... }:
-{
-  imports = [
-    ../../config/basic
-    ../../config/services/octoprint.nix
-
-    inputs.nixos-hardware.nixosModules.raspberry-pi-3
-    ./fs.nix
-    ./net.nix
-  ];
-  nixpkgs.hostPlatform = "aarch64-linux";
-  boot.loader.generic-extlinux-compatible.enable = true;
-  boot.loader.systemd-boot.enable = lib.mkForce false;
-  hardware.enableRedistributableFirmware = true;
-}
--- a/hosts/octoprint/fs.nix
+++ b/hosts/octoprint/fs.nix
@ -1,10 +0,0 @@
-{ lib, ... }:
-{
-  fileSystems = lib.mkForce {
-    "/" = {
-      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-      fsType = "ext4";
-    };
-  };
-  environment.persistence = lib.mkForce { };
-}
--- a/hosts/octoprint/net.nix
+++ b/hosts/octoprint/net.nix
@ -1,31 +0,0 @@
-{ config, ... }:
-{
-  networking = {
-    inherit (config.secrets.secrets.local.networking) hostId;
-    wireless.iwd = {
-      enable = true;
-    };
-  };
-  systemd.network.networks = {
-    "01-lan1" = {
-      DHCP = "yes";
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
-      networkConfig = {
-        IPv6PrivacyExtensions = "yes";
-        MulticastDNS = true;
-      };
-      dhcpV4Config.RouteMetric = 10;
-      dhcpV6Config.RouteMetric = 10;
-    };
-    "01-wlan1" = {
-      DHCP = "yes";
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
-      networkConfig = {
-        IPv6PrivacyExtensions = "yes";
-        MulticastDNS = true;
-      };
-      dhcpV4Config.RouteMetric = 40;
-      dhcpV6Config.RouteMetric = 40;
-    };
-  };
-}
--- a/hosts/octoprint/secrets/host.pub
+++ b/hosts/octoprint/secrets/host.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG
--- a/hosts/octoprint/secrets/secrets.nix.age
+++ b/hosts/octoprint/secrets/secrets.nix.age
--- a/hosts/patricknix/default.nix
+++ b/hosts/patricknix/default.nix
@ -18,8 +18,6 @@
    ../../config/hardware/prime-offload.nix
    ../../config/hardware/yubikey.nix

-    ../../config/services/octoprint.nix
-
    ../../config/optional/dev.nix
    ../../config/optional/graphical.nix
    ../../config/optional/printing.nix
--- a/hosts/testienix/default.nix
+++ b/hosts/testienix/default.nix
@ -0,0 +1,28 @@
+{
+  inputs,
+  lib,
+  minimal,
+  ...
+}:
+{
+  imports = [
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+
+    ../../config/basic
+    ../../config/optional/initrd-ssh.nix
+
+    ../../config/hardware/physical.nix
+    ../../config/optional/zfs.nix
+
+    ../../config/services/octoprint.nix
+
+    ./net.nix
+    ./fs.nix
+  ] ++ lib.lists.optionals (!minimal) [ ];
+  services.xserver.xkb = {
+    layout = "de";
+  };
+  services.thermald.enable = lib.mkForce false;
+  nixpkgs.hostPlatform = "x86_64-linux";
+}
--- a/hosts/testienix/fs.nix
+++ b/hosts/testienix/fs.nix
@ -0,0 +1,83 @@
+{ config, lib, ... }:
+{
+  disko.devices = {
+    disk = {
+      internal-hdd = {
+        type = "disk";
+        device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.internal-hdd}";
+        content = with lib.disko.gpt; {
+          type = "gpt";
+          partitions = {
+            boot = partEfi "1G";
+            swap = partSwap "16G";
+            rpool = lib.attrsets.recursiveUpdate (partLuksZfs "rpool" "rpool" "100%") {
+              content.extraFormatArgs = [ "--pbkdf pbkdf2" ];
+            };
+          };
+        };
+      };
+    };
+
+    zpool = with lib.disko.zfs; {
+      rpool = mkZpool { datasets = impermanenceZfsDatasets; };
+    };
+  };
+
+  services.zrepl = {
+    enable = true;
+    settings = {
+      global = {
+        logging = [
+          {
+            type = "syslog";
+            level = "info";
+            format = "human";
+          }
