feat: run octoprint on testienix
This commit is contained in:
parent
85690a03d5
commit
5707be0b11
|
@ -82,9 +82,9 @@ These are notable external flakes which this config depend upon
|
|||
- This might take multiple minutes(~10)
|
||||
- Alternatively boot an official nixos image connect with password
|
||||
3. Copy ISO to usb using dd
|
||||
3. After booting copy the installer to the live system using `nix copy --to <target> .#packages.<target-system>.installer-package.<target>`
|
||||
3. After booting copy the installer to the live system using `nix copy --to <target> .#nodes.<target-system>.config.system.build.installFromLive`
|
||||
4. Run the installer script from the nix store of the live system
|
||||
- you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
|
||||
- you can get the path using `nix path-info .#nodes.<target-system>.config.system.build.installFromLive`
|
||||
4. Export all zpools and reboot into system
|
||||
6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub`
|
||||
5. Deploy system
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
{
|
||||
imports = [
|
||||
./boot.nix
|
||||
./generate-installer-package.nix
|
||||
./home-manager.nix
|
||||
./impermanence.nix
|
||||
./inputrc.nix
|
||||
|
|
|
@ -38,7 +38,7 @@ let
|
|||
ipOf =
|
||||
hostName:
|
||||
if hostName == "octoprint" then
|
||||
nodes.patricknix.config.wireguard.elisabeth.ipv4
|
||||
nodes.testienix.config.wireguard.elisabeth.ipv4
|
||||
else
|
||||
nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
|
||||
in
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
{ inputs, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../config/basic
|
||||
../../config/services/octoprint.nix
|
||||
|
||||
inputs.nixos-hardware.nixosModules.raspberry-pi-3
|
||||
./fs.nix
|
||||
./net.nix
|
||||
];
|
||||
nixpkgs.hostPlatform = "aarch64-linux";
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
fileSystems = lib.mkForce {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
environment.persistence = lib.mkForce { };
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
networking = {
|
||||
inherit (config.secrets.secrets.local.networking) hostId;
|
||||
wireless.iwd = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
systemd.network.networks = {
|
||||
"01-lan1" = {
|
||||
DHCP = "yes";
|
||||
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
};
|
||||
dhcpV4Config.RouteMetric = 10;
|
||||
dhcpV6Config.RouteMetric = 10;
|
||||
};
|
||||
"01-wlan1" = {
|
||||
DHCP = "yes";
|
||||
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
};
|
||||
dhcpV4Config.RouteMetric = 40;
|
||||
dhcpV6Config.RouteMetric = 40;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG
|
Binary file not shown.
|
@ -18,8 +18,6 @@
|
|||
../../config/hardware/prime-offload.nix
|
||||
../../config/hardware/yubikey.nix
|
||||
|
||||
../../config/services/octoprint.nix
|
||||
|
||||
../../config/optional/dev.nix
|
||||
../../config/optional/graphical.nix
|
||||
../../config/optional/printing.nix
|
||||
|
|
28
hosts/testienix/default.nix
Normal file
28
hosts/testienix/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
inputs,
|
||||
lib,
|
||||
minimal,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.common-pc
|
||||
inputs.nixos-hardware.nixosModules.common-pc-ssd
|
||||
|
||||
../../config/basic
|
||||
../../config/optional/initrd-ssh.nix
|
||||
|
||||
../../config/hardware/physical.nix
|
||||
../../config/optional/zfs.nix
|
||||
|
||||
../../config/services/octoprint.nix
|
||||
|
||||
./net.nix
|
||||
./fs.nix
|
||||
] ++ lib.lists.optionals (!minimal) [ ];
|
||||
services.xserver.xkb = {
|
||||
layout = "de";
|
||||
};
|
||||
services.thermald.enable = lib.mkForce false;
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
}
|
83
hosts/testienix/fs.nix
Normal file
83
hosts/testienix/fs.nix
Normal file
|
@ -0,0 +1,83 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
internal-hdd = {
|
||||
type = "disk";
|
||||
device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.internal-hdd}";
|
||||
