From 84f6e1a93fd4cb280666126cf6be095dde614683 Mon Sep 17 00:00:00 2001 From: Kaare Hoff Skovgaard Date: Sat, 5 Jul 2025 15:35:58 +0200 Subject: [PATCH] Begin getting base setup implemented --- .gitignore | 2 + flake.lock | 183 ++++++++++++++++++ flake.nix | 41 ++++ nix/checks/hetzner-sets-ipv6/default.nix | 20 ++ nix/lib/disko-root-lvm/default.nix | 59 ++++++ nix/modules/nixos/hetzner/default.nix | 57 ++++++ nix/modules/nixos/qemu-guest/default.nix | 16 ++ nix/modules/nixos/sshd/default.nix | 4 + nix/modules/nixos/systemd-boot/default.nix | 32 +++ nix/profiles/nix-base.nix | 6 + .../photos.kaareskovgaard.net/default.nix | 5 + 11 files changed, 425 insertions(+) create mode 100644 .gitignore create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 nix/checks/hetzner-sets-ipv6/default.nix create mode 100644 nix/lib/disko-root-lvm/default.nix create mode 100644 nix/modules/nixos/hetzner/default.nix create mode 100644 nix/modules/nixos/qemu-guest/default.nix create mode 100644 nix/modules/nixos/sshd/default.nix create mode 100644 nix/modules/nixos/systemd-boot/default.nix create mode 100644 nix/profiles/nix-base.nix create mode 100644 nix/systems/x86_64-linux/photos.kaareskovgaard.net/default.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ba2a798 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result/ +.DS_Store diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..7b10a36 --- /dev/null +++ b/flake.lock @@ -0,0 +1,183 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751607816, + "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", + "owner": "nix-community", + "repo": "disko", + "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-base": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "snowfall-lib": "snowfall-lib", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1751720970, + "narHash": "sha256-Fe8yQfmjlgNSrkBU/5FcYBQVsOFyfxe73C1zfsHhXDU=", + "ref": "refs/heads/main", + "rev": "b3ddb341d8bfe6fb5f618dfee1f720a3deeee47d", + "revCount": 10, + "type": "git", + "url": "https://khs.codes/nix/flake-base" + }, + "original": { + "type": "git", + "url": "https://khs.codes/nix/flake-base" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1715533576, + "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1751582995, + "narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "flake-base": "flake-base", + "nixpkgs": "nixpkgs" + } + }, + "snowfall-lib": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils-plus": "flake-utils-plus", + "nixpkgs": [ + "flake-base", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736130495, + "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "flake-base", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..74ad618 --- /dev/null +++ b/flake.nix @@ -0,0 +1,41 @@ +{ + description = "A very basic flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + flake-base = { + url = "git+https://khs.codes/nix/flake-base"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + inputs@{ self, ... }: + inputs.flake-base.lib.mkFlake { + inherit inputs; + src = ./.; + systems.modules.nixos = [ inputs.disko.nixosModules.disko ]; + snowfall = { + root = ./nix; + namespace = "khscodes"; + meta = { + title = "Nix machines for KHS"; + name = "Machines"; + }; + }; + modules.nixos.default = { + imports = [ + self.nixosModules.hetzner + self.nixosModules.sshd + self.nixosModules.sshd + self.nixosModules.systemd-boot + self.nixosModules.qemu-guest + inputs.disko.nixosModules.disko + ]; + }; + }; +} diff --git a/nix/checks/hetzner-sets-ipv6/default.nix b/nix/checks/hetzner-sets-ipv6/default.nix new file mode 100644 index 0000000..3c4b332 --- /dev/null +++ b/nix/checks/hetzner-sets-ipv6/default.nix @@ -0,0 +1,20 @@ +{ inputs, pkgs, ... }: +pkgs.nixosTest { + name = "hetzner-will-boot"; + nodes.machine = + { ... }: + { + imports = [ inputs.self.nixosModules.default ]; + khscodes.hetzner = { + enable = true; + ipv6-addr = "dead:beef:cafe::1"; + }; + system.stateVersion = "25.05"; + }; + testScript = '' + machine.start(allow_reboot = True) + machine.wait_for_unit("multi-user.target") + ipv6 = machine.succeed("ip addr") + assert "dead:beef:cafe::1" in ipv6 + ''; +} diff --git a/nix/lib/disko-root-lvm/default.nix b/nix/lib/disko-root-lvm/default.nix new file mode 100644 index 0000000..8891d9f --- /dev/null +++ b/nix/lib/disko-root-lvm/default.nix @@ -0,0 +1,59 @@ +{ ... }: +{ + disko-root-lvm = + { + diskName, + device, + espSize ? "500M", + bootPartName ? "ESP", + rootPartName ? "primary", + volumeGroupName ? "mainpool", + rootLvName ? "root", + }: + { + devices.disk = { + "${diskName}" = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "${bootPartName}" = { + size = espSize; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + "${rootPartName}" = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = volumeGroupName; + }; + }; + }; + }; + }; + }; + devices.lvm_vg = { + "${volumeGroupName}" = { + type = "lvm_vg"; + lvs = { + "${rootLvName}" = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ "defaults" ]; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/modules/nixos/hetzner/default.nix b/nix/modules/nixos/hetzner/default.nix new file mode 100644 index 0000000..5d7b4ee --- /dev/null +++ b/nix/modules/nixos/hetzner/default.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + system, + ... +}: +let + cfg = config.khscodes.hetzner; +in +{ + options.khscodes.hetzner = { + enable = lib.mkEnableOption "Enables the machine as a hetzner machine"; + ipv6-addr = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "IPv6 address of the server, for now detecting this from the server itself is not supported"; + default = null; + }; + diskName = lib.mkOption { + type = lib.types.str; + default = "nixos"; + description = "Name of the root disk device"; + }; + }; + + config = lib.mkIf cfg.enable { + disko = lib.khscodes.disko-root-lvm { + device = "/dev/sda"; + diskName = cfg.diskName; + }; + + boot.tmp.cleanOnBoot = lib.mkDefault true; + boot.initrd.kernelModules = lib.mkIf (system == "aarch64-linux") [ "virtio_gpu" ]; + boot.kernelParams = lib.mkIf (system == "aarch64-linux") [ "console=tty" ]; + zramSwap.enable = lib.mkDefault true; + khscodes.systemd-boot.enable = lib.mkDefault true; + khscodes.qemu-guest.enable = true; + networking = { + useDHCP = false; + useNetworkd = false; + }; + systemd.network = { + enable = true; + networks."10-enp1s0" = { + matchConfig.Name = [ + "eth0" + "enp1s0" + ]; + networkConfig = { + DHCP = "ipv4"; + }; + routes = [ { Gateway = "fe80::1"; } ]; + linkConfig.RequiredForOnline = "routable"; + address = lib.mkIf (cfg.ipv6-addr != null) [ cfg.ipv6-addr ]; + }; + }; + }; +} diff --git a/nix/modules/nixos/qemu-guest/default.nix b/nix/modules/nixos/qemu-guest/default.nix new file mode 100644 index 0000000..f84f00c --- /dev/null +++ b/nix/modules/nixos/qemu-guest/default.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + modulesPath, + ... +}: +let + cfg = config.khscodes.hetzner; +in +{ + options.khscodes.qemu-guest = { + enable = lib.mkEnableOption "Configures machine with NixOS profile for qemu guest"; + }; + + config = lib.mkIf cfg.enable (import "${modulesPath}/profiles/qemu-guest.nix" { }); +} diff --git a/nix/modules/nixos/sshd/default.nix b/nix/modules/nixos/sshd/default.nix new file mode 100644 index 0000000..18d0b32 --- /dev/null +++ b/nix/modules/nixos/sshd/default.nix @@ -0,0 +1,4 @@ +{ config, lib, ... }: +{ + +} diff --git a/nix/modules/nixos/systemd-boot/default.nix b/nix/modules/nixos/systemd-boot/default.nix new file mode 100644 index 0000000..62860f6 --- /dev/null +++ b/nix/modules/nixos/systemd-boot/default.nix @@ -0,0 +1,32 @@ +{ config, lib, ... }: +let + cfg = config.khscodes.systemd-boot; +in +{ + options.khscodes.systemd-boot = { + enable = lib.mkEnableOption "Enables booting using systemd"; + configuration-limit = lib.mkOption { + type = lib.types.int; + description = ""; + default = 5; + }; + }; + + config = lib.mkIf cfg.enable { + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = cfg.configuration-limit; + }; + grub = { + enable = false; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + }; +} diff --git a/nix/profiles/nix-base.nix b/nix/profiles/nix-base.nix new file mode 100644 index 0000000..d74f5a2 --- /dev/null +++ b/nix/profiles/nix-base.nix @@ -0,0 +1,6 @@ +{ + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; +} diff --git a/nix/systems/x86_64-linux/photos.kaareskovgaard.net/default.nix b/nix/systems/x86_64-linux/photos.kaareskovgaard.net/default.nix new file mode 100644 index 0000000..5fd381c --- /dev/null +++ b/nix/systems/x86_64-linux/photos.kaareskovgaard.net/default.nix @@ -0,0 +1,5 @@ +{ config, lib, ... }: +{ + khscodes.hetzner.enable = true; + system.stateVersion = "25.05"; +}