diff --git a/nixos-anywhere/configuration.nix b/nixos-anywhere/configuration.nix new file mode 100644 index 0000000..5562017 --- /dev/null +++ b/nixos-anywhere/configuration.nix @@ -0,0 +1,33 @@ +{ + modulesPath, + lib, + pkgs, + ... +} @ args: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ]; + boot.loader.grub = { + # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + services.openssh.enable = true; + + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.gitMinimal + ]; + + users.users.root.openssh.authorizedKeys.keys = + [ + # change this to your ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvhtF6nRWlA6PVs71Eek7p0p2PxTd3P6ZEGFV2t75MB eliribble@nixos" + ] ++ (args.extraPublicKeys or []); # this is used for unit-testing this module and can be removed if not needed + + system.stateVersion = "25.05"; +} diff --git a/nixos-anywhere/digitalocean.nix b/nixos-anywhere/digitalocean.nix new file mode 100644 index 0000000..b2d5eef --- /dev/null +++ b/nixos-anywhere/digitalocean.nix @@ -0,0 +1,70 @@ +{ lib, modulesPath, ... }: +{ + imports = [ + "${modulesPath}/virtualisation/digital-ocean-config.nix" + ]; + + # do not use DHCP, as DigitalOcean provisions IPs using cloud-init + networking.useDHCP = lib.mkForce false; + + # Disables all modules that do not work with NixOS + services.cloud-init = { + enable = true; + network.enable = true; + settings = { + datasource_list = [ + "ConfigDrive" + "Digitalocean" + ]; + datasource.ConfigDrive = { }; + datasource.Digitalocean = { }; + # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl + cloud_init_modules = [ + "seed_random" + "bootcmd" + "write_files" + "growpart" + "resizefs" + "set_hostname" + "update_hostname" + # Not support on NixOS + #"update_etc_hosts" + # throws error + #"users-groups" + # tries to edit /etc/ssh/sshd_config + #"ssh" + "set_password" + ]; + cloud_config_modules = [ + "ssh-import-id" + "keyboard" + # doesn't work with nixos + #"locale" + "runcmd" + "disable_ec2_metadata" + ]; + ## The modules that run in the 'final' stage + cloud_final_modules = [ + "write_files_deferred" + "puppet" + "chef" + "ansible" + "mcollective" + "salt_minion" + "reset_rmc" + # install dotty agent fails + #"scripts_vendor" + "scripts_per_once" + "scripts_per_boot" + # /var/lib/cloud/scripts/per-instance/machine_id.sh has broken shebang + #"scripts_per_instance" + "scripts_user" + "ssh_authkey_fingerprints" + "keys_to_console" + "install_hotplug" + "phone_home" + "final_message" + ]; + }; + }; +} diff --git a/nixos-anywhere/disk-config.nix b/nixos-anywhere/disk-config.nix new file mode 100644 index 0000000..75ae234 --- /dev/null +++ b/nixos-anywhere/disk-config.nix @@ -0,0 +1,56 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos-anywhere/flake.nix b/nixos-anywhere/flake.nix new file mode 100644 index 0000000..2d524a9 --- /dev/null +++ b/nixos-anywhere/flake.nix @@ -0,0 +1,69 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + inputs.disko.url = "github:nix-community/disko"; + inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; + + outputs = + { + nixpkgs, + disko, + nixos-facter-modules, + ... + }: + { + nixosConfigurations.hetzner-cloud = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./configuration.nix + ]; + }; + # tested with 2GB/2CPU droplet, 1GB droplets do not have enough RAM for kexec + nixosConfigurations.digitalocean = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./digitalocean.nix + disko.nixosModules.disko + { disko.devices.disk.disk1.device = "/dev/vda"; } + ./configuration.nix + ]; + }; + nixosConfigurations.hetzner-cloud-aarch64 = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + disko.nixosModules.disko + ./configuration.nix + ]; + }; + + # Use this for all other targets + # nixos-anywhere --flake .#generic --generate-hardware-config nixos-generate-config ./hardware-configuration.nix + nixosConfigurations.generic = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./configuration.nix + ./hardware-configuration.nix + ]; + }; + + # Slightly experimental: Like generic, but with nixos-facter (https://github.com/numtide/nixos-facter) + # nixos-anywhere --flake .#generic-nixos-facter --generate-hardware-config nixos-facter facter.json + nixosConfigurations.generic-nixos-facter = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./configuration.nix + nixos-facter-modules.nixosModules.facter + { + config.facter.reportPath = + if builtins.pathExists ./facter.json then + ./facter.json + else + throw "Have you forgotten to run nixos-anywhere with `--generate-hardware-config nixos-facter ./facter.json`?"; + } + ]; + }; + }; +}