Finish provisioning Ranger for NixOS. Begin configuring colmena deployments for Bard, Ranger, Cleric.

2024-09-24 13:19:54 -07:00 · 2024-09-24 13:19:54 -07:00 · 82763c0042
commit 82763c0042
parent 2aface978b
5 changed files with 170 additions and 10 deletions
--- a/nix/nix-lab/configuration.nix
+++ b/nix/nix-lab/configuration.nix
--- a/nix/nix-lab/flake.lock
+++ b/nix/nix-lab/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1726969270,
+        "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/nix/nix-lab/flake.nix
+++ b/nix/nix-lab/flake.nix
@ -1,21 +1,35 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
  };
  outputs = { nixpkgs, ... }: {
-    colmena.meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; };
    colmena = { 
-      meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; }; 
+      meta = { 
+        nixpkgs = import nixpkgs { system = "x86_64-linux"; }; 
+      }; 
      defaults = { pkgs, ... }: { 
+        environment.systemPackages = with pkgs; [
+          vim
+        ];
+        security.sudo = {
+          enable = true;
+          extraRules = [{
+            commands = [
+              {
+                command = "ALL";
+                options = [ "NOPASSWD" ];
+              }
+            ];
+            groups = [ "wheel" ];
+          }];
+        };
        services.openssh = {
          enable = true;
          settings.PasswordAuthentication = false;
          settings.KbdInteractiveAuthentication = false;
        };
        users.users = {
-          root.hashedPassword = "$6$M5J7E21L9VQvMUEs$tmsV2NRtQmEnEkD/gim.8ODzJHL1n59ZTGoTPBSQ.W40vVfA.BwReni5WP4zkbbagnV2Tzkt47IS/iTeznboi.";
          admin = {
-            hashedPassword = "$6$BVCN7OEtet3lFORl$KHCg6Z9cUE6FyRKtcGp.ts2Z7KaBO6/RKUQhWxiYHCXvFdVIUlejCzTIQtnp9115pqKO4RRrUaIoQXMAOKGNQ.";
            isNormalUser = true;
            description = "admin";
            extraGroups = [ "networkmanager" "wheel" ];
@ -24,13 +38,46 @@
                url = "https://github.com/Jafner.keys";
                sha256 = "1i3Vs6mPPl965g3sRmbXGzx6zQBs5geBCgNx2zfpjF4=";
              };
-            in pkgs.lib.splitString "\n" (builtins.readFile
-            authorizedKeys);
+            in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys);
          };
        };
-
+        networking = {
+          hostName = ""; 
+          interfaces."enp1s0" = {
+            useDHCP = true;
+            macAddress = "";
+            ipv4.addresses = [ { address = ""; prefixLength = 24; } ];
+          };
+        };
+        time.timeZone = "America/Los_Angeles";
+      };
+      bard = { name, nodes, ... }: {
+        deployment = {
+          targetUser = "admin";
+          targetHost = "192.168.1.31";
+        };
+        networking.hostName = "bard";
+        networking.interfaces."enp1s0".macAddress = "6c:2b:59:37:89:40";
+        networking.interfaces."enp1s0".ipv4.addresses.address = "192.168.1.31";
+      };
+      ranger = { name, nodes, ... }: {
+        deployment = {
+          targetUser = "admin";
+          targetHost = "192.168.1.32";
+        };
+        networking.hostName = "ranger";
+        networking.interfaces."enp1s0".macAddress = "6c:2b:59:37:9e:91";
+        networking.interfaces."enp1s0".ipv4.addresses.address = "192.168.1.32";
+      };
+      cleric = { name, nodes, ... }: {
+        deployment = {
+          targetUser = "admin";
+          targetHost = "192.168.1.33";
+        };
+        networking.hostName = "cleric";
+        networking.interfaces."enp1s0".macAddress = "6c:2b:59:37:9e:00";
+        networking.interfaces."enp1s0".ipv4.addresses.address = "192.168.1.33";
      };
-      
    };
  };
 }
--- a/nix/nixos-anywhere/flake.nix
+++ b/nix/nixos-anywhere/flake.nix
@ -25,6 +25,24 @@
        ./configuration.nix
      ];
    };
+    nixosConfigurations.ranger = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        disko.nixosModules.disko
+        { disko.devices.disk.disk1.device = "/dev/sda"; }
+        { 
+          networking = {
+            hostName = "ranger"; 
+            interfaces."enp1s0" = {
+              useDHCP = true;
+              macAddress = "6c:2b:59:37:9e:91";
+              ipv4.addresses = [ { address = "192.168.1.32"; prefixLength = 24; } ];
+            };
+          };
+        }
+        ./configuration.nix
+      ];
+    };
    nixosConfigurations.cleric = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
--- a/nix/nixos-anywhere/notes.md
+++ b/nix/nixos-anywhere/notes.md
@ -303,4 +303,72 @@ There are a few tools on the market for deploying configuration updates to a Nix