+        ];
+        # TODO Monitoring
+      };
+      jobs = [
+        #{
+        #  type = "push";
+        #  name = "push-to-remote";
+        #}
+        {
+          type = "snap";
+          name = "mach-schnipp-schusss";
+          filesystems = {
+            "rpool/local/state<" = true;
+            "rpool/safe<" = true;
+          };
+          snapshotting = {
+            type = "periodic";
+            prefix = "zrepl-";
+            interval = "10m";
+            timestamp_format = "iso-8601";
+          };
+          pruning = {
+            keep = [
+              {
+                type = "regex";
+                regex = "^zrepl-.*$";
+                negate = true;
+              }
+              {
+                type = "grid";
+                grid = lib.concatStringsSep " | " [
+                  "1x1d(keep=all)"
+                  "142x1h(keep=2)"
+                  "90x1d(keep=2)"
+                  "500x7d"
+                ];
+                regex = "^zrepl-.*$";
+              }
+            ];
+          };
+        }
+      ];
+    };
+  };
+
+  fileSystems."/state".neededForBoot = true;
+  fileSystems."/persist".neededForBoot = true;
+}
--- a/hosts/testienix/net.nix
+++ b/hosts/testienix/net.nix
@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  networking = {
+    inherit (config.secrets.secrets.local.networking) hostId;
+  };
+  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan01" ];
+  systemd.network.networks = {
+    "lan01" = {
+      address = [ "192.168.178.32/24" ];
+      gateway = [ "192.168.178.1" ];
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+    };
+  };
+}
--- a/hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
+++ b/hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
--- a/hosts/testienix/secrets/host.pub
+++ b/hosts/testienix/secrets/host.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXcDQbZKe8mcPj7ZqAcNrbVbXCW4po+A004yMjauQjD
--- a/hosts/testienix/secrets/secrets.nix.age
+++ b/hosts/testienix/secrets/secrets.nix.age
--- a/secrets/wireguard/elisabeth/keys/testienix.age
+++ b/secrets/wireguard/elisabeth/keys/testienix.age
--- a/secrets/wireguard/elisabeth/keys/testienix.pub
+++ b/secrets/wireguard/elisabeth/keys/testienix.pub
@ -0,0 +1 @@
+YFUko5BLbPFUxgMBOdRmuaP3W8MyKqcbKfGs+kJsaHQ=
--- a/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
+++ b/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> X25519 GQbCMDf/v7ZWCbkWrxPHb3eRRhBu3OgoUVM5Wcd2YWg
+Ktg5wWDrv9xGlz2RxkbaLM1JnzncvFiDKNU7Q/ALkPg
+-> piv-p256 ZFgiIw A6/M1WnmlEwOkaL4Gof2DJQ1ED88c14rHjoKFMBZ+nXM
+XI9XhL0lE01DBbR8bNCaTEqDEAYzaswFucfY97HsWEA
+-> piv-p256 XTQkUA A+dXpvz/ARcQj/RrRjgm7L4K1Jg1P/mnlL4M0nYWrTid
+XoxIGKavpr13hvz7RimZlj5Ah9jqAKIph1Gh2RGMha0
+-> piv-p256 ZFgiIw AipDvQ/vmWF820Swf/UYPGcQdI5SOHDmrBRRQuPysnJ0
+AoQ/EEvxmtDptmqQP2AZ4i5ExLsWzrXXvvVcIKZlP50
+-> piv-p256 5vmPtQ AvMIvmMcOwkzIiWvGLVs1x3zU+CDntwP88lxqNhNGgAR
+3S9QPobzy1KFKLk3GaCxDdNIChph3lG45DdLG1d4KZ4
+-> MO-grease A~ wj@o(6
+JpQ
+--- wg4II0uOKrdUdzbRGlhxu6nQ9W2Cdj29nmBVc0nNRvI
+ü6A<EFBFBD>6ýÊ<EFBFBD>S	ƒîhƒt^WSMÀîµÜãE‰E`ä ¨$=72½:°<>ññ!ª˜™ÿcÞ|PÀI§K¾R„ÞÝÌÐÛhDA$ó‚
--- a/users/patrick/ssh.nix
+++ b/users/patrick/ssh.nix
@ -24,6 +24,11 @@
          user = "root";
        };

+        "testienix" = {
+          hostname = "testienix.local";
+          user = "root";
+        };
+
        "patricknix" = {
          hostname = "patricknix.local";
          user = "root";
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG`
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXcDQbZKe8mcPj7ZqAcNrbVbXCW4po+A004yMjauQjD`
				`@ -0,0 +1 @@`
				`YFUko5BLbPFUxgMBOdRmuaP3W8MyKqcbKfGs+kJsaHQ=`