content = with lib.disko.gpt; {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = partEfi "1G";
|
||||
swap = partSwap "16G";
|
||||
rpool = lib.attrsets.recursiveUpdate (partLuksZfs "rpool" "rpool" "100%") {
|
||||
content.extraFormatArgs = [ "--pbkdf pbkdf2" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
zpool = with lib.disko.zfs; {
|
||||
rpool = mkZpool { datasets = impermanenceZfsDatasets; };
|
||||
};
|
||||
};
|
||||
|
||||
services.zrepl = {
|
||||
enable = true;
|
||||
settings = {
|
||||
global = {
|
||||
logging = [
|
||||
{
|
||||
type = "syslog";
|
||||
level = "info";
|
||||
format = "human";
|
||||
}
|
||||
];
|
||||
# TODO Monitoring
|
||||
};
|
||||
jobs = [
|
||||
#{
|
||||
# type = "push";
|
||||
# name = "push-to-remote";
|
||||
#}
|
||||
{
|
||||
type = "snap";
|
||||
name = "mach-schnipp-schusss";
|
||||
filesystems = {
|
||||
"rpool/local/state<" = true;
|
||||
"rpool/safe<" = true;
|
||||
};
|
||||
snapshotting = {
|
||||
type = "periodic";
|
||||
prefix = "zrepl-";
|
||||
interval = "10m";
|
||||
timestamp_format = "iso-8601";
|
||||
};
|
||||
pruning = {
|
||||
keep = [
|
||||
{
|
||||
type = "regex";
|
||||
regex = "^zrepl-.*$";
|
||||
negate = true;
|
||||
}
|
||||
{
|
||||
type = "grid";
|
||||
grid = lib.concatStringsSep " | " [
|
||||
"1x1d(keep=all)"
|
||||
"142x1h(keep=2)"
|
||||
"90x1d(keep=2)"
|
||||
"500x7d"
|
||||
];
|
||||
regex = "^zrepl-.*$";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/state".neededForBoot = true;
|
||||
fileSystems."/persist".neededForBoot = true;
|
||||
}
|
18
hosts/testienix/net.nix
Normal file
18
hosts/testienix/net.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
networking = {
|
||||
inherit (config.secrets.secrets.local.networking) hostId;
|
||||
};
|
||||
networking.nftables.firewall.zones.untrusted.interfaces = [ "lan01" ];
|
||||
systemd.network.networks = {
|
||||
"lan01" = {
|
||||
address = [ "192.168.178.32/24" ];
|
||||
gateway = [ "192.168.178.1" ];
|
||||
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
BIN
hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
Normal file
BIN
hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
Normal file
Binary file not shown.
1
hosts/testienix/secrets/host.pub
Normal file
1
hosts/testienix/secrets/host.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXcDQbZKe8mcPj7ZqAcNrbVbXCW4po+A004yMjauQjD
|
BIN
hosts/testienix/secrets/secrets.nix.age
Normal file
BIN
hosts/testienix/secrets/secrets.nix.age
Normal file
Binary file not shown.
BIN
secrets/wireguard/elisabeth/keys/testienix.age
Normal file
BIN
secrets/wireguard/elisabeth/keys/testienix.age
Normal file
Binary file not shown.
1
secrets/wireguard/elisabeth/keys/testienix.pub
Normal file
1
secrets/wireguard/elisabeth/keys/testienix.pub
Normal file
|
@ -0,0 +1 @@
|
|||
YFUko5BLbPFUxgMBOdRmuaP3W8MyKqcbKfGs+kJsaHQ=
|
15
secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
Normal file
15
secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
Normal file
|
@ -0,0 +1,15 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 GQbCMDf/v7ZWCbkWrxPHb3eRRhBu3OgoUVM5Wcd2YWg
|
||||
Ktg5wWDrv9xGlz2RxkbaLM1JnzncvFiDKNU7Q/ALkPg
|
||||
-> piv-p256 ZFgiIw A6/M1WnmlEwOkaL4Gof2DJQ1ED88c14rHjoKFMBZ+nXM
|
||||
XI9XhL0lE01DBbR8bNCaTEqDEAYzaswFucfY97HsWEA
|
||||
-> piv-p256 XTQkUA A+dXpvz/ARcQj/RrRjgm7L4K1Jg1P/mnlL4M0nYWrTid
|
||||
XoxIGKavpr13hvz7RimZlj5Ah9jqAKIph1Gh2RGMha0
|
||||
-> piv-p256 ZFgiIw AipDvQ/vmWF820Swf/UYPGcQdI5SOHDmrBRRQuPysnJ0
|
||||
AoQ/EEvxmtDptmqQP2AZ4i5ExLsWzrXXvvVcIKZlP50
|
||||
-> piv-p256 5vmPtQ AvMIvmMcOwkzIiWvGLVs1x3zU+CDntwP88lxqNhNGgAR
|
||||
3S9QPobzy1KFKLk3GaCxDdNIChph3lG45DdLG1d4KZ4
|
||||
-> MO-grease A~ wj@o(6
|
||||
JpQ
|
||||
--- wg4II0uOKrdUdzbRGlhxu6nQ9W2Cdj29nmBVc0nNRvI
|
||||
ü6A<EFBFBD>6ýÊ<EFBFBD>S ƒîhƒt^WSMÀîµÜãE‰E`ä ¨$=72½:°<>ññ!ª˜™ÿcÞ|PÀI§K¾R„ÞÝÌÐÛhDA$ó‚
|
|
@ -24,6 +24,11 @@
|
|||
user = "root";
|
||||
};
|
||||
|
||||
"testienix" = {
|
||||
hostname = "testienix.local";
|
||||
user = "root";
|
||||
};
|
||||
|
||||
"patricknix" = {
|
||||
hostname = "patricknix.local";
|
||||
user = "root";
|
||||
|
|
Loading…
Reference in a new issue