From 36e05c009a307822d609c5f77047f6fe4ab6fb30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 14 May 2023 20:17:36 +0200 Subject: [PATCH 1/3] inherit ssh keys from terraform --- targets/nixos-wiki.thalheim.io/configuration.nix | 5 ++++- targets/staging.nixos-wiki.thalheim.io/configuration.nix | 5 ++++- terraform/nixos-wiki/main.tf | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/targets/nixos-wiki.thalheim.io/configuration.nix b/targets/nixos-wiki.thalheim.io/configuration.nix index 9d57beb..5657f2a 100644 --- a/targets/nixos-wiki.thalheim.io/configuration.nix +++ b/targets/nixos-wiki.thalheim.io/configuration.nix @@ -1,6 +1,9 @@ -{ self, ... }: { +{ self, ... }: let + nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json); +in { imports = [ self.nixosModules.nixos-wiki self.nixosModules.hcloud ]; + config.users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys; } diff --git a/targets/staging.nixos-wiki.thalheim.io/configuration.nix b/targets/staging.nixos-wiki.thalheim.io/configuration.nix index 9d57beb..5657f2a 100644 --- a/targets/staging.nixos-wiki.thalheim.io/configuration.nix +++ b/targets/staging.nixos-wiki.thalheim.io/configuration.nix @@ -1,6 +1,9 @@ -{ self, ... }: { +{ self, ... }: let + nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json); +in { imports = [ self.nixosModules.nixos-wiki self.nixosModules.hcloud ]; + config.users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys; } diff --git a/terraform/nixos-wiki/main.tf b/terraform/nixos-wiki/main.tf index a58daba..d0def33 100644 --- a/terraform/nixos-wiki/main.tf +++ b/terraform/nixos-wiki/main.tf @@ -34,6 +34,6 @@ resource "hcloud_server" "nixos_wiki" { locals { nixos_vars = { ipv6_address = hcloud_server.nixos_wiki.ipv6_address - ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key + ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key } } From 3d8ddfad86128835e6760392acc0bdd2a3034387 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 14 May 2023 20:41:19 +0200 Subject: [PATCH 2/3] add disko configuration --- flake.lock | 21 +++++++++++++++++ flake.nix | 3 +++ modules/flake-module.nix | 1 + modules/single-disk.nix | 51 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 76 insertions(+) create mode 100644 modules/single-disk.nix diff --git a/flake.lock b/flake.lock index 79d9aab..6755d8e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1684003056, + "narHash": "sha256-zl11zyRNKzAW7YLvTkxmFjSBqxZbEvfwZqNCT91ELfU=", + "owner": "nix-community", + "repo": "disko", + "rev": "8f95856432e091e5ac56fea2df81e905ddd02d27", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -38,6 +58,7 @@ }, "root": { "inputs": { + "disko": "disko", "flake-parts": "flake-parts", "nixpkgs": "nixpkgs", "srvos": "srvos", diff --git a/flake.nix b/flake.nix index 1fbeb54..af87ea4 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,9 @@ treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; # Use the version of nixpkgs that has been tested to work with SrvOS srvos.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 5681a9a..53f09c3 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -3,6 +3,7 @@ hcloud.imports = [ inputs.srvos.nixosModules.server inputs.srvos.nixosModules.hardware-hetzner-cloud + ./single-disk.nix ]; nixos-wiki.imports = [ diff --git a/modules/single-disk.nix b/modules/single-disk.nix new file mode 100644 index 0000000..57c42d9 --- /dev/null +++ b/modules/single-disk.nix @@ -0,0 +1,51 @@ +{ self, ... }: +let + partitions = [ + { + name = "grub"; + end = "1M"; + part-type = "primary"; + flags = [ "bios_grub" ]; + } + { + name = "ESP"; + start = "1MiB"; + end = "500MiB"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + start = "100MiB"; + end = "100%"; + part-type = "primary"; + bootable = true; + content = { + type = "filesystem"; + # We use xfs because it has support for compression and has a quite good performance for databases + format = "xfs"; + mountpoint = "/"; + }; + } + ]; +in +{ + imports = [ + self.inputs.disko.nixosModules.disko + ]; + disko.devices = { + disk.sda = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "table"; + format = "gpt"; + inherit partitions; + }; + }; + }; +} From 1efd89b85da2aa707b08d38479f70139c755ceb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 14 May 2023 20:41:32 +0200 Subject: [PATCH 3/3] set stateVersion for all systems --- targets/nixos-wiki.thalheim.io/configuration.nix | 3 ++- targets/staging.nixos-wiki.thalheim.io/configuration.nix | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/targets/nixos-wiki.thalheim.io/configuration.nix b/targets/nixos-wiki.thalheim.io/configuration.nix index 5657f2a..d9de2fe 100644 --- a/targets/nixos-wiki.thalheim.io/configuration.nix +++ b/targets/nixos-wiki.thalheim.io/configuration.nix @@ -5,5 +5,6 @@ in { self.nixosModules.nixos-wiki self.nixosModules.hcloud ]; - config.users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys; + users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys; + system.stateVersion = "23.05"; } diff --git a/targets/staging.nixos-wiki.thalheim.io/configuration.nix b/targets/staging.nixos-wiki.thalheim.io/configuration.nix index 5657f2a..d9de2fe 100644 --- a/targets/staging.nixos-wiki.thalheim.io/configuration.nix +++ b/targets/staging.nixos-wiki.thalheim.io/configuration.nix @@ -5,5 +5,6 @@ in { self.nixosModules.nixos-wiki self.nixosModules.hcloud ]; - config.users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys; + users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys; + system.stateVersion = "23.05"; }