diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index b69da149e3..0ac7d2f784 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -7,7 +7,7 @@ let inherit (builtins) foldl' mapAttrs; inherit (lib) filterAttrs; baseModule = name: { ... }: { - _module.args = args // { + _module.args = { rebuilder = rebuilder name; pkgs = lib.mkForce pkgs; }; @@ -16,6 +16,7 @@ let (depot.third_party.nixeval { inherit system; modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ]; + specialArgs = args; }); systems = [ "porcorosso" @@ -44,6 +45,8 @@ let "cofractal-ams01" "laputa" "rexxar" + "netcup-nue01" + "netcup-ams01" ]; rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); systemCfgs = lib.genAttrs systems diff --git a/ops/nixos/install.sh b/ops/nixos/install.sh index fbf1d0b14d..ca85135079 100755 --- a/ops/nixos/install.sh +++ b/ops/nixos/install.sh @@ -1,6 +1,6 @@ #!/bin/sh -# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 @@ -32,13 +32,16 @@ depot_path() { echo "$pd" } -readonly targethostname="$1" -readonly depot="$(depot_path)" +targethostname="$1" +readonly targethostname +depot="$(depot_path)" +readonly depot if [ "$depot" = "" ]; then echo "This script needs to be executed in-depot (or the script itself should be in-depot)." exit 1 fi -readonly system="$(nix-build -E '(import "'"$(depot_path)"'" {}).ops.nixos.'"${targethostname}" --option sandbox false --no-out-link)" +system="$(nix-build -E '(import "'"$(depot_path)"'" {}).ops.nixos.'"${targethostname}" --option sandbox false --no-out-link)" +readonly system nixos-install --root /mnt --system "$system" --no-root-passwd echo "Copying myself..." diff --git a/ops/nixos/installcd/default.nix b/ops/nixos/installcd/default.nix index d9a5bfa53d..95ff52bf52 100644 --- a/ops/nixos/installcd/default.nix +++ b/ops/nixos/installcd/default.nix @@ -5,6 +5,65 @@ { depot, lib, pkgs, config, ... }: let inherit (depot.ops) secrets; + + systems = [ "netcup-nue01" "netcup-ams01" ]; + + depot-install = pkgs.writeShellApplication { + name = "depot-install"; + text = '' + # SPDX-FileCopyrightText: 2024 Luke Granger-Brown + # + # SPDX-License-Identifier: Apache-2.0 + + set -euo pipefail + + if [ $EUID -ne 0 ]; then + exec sudo "$0" "$@" + fi + + targethostname="$1" + readonly targethostname + + ${lib.concatMapStringsSep "\n" (x: '' + if [[ "$targethostname" == "${x}" ]]; then + system="${depot.ops.nixos.systems.${x}}" + fi + '') systems} + if [[ -z "''${system+.}" ]]; then + echo "no system found :( - pick one of ${lib.concatStringsSep " " systems}" >&2 + exit 1 + fi + + if [[ -z "''${DONT_DISKO+.}" ]]; then + "disko-$targethostname" + fi + exec nixos-install \ + --root /mnt \ + --system "$system" \ + --option builders "" \ + --option substituters "" \ + --option download-attempts 0 \ + --option connect-timeout 1 \ + --no-root-passwd --no-channel-copy + ''; + }; + diskos = pkgs.stdenvNoCC.mkDerivation { + name = "diskos"; + + dontUnpack = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir $out/bin -p + ${lib.concatMapStringsSep "\n" (x: '' + ln -s "${depot.ops.nixos.systemConfigs.${x}.config.system.build.diskoScript}" "$out/bin/disko-${x}" + '') systems} + + runHook postInstall + ''; + }; in { imports = [ ../../../third_party/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix @@ -12,11 +71,12 @@ in { isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso"; - isoImage.storeContents = [ - depot.ops.nixos.systems.bvm-forgejo + environment.systemPackages = [ + depot-install + diskos ]; system.disableInstallerTools = false; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; } diff --git a/ops/nixos/lib/coredns/zones/db.as205479.net b/ops/nixos/lib/coredns/zones/db.as205479.net index d244a02497..5b737d5bcd 100644 --- a/ops/nixos/lib/coredns/zones/db.as205479.net +++ b/ops/nixos/lib/coredns/zones/db.as205479.net @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 61 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 62 600 450 3600 300 ; NB: this are also glue records in Google Domains. $INCLUDE tmpl.ns @@ -72,9 +72,13 @@ cofractal-ams01.