Begin getting base setup implemented

2025-07-05 15:35:58 +02:00 · 2025-07-05 15:35:58 +02:00 · 84f6e1a93f
commit 84f6e1a93f
parent 453099b068
11 changed files with 425 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+result/
+.DS_Store
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,183 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1751607816,
+        "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "flake-base": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "snowfall-lib": "snowfall-lib",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1751720970,
+        "narHash": "sha256-Fe8yQfmjlgNSrkBU/5FcYBQVsOFyfxe73C1zfsHhXDU=",
+        "ref": "refs/heads/main",
+        "rev": "b3ddb341d8bfe6fb5f618dfee1f720a3deeee47d",
+        "revCount": 10,
+        "type": "git",
+        "url": "https://khs.codes/nix/flake-base"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://khs.codes/nix/flake-base"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils-plus": {
+      "inputs": {
+        "flake-utils": "flake-utils"
+      },
+      "locked": {
+        "lastModified": 1715533576,
+        "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
+        "owner": "gytis-ivaskevicius",
+        "repo": "flake-utils-plus",
+        "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gytis-ivaskevicius",
+        "repo": "flake-utils-plus",
+        "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1751582995,
+        "narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "flake-base": "flake-base",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "snowfall-lib": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils-plus": "flake-utils-plus",
+        "nixpkgs": [
+          "flake-base",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736130495,
+        "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=",
+        "owner": "snowfallorg",
+        "repo": "lib",
+        "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac",
+        "type": "github"
+      },
+      "original": {
+        "owner": "snowfallorg",
+        "repo": "lib",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "flake-base",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750931469,
+        "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,41 @@
+{
+  description = "A very basic flake";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    flake-base = {
+      url = "git+https://khs.codes/nix/flake-base";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs =
+    inputs@{ self, ... }:
+    inputs.flake-base.lib.mkFlake {
+      inherit inputs;
+      src = ./.;
+      systems.modules.nixos = [ inputs.disko.nixosModules.disko ];
+      snowfall = {
+        root = ./nix;
+        namespace = "khscodes";
+        meta = {
+          title = "Nix machines for KHS";
+          name = "Machines";
+        };
+      };
+      modules.nixos.default = {
+        imports = [
+          self.nixosModules.hetzner
+          self.nixosModules.sshd
+          self.nixosModules.sshd
+          self.nixosModules.systemd-boot
+          self.nixosModules.qemu-guest
+          inputs.disko.nixosModules.disko
+        ];
+      };
+    };
+}
--- a/nix/checks/hetzner-sets-ipv6/default.nix
+++ b/nix/checks/hetzner-sets-ipv6/default.nix
@ -0,0 +1,20 @@
+{ inputs, pkgs, ... }:
+pkgs.nixosTest {
+  name = "hetzner-will-boot";
+  nodes.machine =
+    { ... }:
+    {
+      imports = [ inputs.self.nixosModules.default ];
+      khscodes.hetzner = {
+        enable = true;
+        ipv6-addr = "dead:beef:cafe::1";
+      };
+      system.stateVersion = "25.05";
+    };
+  testScript = ''
+    machine.start(allow_reboot = True)
+    machine.wait_for_unit("multi-user.target")
+    ipv6 = machine.succeed("ip addr")
+    assert "dead:beef:cafe::1" in ipv6
+  '';
+}
--- a/nix/lib/disko-root-lvm/default.nix
+++ b/nix/lib/disko-root-lvm/default.nix
@ -0,0 +1,59 @@
+{ ... }:
+{
+  disko-root-lvm =
+    {
+      diskName,
+      device,
+      espSize ? "500M",
+      bootPartName ? "ESP",
+      rootPartName ? "primary",
+      volumeGroupName ? "mainpool",
+      rootLvName ? "root",
+    }:
+    {
+      devices.disk = {
+        "${diskName}" = {
+          inherit device;
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              "${bootPartName}" = {
+                size = espSize;
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                  mountOptions = [ "umask=0077" ];
+                };
+              };
+              "${rootPartName}" = {
+                size = "100%";
+                content = {
+                  type = "lvm_pv";
+                  vg = volumeGroupName;
+                };
+              };
+            };
+          };
+        };
+      };
+      devices.lvm_vg = {
+        "${volumeGroupName}" = {
+          type = "lvm_vg";
+          lvs = {
+            "${rootLvName}" = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+                mountOptions = [ "defaults" ];
+              };
+            };
+          };
+        };
+      };
+    };
+}
--- a/nix/modules/nixos/hetzner/default.nix
+++ b/nix/modules/nixos/hetzner/default.nix
@ -0,0 +1,57 @@
+{
+  config,
+  lib,
+  system,
+  ...
