lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

netcup-nue01/netcup-ams01: init

Browse source
This commit is contained in:
Luke Granger-Brown 2024-12-25 21:08:59 +00:00
parent 9d276a55d2
commit 4eae813277
9 changed files with 233 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ops/nixos/default.nix
View file

@ -7,7 +7,7 @@ let
inherit (builtins) foldl' mapAttrs; inherit (builtins) foldl' mapAttrs;
inherit (lib) filterAttrs; inherit (lib) filterAttrs;
baseModule = name: { ... }: { baseModule = name: { ... }: {
_module.args = args // { _module.args = {
rebuilder = rebuilder name; rebuilder = rebuilder name;
pkgs = lib.mkForce pkgs; pkgs = lib.mkForce pkgs;
}; };
@ -16,6 +16,7 @@ let
(depot.third_party.nixeval { (depot.third_party.nixeval {
inherit system; inherit system;
modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ]; modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ];
specialArgs = args;
}); });
systems = [ systems = [
"porcorosso" "porcorosso"
@ -44,6 +45,8 @@ let
"cofractal-ams01" "cofractal-ams01"
"laputa" "laputa"
"rexxar" "rexxar"
"netcup-nue01"
"netcup-ams01"
]; ];
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
systemCfgs = lib.genAttrs systems systemCfgs = lib.genAttrs systems

11
ops/nixos/install.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com> # SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
@ -32,13 +32,16 @@ depot_path() {
echo "$pd" echo "$pd"
} }
readonly targethostname="$1" targethostname="$1"
readonly depot="$(depot_path)" readonly targethostname
depot="$(depot_path)"
readonly depot
if [ "$depot" = "" ]; then if [ "$depot" = "" ]; then
echo "This script needs to be executed in-depot (or the script itself should be in-depot)." echo "This script needs to be executed in-depot (or the script itself should be in-depot)."
exit 1 exit 1
fi fi
readonly system="$(nix-build -E '(import "'"$(depot_path)"'" {}).ops.nixos.'"${targethostname}" --option sandbox false --no-out-link)" system="$(nix-build -E '(import "'"$(depot_path)"'" {}).ops.nixos.'"${targethostname}" --option sandbox false --no-out-link)"
readonly system
nixos-install --root /mnt --system "$system" --no-root-passwd nixos-install --root /mnt --system "$system" --no-root-passwd
echo "Copying myself..." echo "Copying myself..."

66
ops/nixos/installcd/default.nix
View file

@ -5,6 +5,65 @@
{ depot, lib, pkgs, config, ... }: { depot, lib, pkgs, config, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
systems = [ "netcup-nue01" "netcup-ams01" ];
depot-install = pkgs.writeShellApplication {
name = "depot-install";
text = ''
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
set -euo pipefail
if [ $EUID -ne 0 ]; then
exec sudo "$0" "$@"
fi
targethostname="$1"
readonly targethostname
${lib.concatMapStringsSep "\n" (x: ''
if [[ "$targethostname" == "${x}" ]]; then
system="${depot.ops.nixos.systems.${x}}"
fi
'') systems}
if [[ -z "''${system+.}" ]]; then
echo "no system found :( - pick one of ${lib.concatStringsSep " " systems}" >&2
exit 1
fi
if [[ -z "''${DONT_DISKO+.}" ]]; then
"disko-$targethostname"
fi
exec nixos-install \
--root /mnt \
--system "$system" \
--option builders "" \
--option substituters "" \
--option download-attempts 0 \
--option connect-timeout 1 \
--no-root-passwd --no-channel-copy
'';
};
diskos = pkgs.stdenvNoCC.mkDerivation {
name = "diskos";
dontUnpack = true;
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir $out/bin -p
${lib.concatMapStringsSep "\n" (x: ''
ln -s "${depot.ops.nixos.systemConfigs.${x}.config.system.build.diskoScript}" "$out/bin/disko-${x}"
'') systems}
runHook postInstall
'';
};
in { in {
imports = [ imports = [
../../../third_party/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix ../../../third_party/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
@ -12,11 +71,12 @@ in {
isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso"; isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso";
isoImage.storeContents = [ environment.systemPackages = [
depot.ops.nixos.systems.bvm-forgejo depot-install
diskos
]; ];
system.disableInstallerTools = false; system.disableInstallerTools = false;
system.stateVersion = "24.05"; system.stateVersion = "24.11";
} }