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6253:2482 netcup-nue01 3600 IN A 152.53.119.209 netcup-nue01 3600 IN AAAA 2a0a:4cc0:c0:3127::1 +netcup-nue01.int 3600 IN A 100.75.106.106 +netcup-nue01.int 3600 IN AAAA fd7a:115c:a1e0::ac01:6a6d netcup-ams01 3600 IN A 152.53.107.70 netcup-ams01 3600 IN AAAA 2a0a:4cc0:40:1bc::1 +netcup-ams01.int 3600 IN A 100.107.159.58 +netcup-ams01.int 3600 IN AAAA fd7a:115c:a1e0::9701:9f3a rexxar 3600 IN A 195.74.55.21 rexxar 3600 IN AAAA 2a03:ee40:8080:9:1::2 diff --git a/ops/nixos/lib/netcup-disk-config.nix b/ops/nixos/lib/netcup-disk-config.nix new file mode 100644 index 0000000000..75ded45700 --- /dev/null +++ b/ops/nixos/lib/netcup-disk-config.nix @@ -0,0 +1,35 @@ +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, ... }: + +{ + disko.devices.disk.main = { + device = lib.mkDefault "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; +} diff --git a/ops/nixos/lib/netcup.nix b/ops/nixos/lib/netcup.nix new file mode 100644 index 0000000000..737e838ed8 --- /dev/null +++ b/ops/nixos/lib/netcup.nix @@ -0,0 +1,51 @@ +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, rebuilder, config, ... }: +let + inherit (depot.ops) secrets; +in { + imports = [ + ../../../third_party/nixpkgs/nixos/modules/profiles/qemu-guest.nix + ../lib/minimal.nix + "${depot.third_party.disko}/module.nix" + ./netcup-disk-config.nix + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sr_mod" + "virtio_blk" + ]; + + services.qemuGuest.enable = true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + + nix.settings.max-jobs = lib.mkDefault 4; + + # Networking! + networking = { + domain = "as205479.net"; + + nameservers = [ + "2001:4860:4860::8888" + "2001:4860:4860::8844" + "8.8.8.8" + "8.8.4.4" + ]; + defaultGateway = { + interface = "enp7s0"; + }; + defaultGateway6 = { + interface = "enp7s0"; + }; + }; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; +} diff --git a/ops/nixos/netcup-ams01/default.nix b/ops/nixos/netcup-ams01/default.nix new file mode 100644 index 0000000000..abe2255233 --- /dev/null +++ b/ops/nixos/netcup-ams01/default.nix @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, config, ... }: +let + inherit (depot.ops) secrets; +in { + imports = [ + ../lib/netcup.nix + ]; + + networking = { + hostName = "netcup-ams01"; + hostId = "1246dda1"; + + defaultGateway.address = "152.53.104.1"; + defaultGateway6.address = "fe80::1"; + interfaces.enp7s0 = { + ipv4.addresses = [{ address = "152.53.107.70"; prefixLength = 22; }]; + ipv6.addresses = [{ address = "2a0a:4cc0:40:1bc::1"; prefixLength = 48; }]; + }; + }; + my.ip.tailscale = "100.107.159.58"; + my.ip.tailscale6 = "fd7a:115c:a1e0::9701:9f3a"; + + system.stateVersion = "24.11"; + my.systemType = "aarch64-linux"; +} diff --git a/ops/nixos/netcup-nue01/default.nix b/ops/nixos/netcup-nue01/default.nix new file mode 100644 index 0000000000..61643c5fe5 --- /dev/null +++ b/ops/nixos/netcup-nue01/default.nix @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, config, ... }: +let + inherit (depot.ops) secrets; +in { + imports = [ + ../lib/netcup.nix + ]; + + networking = { + hostName = "netcup-nue01"; + hostId = "07660052"; + + defaultGateway.address = "152.53.116.1"; + defaultGateway6.address = "fe80::1"; + interfaces.enp7s0 = { + ipv4.addresses = [{ address = "152.53.119.209"; prefixLength = 22; }]; + ipv6.addresses = [{ address = "2a0a:4cc0:c0:3127::1"; prefixLength = 48; }]; + }; + }; + my.ip.tailscale = "100.75.106.106"; + my.ip.tailscale6 = "fd7a:115c:a1e0::ac01:6a6d"; + + system.stateVersion = "24.11"; + my.systemType = "aarch64-linux"; +} diff --git a/third_party/default.nix b/third_party/default.nix index 514650af34..593c0ae18b 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -167,4 +167,14 @@ rec { hash = "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws="; }; nixDarwinEval = import (nixDarwinSrc + /eval-config.nix); + + disko = nixpkgs.fetchFromGitHub { + owner = "nix-community"; + repo = "disko"; + rev = "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21"; + hash = "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc="; + }; + diskoVersionInfo = import "${disko}/version.nix"; + diskoVersion = diskoVersionInfo.version + (nixpkgs.lib.optionalString (!diskoVersionInfo.released) "-dirty"); + diskoCli = nixpkgs.callPackage "${disko}/package.nix" { inherit diskoVersion; }; }