From 100d37bbf51545fd8c258059e3c947d9ce51fd60 Mon Sep 17 00:00:00 2001 From: tzlil Date: Sat, 4 Feb 2023 14:09:03 +0200 Subject: changed password age to hash, add disko configuration for use with nixos-anywhere --- flake.nix | 7 +++++- hosts/disko.nix | 49 ++++++++++++++++++++++++++++++++++++ hosts/vm/cfg.nix | 7 +++--- hosts/vps/cfg.nix | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++ profiles/gentoo.nix | 2 +- profiles/user.nix | 3 ++- 6 files changed, 134 insertions(+), 6 deletions(-) create mode 100644 hosts/disko.nix create mode 100644 hosts/vps/cfg.nix diff --git a/flake.nix b/flake.nix index 6fc07c2..c99f1a3 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,10 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = github:nix-community/disko; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs@{ self, ... }: let @@ -21,13 +25,14 @@ specialArgs = {inherit inputs;}; }; mkSystem = pkgs: system: h: (mkSystem_ pkgs system h [ - inputs.agenix.nixosModule inputs.impermanence.nixosModules.impermanence + inputs.agenix.nixosModule inputs.impermanence.nixosModules.impermanence inputs.disko.nixosModules.disko ]); in { apps = inputs.nixinate.nixinate.x86_64-linux self; nixosConfigurations = { # pc = mkSystem inputs.nixpkgs "x86_64-linux" "pc"; vm = mkSystem inputs.nixpkgs "x86_64-linux" "vm"; + vps = mkSystem inputs.nixpkgs "x86_64-linux" "vps"; }; }; } diff --git a/hosts/disko.nix b/hosts/disko.nix new file mode 100644 index 0000000..0a0710e --- /dev/null +++ b/hosts/disko.nix @@ -0,0 +1,49 @@ +# Example to create a bios compatible gpt partition +{ lib, disks, ... }: { + disk = lib.genAttrs disks (dev: { + device = dev; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + type = "partition"; + name = "boot"; + start = "1MiB"; + end = "100MiB"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "nix"; + type = "partition"; + start = "128MiB"; + end = "100%"; + content = { + type = "btrfs"; + extraArgs = "-f"; # Override existing partition + subvolumes = { + "/nix" = { + mountOptions = ["noatime" "compress=zstd"] + } + }; + }; + } + ] + }; + }); + + nodev = { + "/" = { + fsType = "tmpfs"; + mountOptions = [ + "size=200M" + ]; + }; + }; +} \ No newline at end of file diff --git a/hosts/vm/cfg.nix b/hosts/vm/cfg.nix index 3b5ace8..d6f33d9 100644 --- a/hosts/vm/cfg.nix +++ b/hosts/vm/cfg.nix @@ -3,11 +3,12 @@ ../../profiles/core.nix ../../profiles/user.nix ../../profiles/ssh.nix - ../../profiles/graphical.nix + # ../../profiles/graphical.nix ../../mixins/tailscale.nix ../../mixins/cli.nix - ../../mixins/greet.nix - ../../mixins/sway.nix + # ../../mixins/greet.nix + # ../../mixins/sway.nix + (modulesPath + "/profiles/qemu-guest.nix") ]; config = { diff --git a/hosts/vps/cfg.nix b/hosts/vps/cfg.nix new file mode 100644 index 0000000..f32afea --- /dev/null +++ b/hosts/vps/cfg.nix @@ -0,0 +1,72 @@ +{config, lib, pkgs, ...}: { + imports = [ + ../../profiles/core.nix + ../../profiles/user.nix + ../../profiles/ssh.nix + ../../mixins/tailscale.nix + ../../mixins/cli.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + config = { + _module.args.nixinate = { + host = "95.179.249.76"; + sshUser = "nixos"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + + disko.devices = import ../disko.nix { + lib = pkgs.lib; + }; + networking.hostName = "vps"; + + boot = { + initrd = { + supportedFilesystems = ["btrfs"]; + }; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + kernelParams = [ + "console=ttyS0" + "init_on_free=1" + "page_poison=1" + "page_alloc.shuffle=1" + "slab_nomerge" + "vsyscall=none" + ]; + cleanTmpDir = true; + loader = { + systemd-boot = { + enable = true; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + + time.timeZone = lib.mkDefault "Frankfurt"; + + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["noexec" "defaults" "size=2G" "mode=755"]; + }; + "/nix" = { + device = "/dev/disk/by-partlabel/nix"; + options = ["noatime" "compress=zstd"]; + }; + "/boot" = { + device = "/dev/disk/by-partlabel/boot"; + }; + }; + + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + }; +} \ No newline at end of file diff --git a/profiles/gentoo.nix b/profiles/gentoo.nix index 67f7e78..6747ba6 100644 --- a/profiles/gentoo.nix +++ b/profiles/gentoo.nix @@ -3,7 +3,7 @@ { imports = []; config = { - nativeStdenv = prev.stdenvAdapters.withCFlags [ "-O3" "-pipe" "-mcpu=apple-m1" ] + nativeStdenv = prev.stdenvAdapters.withCFlags [ "-O3" "-pipe" "-march=native" ] (prev.overrideCC prev.llvmPackages_latest.stdenv (prev.wrapCCWith rec { cc = prev.llvmPackages_latest.clang-unwrapped; diff --git a/profiles/user.nix b/profiles/user.nix index 6aa8262..514d303 100644 --- a/profiles/user.nix +++ b/profiles/user.nix @@ -25,7 +25,8 @@ extraGroups = ["wheel"]; packages = [pkgs.git]; shell = pkgs.fish; - passwordFile = config.age.secrets.password.path; + hashedPassword = "$6$FAQYKz3OCtRNOP7h$XsApvP.r./Jv5MRI1idDI9BMnA26xxEvXFlE61Zls.QA3EK2x76XsetdpxSlgViylnRwRuq5XQMc3GeAJ7tum1"; + # passwordFile = config.age.secrets.password.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA" ]; -- cgit 1.4.1