6
ops/nixos/lib/coredns/zones/db.as205479.net
View file

@ -3,7 +3,7 @@
; SPDX-License-Identifier: Apache-2.0 ; SPDX-License-Identifier: Apache-2.0
; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL
@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 61 600 450 3600 300 @ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 62 600 450 3600 300
; NB: this are also glue records in Google Domains. ; NB: this are also glue records in Google Domains.
$INCLUDE tmpl.ns $INCLUDE tmpl.ns
@ -72,9 +72,13 @@ cofractal-ams01.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6253:2482
netcup-nue01 3600 IN A 152.53.119.209 netcup-nue01 3600 IN A 152.53.119.209
netcup-nue01 3600 IN AAAA 2a0a:4cc0:c0:3127::1 netcup-nue01 3600 IN AAAA 2a0a:4cc0:c0:3127::1
netcup-nue01.int 3600 IN A 100.75.106.106
netcup-nue01.int 3600 IN AAAA fd7a:115c:a1e0::ac01:6a6d
netcup-ams01 3600 IN A 152.53.107.70 netcup-ams01 3600 IN A 152.53.107.70
netcup-ams01 3600 IN AAAA 2a0a:4cc0:40:1bc::1 netcup-ams01 3600 IN AAAA 2a0a:4cc0:40:1bc::1
netcup-ams01.int 3600 IN A 100.107.159.58
netcup-ams01.int 3600 IN AAAA fd7a:115c:a1e0::9701:9f3a
rexxar 3600 IN A 195.74.55.21 rexxar 3600 IN A 195.74.55.21
rexxar 3600 IN AAAA 2a03:ee40:8080:9:1::2 rexxar 3600 IN AAAA 2a03:ee40:8080:9:1::2

35
ops/nixos/lib/netcup-disk-config.nix Normal file
View file

@ -0,0 +1,35 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, ... }:
{
disko.devices.disk.main = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
}

51
ops/nixos/lib/netcup.nix Normal file
View file

@ -0,0 +1,51 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, rebuilder, config, ... }:
let
inherit (depot.ops) secrets;
in {
imports = [
../../../third_party/nixpkgs/nixos/modules/profiles/qemu-guest.nix
../lib/minimal.nix
"${depot.third_party.disko}/module.nix"
./netcup-disk-config.nix
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sr_mod"
"virtio_blk"
];
services.qemuGuest.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
nix.settings.max-jobs = lib.mkDefault 4;
# Networking!
networking = {
domain = "as205479.net";
nameservers = [
"2001:4860:4860::8888"
"2001:4860:4860::8844"
"8.8.8.8"
"8.8.4.4"
];
defaultGateway = {
interface = "enp7s0";
};
defaultGateway6 = {
interface = "enp7s0";
};
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
}

29
ops/nixos/netcup-ams01/default.nix Normal file
View file

@ -0,0 +1,29 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, config, ... }:
let
inherit (depot.ops) secrets;
in {
imports = [
../lib/netcup.nix
];
networking = {
hostName = "netcup-ams01";
hostId = "1246dda1";
defaultGateway.address = "152.53.104.1";
defaultGateway6.address = "fe80::1";
interfaces.enp7s0 = {
ipv4.addresses = [{ address = "152.53.107.70"; prefixLength = 22; }];
ipv6.addresses = [{ address = "2a0a:4cc0:40:1bc::1"; prefixLength = 48; }];
};
};
my.ip.tailscale = "100.107.159.58";
my.ip.tailscale6 = "fd7a:115c:a1e0::9701:9f3a";
system.stateVersion = "24.11";
my.systemType = "aarch64-linux";
}

29
ops/nixos/netcup-nue01/default.nix Normal file
View file

@ -0,0 +1,29 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, config, ... }:
let
inherit (depot.ops) secrets;
in {
imports = [
../lib/netcup.nix
];
networking = {
hostName = "netcup-nue01";
hostId = "07660052";
defaultGateway.address = "152.53.116.1";
defaultGateway6.address = "fe80::1";
interfaces.enp7s0 = {
ipv4.addresses = [{ address = "152.53.119.209"; prefixLength = 22; }];
ipv6.addresses = [{ address = "2a0a:4cc0:c0:3127::1"; prefixLength = 48; }];
};
};
my.ip.tailscale = "100.75.106.106";
my.ip.tailscale6 = "fd7a:115c:a1e0::ac01:6a6d";
system.stateVersion = "24.11";
my.systemType = "aarch64-linux";
}

10
third_party/default.nix vendored
View file

@ -167,4 +167,14 @@ rec {
hash = "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws="; hash = "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws=";
}; };
nixDarwinEval = import (nixDarwinSrc + /eval-config.nix); nixDarwinEval = import (nixDarwinSrc + /eval-config.nix);
disko = nixpkgs.fetchFromGitHub {
owner = "nix-community";
repo = "disko";
rev = "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21";
hash = "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=";
};
diskoVersionInfo = import "${disko}/version.nix";
diskoVersion = diskoVersionInfo.version + (nixpkgs.lib.optionalString (!diskoVersionInfo.released) "-dirty");
diskoCli = nixpkgs.callPackage "${disko}/package.nix" { inherit diskoVersion; };
} }