netcup-nue01/netcup-ams01: init

2024-12-25 21:08:59 +00:00 · 2024-12-25 21:08:59 +00:00 · 4eae813277
commit 4eae813277
parent 9d276a55d2
9 changed files with 233 additions and 9 deletions
--- a/ops/nixos/default.nix
+++ b/ops/nixos/default.nix
@ -7,7 +7,7 @@ let
  inherit (builtins) foldl' mapAttrs;
  inherit (lib) filterAttrs;
  baseModule = name: { ... }: {
-    _module.args = args // {
+    _module.args = {
      rebuilder = rebuilder name;
      pkgs = lib.mkForce pkgs;
    };
@ -16,6 +16,7 @@ let
    (depot.third_party.nixeval {
      inherit system;
      modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ];
+      specialArgs = args;
    });
  systems = [
    "porcorosso"
@ -44,6 +45,8 @@ let
    "cofractal-ams01"
    "laputa"
    "rexxar"
+    "netcup-nue01"
+    "netcup-ams01"
  ];
  rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
  systemCfgs = lib.genAttrs systems
--- a/ops/nixos/install.sh
+++ b/ops/nixos/install.sh
@ -1,6 +1,6 @@
 #!/bin/sh

-# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
 #
 # SPDX-License-Identifier: Apache-2.0

@ -32,13 +32,16 @@ depot_path() {
 	echo "$pd"
 }

-readonly targethostname="$1"
-readonly depot="$(depot_path)"
+targethostname="$1"
+readonly targethostname
+depot="$(depot_path)"
+readonly depot
 if [ "$depot" = "" ]; then
 	echo "This script needs to be executed in-depot (or the script itself should be in-depot)."
 	exit 1
 fi
-readonly system="$(nix-build -E '(import "'"$(depot_path)"'" {}).ops.nixos.'"${targethostname}" --option sandbox false --no-out-link)"
+system="$(nix-build -E '(import "'"$(depot_path)"'" {}).ops.nixos.'"${targethostname}" --option sandbox false --no-out-link)"
+readonly system
 nixos-install --root /mnt --system "$system" --no-root-passwd

 echo "Copying myself..."
--- a/ops/nixos/installcd/default.nix
+++ b/ops/nixos/installcd/default.nix
@ -5,6 +5,65 @@
 { depot, lib, pkgs, config, ... }:
 let
  inherit (depot.ops) secrets;
+
+  systems = [ "netcup-nue01" "netcup-ams01" ];
+
+  depot-install = pkgs.writeShellApplication {
+    name = "depot-install";
+    text = ''
+      # SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+      #
+      # SPDX-License-Identifier: Apache-2.0
+
+      set -euo pipefail
+
+      if [ $EUID -ne 0 ]; then
+        exec sudo "$0" "$@"
+      fi
+
+      targethostname="$1"
+      readonly targethostname
+
+      ${lib.concatMapStringsSep "\n" (x: ''
+        if [[ "$targethostname" == "${x}" ]]; then
+          system="${depot.ops.nixos.systems.${x}}"
+        fi
+      '') systems}
+      if [[ -z "''${system+.}" ]]; then
+        echo "no system found :( - pick one of ${lib.concatStringsSep " " systems}" >&2
+        exit 1
+      fi
+
+      if [[ -z "''${DONT_DISKO+.}" ]]; then
+        "disko-$targethostname"
+      fi
+      exec nixos-install \
+        --root /mnt \
+        --system "$system" \
+        --option builders "" \
+        --option substituters "" \
+        --option download-attempts 0 \
+        --option connect-timeout 1 \
+        --no-root-passwd --no-channel-copy
+    '';
+  };
+  diskos = pkgs.stdenvNoCC.mkDerivation {
+    name = "diskos";
+
+    dontUnpack = true;
+    dontBuild = true;
+
+    installPhase = ''
+      runHook preInstall
+
+      mkdir $out/bin -p
+      ${lib.concatMapStringsSep "\n" (x: ''
+        ln -s "${depot.ops.nixos.systemConfigs.${x}.config.system.build.diskoScript}" "$out/bin/disko-${x}"
+      '') systems}
+
+      runHook postInstall
+    '';
+  };
 in {
  imports = [
    ../../../third_party/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
@ -12,11 +71,12 @@ in {

  isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso";

-  isoImage.storeContents = [
-    depot.ops.nixos.systems.bvm-forgejo
+  environment.systemPackages = [
+    depot-install
+    diskos
  ];

  system.disableInstallerTools = false;

-  system.stateVersion = "24.05";
+  system.stateVersion = "24.11";
 }
--- a/ops/nixos/lib/coredns/zones/db.as205479.net
+++ b/ops/nixos/lib/coredns/zones/db.as205479.net
@ -3,7 +3,7 @@
 ; SPDX-License-Identifier: Apache-2.0

 ;              MNAME                        RNAME                  SERIAL REFRESH RETRY EXPIRE TTL
-@ 600 IN SOA   frantech-lux01.as205479.net. hostmaster.lukegb.com. 61     600     450   3600   300
+@ 600 IN SOA   frantech-lux01.as205479.net. hostmaster.lukegb.com. 62     600     450   3600   300

