Update from updated-inputs-2025-02-22-02-03

2025-02-22 03:03:08 +01:00 · 2025-02-22 03:03:08 +01:00 · 801e8de895
commit 801e8de895
parent 142fd8aaa0 07b0f70747
7 changed files with 107 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -104,6 +104,7 @@
      palladium = {};
      porter = {};
      storage-2 = {};
+      tungsten = {};
      web-2 = {};
      zinc = {
        modules = [
@ -134,6 +135,7 @@
      inherit (pkgs)
        clerie-backup
        clerie-keys
+        clerie-system-remote-install
        clerie-system-upgrade
        clerie-merge-nixfiles-update
        clerie-update-nixfiles
--- a/hosts/_iso/configuration.nix
+++ b/hosts/_iso/configuration.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, modulesPath, ... }:
+{ pkgs, lib, modulesPath, config, ... }:

 {
  imports = [
@ -18,6 +18,9 @@
    nixfiles-auto-install
  ];

+  # Allow user clerie to log in as root directly with ssh keys
+  users.users.root.openssh.authorizedKeys.keys = config.users.users.clerie.openssh.authorizedKeys.keys;
+
  services.openssh.settings = {
    PermitRootLogin = lib.mkForce "yes";
  };
--- a/hosts/tungsten/configuration.nix
+++ b/hosts/tungsten/configuration.nix
@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  boot.kernelParams = [ "console=ttyS0,115200n8" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/disk/by-id/ata-InnoDisk_Corp._DRPS-08GJ30AC1QS-A88_20120705AAB200000505";
+  boot.loader.grub.extraConfig = "
+    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
+    terminal_input serial
+    terminal_output serial
+  ";
+
+
+  networking.hostName = "tungsten";
+
+  system.stateVersion = "25.05";
+}
+
--- a/hosts/tungsten/hardware-configuration.nix
+++ b/hosts/tungsten/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7ed9e29c-d771-49a1-ae8a-8894f347c648";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/95122f15-5621-457c-972c-c057ca416212";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/02a2afe4-ee00-4d3d-884a-e195b9814bfd";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
+++ b/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -xeuo pipefail
+
+SYSTEM="$1"
+REMOTE_HOST="$2"
+REMOTE_ROOT="$3"
+
+nix copy "${SYSTEM}" --to "ssh://${REMOTE_HOST}?remote-store=${REMOTE_ROOT}"
+
+ssh "${REMOTE_HOST}" -- nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+
+ssh "${REMOTE_HOST}" -- mkdir -p "${REMOTE_ROOT}/tmp"
+TMPSH="$(ssh "${REMOTE_HOST}" -- mktemp -p "${REMOTE_ROOT}/tmp")"
+
+# shellcheck disable=SC2087
+ssh "${REMOTE_HOST}" -- tee "${TMPSH}" <<EOF
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+mkdir -m 0775 -p "${REMOTE_ROOT}/etc"
+touch "${REMOTE_ROOT}/etc/NIXOS"
+
+ln -sfn /proc/mounts "${REMOTE_ROOT}/etc/mtab"
+
+NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "${REMOTE_ROOT}" -c "/run/current-system/bin/switch-to-configuration boot"
+EOF
+
+ssh "${REMOTE_HOST}" -- bash "${TMPSH}"
--- a/pkgs/clerie-system-remote-install/default.nix
+++ b/pkgs/clerie-system-remote-install/default.nix
@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "clerie-system-remote-install";
+  text = builtins.readFile ./clerie-system-remote-install.sh;
+}
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -1,6 +1,7 @@
 final: prev: {
  clerie-backup = final.callPackage ./clerie-backup {};
  clerie-keys = final.callPackage ./clerie-keys {};
+  clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
  clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
  clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
  clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};