diff --git a/configuration/common/default.nix b/configuration/common/default.nix index dc68ccc..92941e0 100644 --- a/configuration/common/default.nix +++ b/configuration/common/default.nix @@ -96,6 +96,8 @@ services.fstrim.enable = true; + clerie.nixfiles.enable = true; + nixpkgs.overlays = [ (import ../../pkgs/overlay.nix) ]; diff --git a/flake.nix b/flake.nix index 8070a4b..a54adcc 100644 --- a/flake.nix +++ b/flake.nix @@ -66,6 +66,7 @@ schule = generateNixosSystem "schule"; storage-2 = generateNixosSystem "storage-2"; web-2 = generateNixosSystem "web-2"; + _iso = generateNixosSystem "_iso"; }; colmena = { @@ -99,6 +100,7 @@ inherit (self) packages; nixosConfigurations = builtins.mapAttrs (name: host: host.config.system.build.toplevel) self.nixosConfigurations; + iso = self.nixosConfigurations._iso.config.system.build.isoImage; }; }; } diff --git a/hosts/_iso/configuration.nix b/hosts/_iso/configuration.nix new file mode 100644 index 0000000..08429a0 --- /dev/null +++ b/hosts/_iso/configuration.nix @@ -0,0 +1,9 @@ +{ pkgs, lib, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/cd-dvd/installation-cd-base.nix") + ]; + + networking.hostname = "isowo"; +} diff --git a/modules/default.nix b/modules/default.nix index 798eeef..f885432 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,5 +10,6 @@ ./minecraft-server ./monitoring ./nginx-port-forward + ./nixfiles ]; } diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix new file mode 100644 index 0000000..d175eef --- /dev/null +++ b/modules/nixfiles/default.nix @@ -0,0 +1,95 @@ +{ config, pkgs, lib, ...}: + +with lib; + +let + nixfiles-generate-config = pkgs.writeScriptBin "nixfiles-generate-config" '' + #!${pkgs.bash}/bin/bash + set -euo pipefail + + hostname=$(hostname --short) + root="" + ngcroot="" + + while [[ $# -gt 0 ]]; do + case $1 in + --root) + root=$2 + ngcroot="--root ''${root}" + shift + shift + ;; + --hostname) + hostname=$2 + shift + shift + ;; + *) + echo "unknown option: $1" + exit 1 + ;; + esac + done + + mkdir -p ''${root}/etc/nixos + + if [[ ! -d "''${root}/etc/nixos/.git" ]]; then + ${pkgs.git}/bin/git clone https://git.clerie.de/clerie/nixfiles.git ''${root}/etc/nixos + ${pkgs.git}/bin/git -C ''${root}/etc/nixos remote set-url origin gitea@git.clerie.de:clerie/nixfiles.git + fi + + mkdir -p ''${root}/etc/nixos/hosts/''${hostname} + + nixos-generate-config ''${ngcroot} --dir ''${root}/etc/nixos/hosts/''${hostname} + + # make sure host is added to flake.nix + if ! grep -q "''${hostname} = generateNixosSystem \"''${hostname}\";" ''${root}/etc/nixos/flake.nix; then + sed -i "s/\(\s*\)_iso = generateNixosSystem \"_iso\";/\1''${hostname} = generateNixosSystem \"''${hostname}\";\n&/g" ''${root}/etc/nixos/flake.nix + fi + + sed -i "s/\%HOSTNAME\%/''${hostname}/g" ''${root}/etc/nixos/hosts/''${hostname}/configuration.nix + ''; + + nixfiles-install = pkgs.writeScriptBin "nixfiles-install" '' + #!${pkgs.bash}/bin/bash + nixos-install --flake /etc/nixos $@ + ''; + + nixfiles-rebuild = pkgs.writeScriptBin "nixfiles-rebuild" '' + #!${pkgs.bash}/bin/bash + nixos-rebuild --flake /etc/nixos $@ + ''; + +in { + options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools"; + config = mkIf config.clerie.nixfiles.enable { + system.nixos-generate-config.configuration = '' + { config, pkgs, lib, ... }: + + { + imports = + [ + ./hardware-configuration.nix + ]; + + $bootLoaderConfig + + networking.hostName = "%HOSTNAME%"; + + clerie.monitoring = { + # enable = true; + id = "%MONITORING_ID%"; + pubkey = "%MONITORING_PUBKEY%"; + }; + + system.stateVersion = "${config.system.nixos.release}"; + } + ''; + + environment.systemPackages = [ + nixfiles-generate-config + nixfiles-install + nixfiles-rebuild + ]; + }; +} diff --git a/setup-configuration.nix b/setup-configuration.nix deleted file mode 100644 index b93540a..0000000 --- a/setup-configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Configuration file to import when setting up new hosts -# Just download and import in the configuration.nix - -{ pkgs, lib, ... }: - -{ - networking.domain = "net.clerie.de"; - - time.timeZone = "Europe/Berlin"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - keyMap = "de-latin1"; - }; - - security.sudo.wheelNeedsPassword = false; - - nix.trustedUsers = [ "@wheel" ]; - - users.users.clerie = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie" - ]; - }; - - environment.systemPackages = with pkgs; [ - htop - tmux - ]; - - programs.mtr.enable = true; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.challengeResponseAuthentication = false; - services.openssh.permitRootLogin = lib.mkDefault "no"; -}