 ; NB: this are also glue records in Google Domains.
 $INCLUDE tmpl.ns
@ -72,9 +72,13 @@ cofractal-ams01.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6253:2482

 netcup-nue01        3600 IN A    152.53.119.209
 netcup-nue01        3600 IN AAAA 2a0a:4cc0:c0:3127::1
+netcup-nue01.int    3600 IN A    100.75.106.106
+netcup-nue01.int    3600 IN AAAA fd7a:115c:a1e0::ac01:6a6d

 netcup-ams01        3600 IN A    152.53.107.70
 netcup-ams01        3600 IN AAAA 2a0a:4cc0:40:1bc::1
+netcup-ams01.int    3600 IN A    100.107.159.58
+netcup-ams01.int    3600 IN AAAA fd7a:115c:a1e0::9701:9f3a

 rexxar              3600 IN A    195.74.55.21
 rexxar              3600 IN AAAA 2a03:ee40:8080:9:1::2
--- a/ops/nixos/lib/netcup-disk-config.nix
+++ b/ops/nixos/lib/netcup-disk-config.nix
@ -0,0 +1,35 @@
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, lib, ... }:
+
+{
+  disko.devices.disk.main = {
+    device = lib.mkDefault "/dev/vda";
+    type = "disk";
+    content = {
+      type = "gpt";
+      partitions = {
+        ESP = {
+          type = "EF00";
+          size = "500M";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+            mountOptions = [ "umask=077" ];
+          };
+        };
+        root = {
+          size = "100%";
+          content = {
+            type = "filesystem";
+            format = "ext4";
+            mountpoint = "/";
+          };
+        };
+      };
+    };
+  };
+}
--- a/ops/nixos/lib/netcup.nix
+++ b/ops/nixos/lib/netcup.nix
@ -0,0 +1,51 @@
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, lib, pkgs, rebuilder, config, ... }:
+let
+  inherit (depot.ops) secrets;
+in {
+  imports = [
+    ../../../third_party/nixpkgs/nixos/modules/profiles/qemu-guest.nix
+    ../lib/minimal.nix
+    "${depot.third_party.disko}/module.nix"
+    ./netcup-disk-config.nix
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sr_mod"
+    "virtio_blk"
+  ];
+
+  services.qemuGuest.enable = true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+
+  # Networking!
+  networking = {
+    domain = "as205479.net";
+
+    nameservers = [
+      "2001:4860:4860::8888"
+      "2001:4860:4860::8844"
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
+    defaultGateway = {
+      interface = "enp7s0";
+    };
+    defaultGateway6 = {
+      interface = "enp7s0";
+    };
+  };
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = true;
+}
--- a/ops/nixos/netcup-ams01/default.nix
+++ b/ops/nixos/netcup-ams01/default.nix
@ -0,0 +1,29 @@
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, lib, pkgs, config, ... }:
+let
+  inherit (depot.ops) secrets;
+in {
+  imports = [
+    ../lib/netcup.nix
+  ];
+
+  networking = {
+    hostName = "netcup-ams01";
+    hostId = "1246dda1";
+
+    defaultGateway.address = "152.53.104.1";
+    defaultGateway6.address = "fe80::1";
+    interfaces.enp7s0 = {
+      ipv4.addresses = [{ address = "152.53.107.70"; prefixLength = 22; }];
+      ipv6.addresses = [{ address = "2a0a:4cc0:40:1bc::1"; prefixLength = 48; }];
+    };
+  };
+  my.ip.tailscale = "100.107.159.58";
+  my.ip.tailscale6 = "fd7a:115c:a1e0::9701:9f3a";
+
+  system.stateVersion = "24.11";
+  my.systemType = "aarch64-linux";
+}
--- a/ops/nixos/netcup-nue01/default.nix
+++ b/ops/nixos/netcup-nue01/default.nix
@ -0,0 +1,29 @@
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, lib, pkgs, config, ... }:
+let
+  inherit (depot.ops) secrets;
+in {
+  imports = [
+    ../lib/netcup.nix
+  ];
+
+  networking = {
+    hostName = "netcup-nue01";
+    hostId = "07660052";
+
+    defaultGateway.address = "152.53.116.1";
+    defaultGateway6.address = "fe80::1";
+    interfaces.enp7s0 = {
+      ipv4.addresses = [{ address = "152.53.119.209"; prefixLength = 22; }];
+      ipv6.addresses = [{ address = "2a0a:4cc0:c0:3127::1"; prefixLength = 48; }];
+    };
+  };
+  my.ip.tailscale = "100.75.106.106";
+  my.ip.tailscale6 = "fd7a:115c:a1e0::ac01:6a6d";
+
+  system.stateVersion = "24.11";
+  my.systemType = "aarch64-linux";
+}
--- a/third_party/default.nix
+++ b/third_party/default.nix
@ -167,4 +167,14 @@ rec {
    hash = "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws=";
  };
  nixDarwinEval = import (nixDarwinSrc + /eval-config.nix);
+
+  disko = nixpkgs.fetchFromGitHub {
+    owner = "nix-community";
+    repo = "disko";
+    rev = "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21";
+    hash = "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=";
+  };
+  diskoVersionInfo = import "${disko}/version.nix";
+  diskoVersion = diskoVersionInfo.version + (nixpkgs.lib.optionalString (!diskoVersionInfo.released) "-dirty");
+  diskoCli = nixpkgs.callPackage "${disko}/package.nix" { inherit diskoVersion; };
 }