diff --git a/nix/nix-lab/configuration.nix b/nix/nix-lab/configuration.nix deleted file mode 100644 index e69de29b..00000000 diff --git a/nix/nix-lab/flake.lock b/nix/nix-lab/flake.lock new file mode 100644 index 00000000..3ff7da6a --- /dev/null +++ b/nix/nix-lab/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1726969270, + "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/nix-lab/flake.nix b/nix/nix-lab/flake.nix index 3ecb7a5d..f0fdafa0 100644 --- a/nix/nix-lab/flake.nix +++ b/nix/nix-lab/flake.nix @@ -1,21 +1,35 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05" + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; }; outputs = { nixpkgs, ... }: { - colmena.meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; }; colmena = { - meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; }; + meta = { + nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + }; defaults = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + vim + ]; + security.sudo = { + enable = true; + extraRules = [{ + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + groups = [ "wheel" ]; + }]; + }; services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; users.users = { - root.hashedPassword = "$6$M5J7E21L9VQvMUEs$tmsV2NRtQmEnEkD/gim.8ODzJHL1n59ZTGoTPBSQ.W40vVfA.BwReni5WP4zkbbagnV2Tzkt47IS/iTeznboi."; admin = { - hashedPassword = "$6$BVCN7OEtet3lFORl$KHCg6Z9cUE6FyRKtcGp.ts2Z7KaBO6/RKUQhWxiYHCXvFdVIUlejCzTIQtnp9115pqKO4RRrUaIoQXMAOKGNQ."; isNormalUser = true; description = "admin"; extraGroups = [ "networkmanager" "wheel" ]; @@ -24,13 +38,46 @@ url = "https://github.com/Jafner.keys"; sha256 = "1i3Vs6mPPl965g3sRmbXGzx6zQBs5geBCgNx2zfpjF4="; }; - in pkgs.lib.splitString "\n" (builtins.readFile - authorizedKeys); + in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys); }; }; - + networking = { + hostName = ""; + interfaces."enp1s0" = { + useDHCP = true; + macAddress = ""; + ipv4.addresses = [ { address = ""; prefixLength = 24; } ]; + }; + }; + time.timeZone = "America/Los_Angeles"; + }; + bard = { name, nodes, ... }: { + deployment = { + targetUser = "admin"; + targetHost = "192.168.1.31"; + }; + networking.hostName = "bard"; + networking.interfaces."enp1s0".macAddress = "6c:2b:59:37:89:40"; + networking.interfaces."enp1s0".ipv4.addresses.address = "192.168.1.31"; + }; + ranger = { name, nodes, ... }: { + deployment = { + targetUser = "admin"; + targetHost = "192.168.1.32"; + }; + networking.hostName = "ranger"; + networking.interfaces."enp1s0".macAddress = "6c:2b:59:37:9e:91"; + networking.interfaces."enp1s0".ipv4.addresses.address = "192.168.1.32"; + }; + cleric = { name, nodes, ... }: { + deployment = { + targetUser = "admin"; + targetHost = "192.168.1.33"; + }; + networking.hostName = "cleric"; + networking.interfaces."enp1s0".macAddress = "6c:2b:59:37:9e:00"; + networking.interfaces."enp1s0".ipv4.addresses.address = "192.168.1.33"; }; - }; }; } \ No newline at end of file diff --git a/nix/nixos-anywhere/flake.nix b/nix/nixos-anywhere/flake.nix index dc5f0c02..9de1551d 100644 --- a/nix/nixos-anywhere/flake.nix +++ b/nix/nixos-anywhere/flake.nix @@ -25,6 +25,24 @@ ./configuration.nix ]; }; + nixosConfigurations.ranger = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + { disko.devices.disk.disk1.device = "/dev/sda"; } + { + networking = { + hostName = "ranger"; + interfaces."enp1s0" = { + useDHCP = true; + macAddress = "6c:2b:59:37:9e:91"; + ipv4.addresses = [ { address = "192.168.1.32"; prefixLength = 24; } ]; + }; + }; + } + ./configuration.nix + ]; + }; nixosConfigurations.cleric = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/nix/nixos-anywhere/notes.md b/nix/nixos-anywhere/notes.md index 6f2b2c9c..751f78ed 100644 --- a/nix/nixos-anywhere/notes.md +++ b/nix/nixos-anywhere/notes.md @@ -303,4 +303,72 @@ There are a few tools on the market for deploying configuration updates to a Nix We'll go with Colmena, and use NixOps and Morph as references for how things have been done before. -Further notes will be located at [`nix/nix-lab/notes.md`](../nix-lab/notes.md). \ No newline at end of file +Further notes will be located at [`nix/nix-lab/notes.md`](../nix-lab/notes.md). + +# Ranger +1. Boot from NixOS minimal installer ISO. +2. Configure SSH authorized_keys for the installer. +```sh +mkdir ~/.ssh && curl https://github.com/Jafner.keys > ~/.ssh/authorized_keys +``` +3. Format and partition our boot disk. + +```sh +sudo parted /dev/sda -- mklabel gpt +sudo parted /dev/sda -- mkpart primary 512MB -8GB +sudo parted /dev/sda -- mkpart primary linux-swap -8GB 100% +sudo parted /dev/sda -- mkpart ESP fat32 1MB 512MB +sudo parted /dev/sda -- set 3 esp on +sudo mkfs.ext4 -L nixos /dev/sda1 +sudo mkswap -L swap /dev/sda2 +sudo swapon /dev/sda2 +sudo mkfs.fat -F 32 -n boot /dev/sda3 +sudo mount /dev/disk/by-label/nixos /mnt +sudo mkdir -p /mnt/boot +sudo mount /dev/disk/by-label/boot /mnt/boot +``` +4. Generate our `hardware-configuration.nix`. +```sh +sudo nixos-generate-config --root /mnt +``` +5. Configuration the host's `/mnt/etc/nixos/configuration.nix`. + 1. Generate root password, then hash it with `mkpasswd -m sha-512`. + 2. Generate admin password, then hash it with `mkpasswd -m sha-512`. + 3. Get network config (hostname, MAC, ipv4). +```nix +{ config, lib, pkgs, ... }: +{ + imports = [ ./hardware-configuration.nix ]; + users.users.root.hashedPassword = "$6$QkcEnf/kzljg./Ux$XvNFdS9o9Psxi.xoFrat7EA7w.WJq/B/7kCf5WQSQkVWRrlfzm.wjKabTpz8LMquu5iWGldS9OjhFJxpryc4s0"; + users.users.admin = { + hashedPassword = "$6$z1aBZwdnsJJCjATF$wxAgBjf.36miVtDBP/L6jT8kGtAfvIH7EcdT8/VpYT4y9x1fO10VPOPpecH6UPJ9qbmw1UkOD3G29UfpZEiS70"; + isNormalUser = true; + description = "admin"; + extraGroups = [ "networkmanager" "wheel" ]; + openssh.authorizedKeys.keys = let + authorizedKeys = pkgs.fetchurl { + url = "https://github.com/Jafner.keys"; + sha256 = "1i3Vs6mPPl965g3sRmbXGzx6zQBs5geBCgNx2zfpjF4="; + }; + in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys); + }; + networking = { + hostName = "bard"; + interfaces."enp1s0" = { + useDHCP = true; + macAddress = "6c:2b:59:37:9e:91"; + ipv4.addresses = [ { address = "192.168.1.32"; prefixLength = 24; } ]; + }; + }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + }; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + system.stateVersion = "24.05"; +} +``` +6. Install the config. `sudo nixos-install` +7. Reboot. `sudo reboot now`. \ No newline at end of file