diff --git a/README.md b/README.md index 777ad6b8..953f5103 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,49 @@ +# Setup + +## Flakes + +Nix with flakes support is required. Run this in a shell… +``` +# Enter a temporary shell with flakes support: +nix-shell --packages nixFlakes + +# Set some configuration (do this only once): +echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf + +# Add this repository to your local flake registry: +nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config +``` + +…or set this to your NixOS configuration: +``` +{ pkgs, ... }: { + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; +} +``` +And add this repository to your local flake registry: +``` +nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config +``` + # Deployment Beide failen bei Activation des neuen Profils. (TODO) +## Mit flakes + +### Remote deployment +Use `nix run` with one of the deploy scripts exported by the flake, +for example: `nix run c3d2#glotzbert-nixos-rebuild switch`. Use `nix flake show c3d2` +to show what is available. Note that the deploy scripts only work if +the target machines already has flakes enabled. + +### Local deployment + +Running `nixos-rebuild --flake c3d2 switch` on a machine should be sufficient +to update that machine to the current configuration and Nixpkgs revision. ## Mit NixOps @@ -55,10 +97,10 @@ This is necessary, so you can login to any machine with your gpg key. # Laptops / Desktops -This repository contains a NixOS module that can be used with personal machines -as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of -registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 -addresses local to HQ. Simply import the `lib` directory to use the module. As +This repository contains a NixOS module that can be used with personal machines +as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of +registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 +addresses local to HQ. Simply import the `lib` directory to use the module. As an example: ```nix diff --git a/flake.nix b/flake.nix index 01216f01..2e68876e 100644 --- a/flake.nix +++ b/flake.nix @@ -9,33 +9,65 @@ }; }; - outputs = { self, nixpkgs, secrets }: { + outputs = { self, nixpkgs, secrets }: + let + forAllSystems = f: + nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ] + (system: f system); + in { - nixosConfigurations = { + inherit (nixpkgs) legacyPackages; + + packages = forAllSystems (system: + let + hostRegistry = import ./host-registry.nix; + pkgs = self.legacyPackages.${system}; + mkDeploy = + # Generate a small script for copying this flake to the + # remote machine and bulding and switching there. + # Can be run with nix run c3d2#deploy-… + name: host: + let target = "root@${host}"; + in pkgs.writeScriptBin "${name}-nixos-rebuild" '' + #!${pkgs.runtimeShell} + set -ev + nix-copy-closure --to ${target} ${self} + exec ssh -t ${target} \ + nix shell \ + ${self}#nixosConfigurations.${name}.config.system.build.toplevel \ + --command switch-to-configuration $@ + ''; + in { + glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de"; + glotzbert-wake = pkgs.writeScriptBin "glotzbert-wake" '' + #!${pkgs.runtimeShell} + exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.glotzbert.ether} + ''; + }); + + nixosConfigurations = let + nixosSystem' = + # Our custom NixOS builder + { system ? "x86_64-linux", ... }@args: + nixpkgs.lib.nixosSystem (args // { + inherit system; + extraModules = [ + self.nixosModules.c3d2 + ({ pkgs, ... }: { + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; + }) + ]; + }); + in { + + glotzbert = nixosSystem' { modules = [ ./hosts/glotzbert ]; }; - glotzbert = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/glotzbert/configuration.nix ]; - system = "x86_64-linux"; }; - hydra = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/hydra/configuration.nix ]; - system = "x86_64-linux"; - }; - - kibana = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/containers/kibana/configuration.nix ]; - system = "x86_64-linux"; - }; - - pulsebert = nixpkgs.lib.nixosSystem { - modules = [ ./hosts/pulsebert/configuration.nix ]; - system = "aarch64-linux"; - }; + nixosModules.c3d2 = import ./lib; }; - - nixosModules.c3d2 = import ./lib; - - }; } diff --git a/host-registry.nix b/host-registry.nix index 779b8d8b..4adbfc5c 100644 --- a/host-registry.nix +++ b/host-registry.nix @@ -8,8 +8,11 @@ rec { scrape = { }; ledstripes = { }; - glotzbert.publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG"; + glotzbert = { + ether = "ec:a8:6b:fe:b4:cb"; + publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG"; + }; hydra.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig"; diff --git a/hosts/glotzbert/configuration.nix b/hosts/glotzbert/default.nix similarity index 77% rename from hosts/glotzbert/configuration.nix rename to hosts/glotzbert/default.nix index 659f41da..82c8dd81 100644 --- a/hosts/glotzbert/configuration.nix +++ b/hosts/glotzbert/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - imports = [ ]; + imports = [ ./hardware-configuration.nix ]; c3d2 = { users.k-ot = true; @@ -23,13 +23,8 @@ boot.kernelPackages = pkgs.linuxPackages_latest; networking.hostName = "glotzbert"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.interfaces.eno1.useDHCP = true; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Select internationalisation properties. console = { font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; @@ -37,11 +32,6 @@ }; i18n.defaultLocale = "en_US.UTF-8"; - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ wget vim @@ -67,25 +57,12 @@ }; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - # List services that you want to enable: - # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; - # Enable CUPS to print documents. - # services.printing.enable = true; - # Enable sound. sound.enable = true; hardware.pulseaudio = { @@ -107,6 +84,11 @@ ''; }; + services.wakeonlan.interfaces = [{ + inherit (config.c3d2.hq) interface; + method = "magicpacket"; + }]; + # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; diff --git a/lib/default.nix b/lib/default.nix index e3214ddd..49dc3393 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -265,6 +265,8 @@ in { } ''; + time.timeZone = lib.mkDefault "Europe/Berlin"; + }; meta.maintainers = with lib.maintainers; [ ehmry ];