 We'll go with Colmena, and use NixOps and Morph as references for how things have been done before.

-Further notes will be located at [`nix/nix-lab/notes.md`](../nix-lab/notes.md).
+Further notes will be located at [`nix/nix-lab/notes.md`](../nix-lab/notes.md).
+
+# Ranger
+1. Boot from NixOS minimal installer ISO.
+2. Configure SSH authorized_keys for the installer. 
+```sh
+mkdir ~/.ssh && curl https://github.com/Jafner.keys > ~/.ssh/authorized_keys
+```
+3. Format and partition our boot disk.
+
+```sh
+sudo parted /dev/sda -- mklabel gpt
+sudo parted /dev/sda -- mkpart primary 512MB -8GB
+sudo parted /dev/sda -- mkpart primary linux-swap -8GB 100%
+sudo parted /dev/sda -- mkpart ESP fat32 1MB 512MB
+sudo parted /dev/sda -- set 3 esp on
+sudo mkfs.ext4 -L nixos /dev/sda1
+sudo mkswap -L swap /dev/sda2
+sudo swapon /dev/sda2
+sudo mkfs.fat -F 32 -n boot /dev/sda3
+sudo mount /dev/disk/by-label/nixos /mnt
+sudo mkdir -p /mnt/boot
+sudo mount /dev/disk/by-label/boot /mnt/boot
+```
+4. Generate our `hardware-configuration.nix`.
+```sh
+sudo nixos-generate-config --root /mnt
+```
+5. Configuration the host's `/mnt/etc/nixos/configuration.nix`.
+   1. Generate root password, then hash it with `mkpasswd -m sha-512`.
+   2. Generate admin password, then hash it with `mkpasswd -m sha-512`.
+   3. Get network config (hostname, MAC, ipv4).
+```nix
+{ config, lib, pkgs, ... }:
+{   
+  imports = [ ./hardware-configuration.nix ];
+  users.users.root.hashedPassword = "$6$QkcEnf/kzljg./Ux$XvNFdS9o9Psxi.xoFrat7EA7w.WJq/B/7kCf5WQSQkVWRrlfzm.wjKabTpz8LMquu5iWGldS9OjhFJxpryc4s0";
+  users.users.admin = {
+    hashedPassword = "$6$z1aBZwdnsJJCjATF$wxAgBjf.36miVtDBP/L6jT8kGtAfvIH7EcdT8/VpYT4y9x1fO10VPOPpecH6UPJ9qbmw1UkOD3G29UfpZEiS70";
+    isNormalUser = true;
+    description = "admin";
+    extraGroups = [ "networkmanager" "wheel" ];
+    openssh.authorizedKeys.keys = let
+      authorizedKeys = pkgs.fetchurl {
+        url = "https://github.com/Jafner.keys";
+        sha256 = "1i3Vs6mPPl965g3sRmbXGzx6zQBs5geBCgNx2zfpjF4=";
+      };
+    in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys);
+  };
+  networking = {
+    hostName = "bard"; 
+    interfaces."enp1s0" = {
+      useDHCP = true;
+      macAddress = "6c:2b:59:37:9e:91";
+      ipv4.addresses = [ { address = "192.168.1.32"; prefixLength = 24; } ];
+    };
+  };  
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  system.stateVersion = "24.05"; 
+}
+```
+6. Install the config. `sudo nixos-install`
+7. Reboot. `sudo reboot now`.