Merge #5

5: inherit ssh keys from terraform r=Mic92 a=Mic92



Co-authored-by: Jörg Thalheim <joerg@thalheim.io>

flake.lock

@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1684003056,
+        "narHash": "sha256-zl11zyRNKzAW7YLvTkxmFjSBqxZbEvfwZqNCT91ELfU=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "8f95856432e091e5ac56fea2df81e905ddd02d27",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -38,6 +58,7 @@
     },
     "root": {
       "inputs": {
+        "disko": "disko",
         "flake-parts": "flake-parts",
         "nixpkgs": "nixpkgs",
         "srvos": "srvos",

flake.nix

@@ -8,6 +8,9 @@
     treefmt-nix.url = "github:numtide/treefmt-nix";
     treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
 
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+
     srvos.url = "github:numtide/srvos";
     # Use the version of nixpkgs that has been tested to work with SrvOS
     srvos.inputs.nixpkgs.follows = "nixpkgs";

modules/flake-module.nix

@@ -3,6 +3,7 @@
     hcloud.imports = [
       inputs.srvos.nixosModules.server
       inputs.srvos.nixosModules.hardware-hetzner-cloud
+      ./single-disk.nix
     ];
 
     nixos-wiki.imports = [

modules/single-disk.nix

@@ -0,0 +1,51 @@
+{ self, ... }:
+let
+  partitions = [
+    {
+      name = "grub";
+      end = "1M";
+      part-type = "primary";
+      flags = [ "bios_grub" ];
+    }
+    {
+      name = "ESP";
+      start = "1MiB";
+      end = "500MiB";
+      bootable = true;
+      content = {
+        type = "filesystem";
+        format = "vfat";
+        mountpoint = "/boot";
+      };
+    }
+    {
+      name = "root";
+      start = "100MiB";
+      end = "100%";
+      part-type = "primary";
+      bootable = true;
+      content = {
+        type = "filesystem";
+        # We use xfs because it has support for compression and has a quite good performance for databases
+        format = "xfs";
+        mountpoint = "/";
+      };
+    }
+  ];
+in
+{
+  imports = [
+    self.inputs.disko.nixosModules.disko
+  ];
+  disko.devices = {
+    disk.sda = {
+      type = "disk";
+      device = "/dev/sda";
+      content = {
+        type = "table";
+        format = "gpt";
+        inherit partitions;
+      };
+    };
+  };
+}

targets/nixos-wiki.thalheim.io/configuration.nix

@@ -1,6 +1,10 @@
-{ self, ... }: {
+{ self, ... }: let
+  nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
+in {
   imports = [
     self.nixosModules.nixos-wiki
     self.nixosModules.hcloud
   ];
+  users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
+  system.stateVersion = "23.05";
 }

targets/staging.nixos-wiki.thalheim.io/configuration.nix

@@ -1,6 +1,10 @@
-{ self, ... }: {
+{ self, ... }: let
+  nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
+in {
   imports = [
     self.nixosModules.nixos-wiki
     self.nixosModules.hcloud
   ];
+  users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
+  system.stateVersion = "23.05";
 }

terraform/nixos-wiki/main.tf

@@ -34,6 +34,6 @@ resource "hcloud_server" "nixos_wiki" {
 locals {
   nixos_vars = {
     ipv6_address = hcloud_server.nixos_wiki.ipv6_address
-    ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key
+    ssh_keys     = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key
   }
 }