imterah/nix-infra
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: Make configuration installable

Browse source
This commit is contained in:
Tera << 8 2025-05-05 21:58:28 -04:00
parent dd929d89d3
commit 8a2f7309ec
Signed by: imterah
GPG key ID: 8FA7DD57BA6CEA37
4 changed files with 44 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -51,8 +51,9 @@ TODO.
### Installing the Configuration ### Installing the Configuration
1. Copy/clone the configuration over to the host to install. 1. Copy/clone the configuration over to the host to install and `cd` into it.
2. Copy the sops key data to the host you are installing on (sops `key.txt` and `ssh_host_ed25519_key` to `/var/lib/sops-nix/`) 2. Copy the sops key data to the host you are installing on (sops `key.txt` and `ssh_host_ed25519_key` to `/var/lib/sops-nix/`)
3. Run `sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount -f "$PWD#hostname"` to prepare the disk, replacing `hostname` with the host you want to install (ex. `andromeda`). 3. Run `sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount -f "$PWD#hostname"` to prepare the disk, replacing `hostname` with the host you want to install (ex. `andromeda`).
4. Before installing, prepare sops inside the mounted filesystem: `sudo mkdir -p /mnt/persist/var/lib/sops-nix/; sudo cp -r /var/lib/sops-nix/ /mnt/persist/var/lib/sops-nix/` 4. Before installing, prepare sops inside the mounted filesystem: `sudo mkdir -p /mnt/persist/var/lib/sops-nix/; sudo cp -r /var/lib/sops-nix/ /mnt/persist/var/lib/; sudo chmod -R 755 /mnt/persist/var/lib/sops-nix/`
5. Run `sudo nixos-install --flake "$PWD#hostname"` to install the OS, replacing `hostname` with the host you want to install (ex. `andromeda`). 5. Run `sudo nixos-install --flake "$PWD#hostname"` to install the OS, replacing `hostname` with the host you want to install (ex. `andromeda`).
6. Copy the current configuration into `/etc/nixos`: `sudo cp -r $PWD/. /mnt/persist/etc/nixos`

10
hosts/andromeda/hardware-configuration.nix
View file

@ -9,12 +9,13 @@
... ...
}: { }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "uas" "sd_mod"]; boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = ["dm-snapshot"]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = []; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -23,5 +24,4 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

54
system/disko.nix
View file

@ -21,28 +21,38 @@
size = "100%"; size = "100%";
name = "NixOS"; name = "NixOS";
content = { content = {
type = "btrfs"; type = "lvm_pv";
extraArgs = ["-f"]; vg = "root_vg";
subvolumes = { };
root = { };
name = "root"; };
mountpoint = "/"; };
}; };
persist = { };
name = "persist"; lvm_vg = {
mountpoint = "/persist"; root_vg = {
mountOptions = ["subvol=persist" "noatime"]; type = "lvm_vg";
}; lvs = {
home = { root = {
name = "home"; size = "100%FREE";
mountpoint = "/home"; content = {
mountOptions = ["subvol=home" "noatime"]; type = "btrfs";
}; extraArgs = ["-f"];
nix = { subvolumes = {
name = "nix"; "/root" = {
mountpoint = "/nix"; mountpoint = "/";
mountOptions = ["compress=zstd" "subvol=nix" "noatime"]; };
}; "/persist" = {
mountpoint = "/persist";
mountOptions = ["subvol=persist" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["subvol=home" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=nix" "noatime"];
}; };
}; };
}; };

8
system/sops.nix
View file

@ -9,10 +9,10 @@ in
sops = { sops = {
defaultSopsFile = "${secretspath}/secrets.yaml"; defaultSopsFile = "${secretspath}/secrets.yaml";
age = { age = {
# I'd prefer different OpenSSH keys for different hosts so I'm not 100% screwed if one of my devices get compromised. # I'd prefer different OpenSSH keys for different hosts so I'm not 100% screwed if one of my devices get compromised (SSH traffic potentially being decrypted and analyzed).
# Therefore, we set a custom path for the sops key. # Therefore, we set a custom path for the sops key & let the SSH key be generated automagically.
sshKeyPaths = ["/var/lib/sops-nix/ssh_host_ed25519_key"]; sshKeyPaths = ["/persist/var/lib/sops-nix/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt"; keyFile = "/persist/var/lib/sops-nix/key.txt";
generateKey = false; generateKey = false;
}; };
secrets = { secrets = {