+}:
+let
+  cfg = config.khscodes.hetzner;
+in
+{
+  options.khscodes.hetzner = {
+    enable = lib.mkEnableOption "Enables the machine as a hetzner machine";
+    ipv6-addr = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      description = "IPv6 address of the server, for now detecting this from the server itself is not supported";
+      default = null;
+    };
+    diskName = lib.mkOption {
+      type = lib.types.str;
+      default = "nixos";
+      description = "Name of the root disk device";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    disko = lib.khscodes.disko-root-lvm {
+      device = "/dev/sda";
+      diskName = cfg.diskName;
+    };
+
+    boot.tmp.cleanOnBoot = lib.mkDefault true;
+    boot.initrd.kernelModules = lib.mkIf (system == "aarch64-linux") [ "virtio_gpu" ];
+    boot.kernelParams = lib.mkIf (system == "aarch64-linux") [ "console=tty" ];
+    zramSwap.enable = lib.mkDefault true;
+    khscodes.systemd-boot.enable = lib.mkDefault true;
+    khscodes.qemu-guest.enable = true;
+    networking = {
+      useDHCP = false;
+      useNetworkd = false;
+    };
+    systemd.network = {
+      enable = true;
+      networks."10-enp1s0" = {
+        matchConfig.Name = [
+          "eth0"
+          "enp1s0"
+        ];
+        networkConfig = {
+          DHCP = "ipv4";
+        };
+        routes = [ { Gateway = "fe80::1"; } ];
+        linkConfig.RequiredForOnline = "routable";
+        address = lib.mkIf (cfg.ipv6-addr != null) [ cfg.ipv6-addr ];
+      };
+    };
+  };
+}
--- a/nix/modules/nixos/qemu-guest/default.nix
+++ b/nix/modules/nixos/qemu-guest/default.nix
@ -0,0 +1,16 @@
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+let
+  cfg = config.khscodes.hetzner;
+in
+{
+  options.khscodes.qemu-guest = {
+    enable = lib.mkEnableOption "Configures machine with NixOS profile for qemu guest";
+  };
+
+  config = lib.mkIf cfg.enable (import "${modulesPath}/profiles/qemu-guest.nix" { });
+}
--- a/nix/modules/nixos/sshd/default.nix
+++ b/nix/modules/nixos/sshd/default.nix
@ -0,0 +1,4 @@
+{ config, lib, ... }:
+{
+
+}
--- a/nix/modules/nixos/systemd-boot/default.nix
+++ b/nix/modules/nixos/systemd-boot/default.nix
@ -0,0 +1,32 @@
+{ config, lib, ... }:
+let
+  cfg = config.khscodes.systemd-boot;
+in
+{
+  options.khscodes.systemd-boot = {
+    enable = lib.mkEnableOption "Enables booting using systemd";
+    configuration-limit = lib.mkOption {
+      type = lib.types.int;
+      description = "";
+      default = 5;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    boot = {
+      loader = {
+        systemd-boot = {
+          enable = true;
+          configurationLimit = cfg.configuration-limit;
+        };
+        grub = {
+          enable = false;
+        };
+        efi = {
+          canTouchEfiVariables = true;
+          efiSysMountPoint = "/boot";
+        };
+      };
+    };
+  };
+}
--- a/nix/profiles/nix-base.nix
+++ b/nix/profiles/nix-base.nix
@ -0,0 +1,6 @@
+{
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+}
--- a/nix/systems/x86_64-linux/photos.kaareskovgaard.net/default.nix
+++ b/nix/systems/x86_64-linux/photos.kaareskovgaard.net/default.nix
@ -0,0 +1,5 @@
+{ config, lib, ... }:
+{
+  khscodes.hetzner.enable = true;
+  system.stateVersion = "25.05";
+}