home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

raspberrypi #70

Merged
pim merged 5 commits from raspberrypi into master 2024-02-28 20:42:51 +00:00
Conversation 0 Commits 5 Files changed 7 +212 -193
6 changed files with 212 additions and 193 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 25937f535b - Show all commits

4
flake.nix
View file

@ -84,8 +84,8 @@
nodes = mkDeployNodes (name: machine: { nodes = mkDeployNodes (name: machine: {
hostname = self.nixosConfigurations.${name}.config.networking.fqdn; hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
profiles.system = { profiles.system = {
remoteBuild = true; remoteBuild = machine.arch != "x86_64-linux";
path = deploy-rs.lib."aarch64-linux".activate.nixos path = deploy-rs.lib."${machine.arch}".activate.nixos
self.nixosConfigurations.${name}; self.nixosConfigurations.${name};
}; };
}); });

40
nixos/machines/default.nix
View file

@ -1,7 +1,12 @@
# TODO: Create a nixos module system for this. (mkMerge)
# That way, we don't have to specify isRaspberryPi on every machine... etc.
{ {
warwick = { warwick = {
type = "physical"; type = "physical";
arch = "aarch64-linux"; arch = "aarch64-linux";
isRaspberryPi = true;
isHypervisor = false;
isVirtualMachine = false;
nixosModule.lab = { nixosModule.lab = {
storage = { storage = {
@ -13,6 +18,9 @@
atlas = { atlas = {
type = "physical"; type = "physical";
arch = "x86_64-linux"; arch = "x86_64-linux";
isRaspberryPi = false;
isHypervisor = true;
isVirtualMachine = false;
nixosModule.lab = { nixosModule.lab = {
storage = { storage = {
@ -31,9 +39,11 @@
jefke = { jefke = {
type = "physical"; type = "physical";
arch = "x86_64-linux"; arch = "x86_64-linux";
isRaspberryPi = false;
isHypervisor = true;
isVirtualMachine = false;
nixosModule = { nixosModule.lab = {
lab = {
storage = { storage = {
osDisk = "/dev/sda"; osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1"; dataPartition = "/dev/nvme0n1p1";
@ -46,11 +56,13 @@
}; };
}; };
}; };
};
lewis = { lewis = {
type = "physical"; type = "physical";
arch = "x86_64-linux"; arch = "x86_64-linux";
isRaspberryPi = false;
isHypervisor = true;
isVirtualMachine = false;
nixosModule.lab = { nixosModule.lab = {
backups.enable = true; backups.enable = true;
@ -73,18 +85,23 @@
hermes = { hermes = {
type = "virtual"; type = "virtual";
hypervisorName = "lewis"; hypervisorName = "lewis";
isRaspberryPi = false;
isVirtualMachine = true;
isHypervisor = false;
nixosModule = { config, ... }: { nixosModule = { config, ... }: {
lab = { lab = {
networking.dmz.services.enable = true; networking = {
dmz.services.enable = true;
staticNetworking = true;
staticIPv4 = config.lab.networking.dmz.ipv4.services;
staticIPv6 = config.lab.networking.dmz.ipv6.services;
};
vm = { vm = {
# TODO: would be cool to create a check that a mac address is only ever assigned to one VM. # TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
# TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible? # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
id = 7; id = 7;
staticNetworking = true;
staticIPv4 = config.lab.networking.dmz.ipv4.services;
staticIPv6 = config.lab.networking.dmz.ipv6.services;
shares = [{ shares = [{
name = "dnsmasq"; name = "dnsmasq";
@ -98,6 +115,9 @@
maestro = { maestro = {
type = "virtual"; type = "virtual";
hypervisorName = "atlas"; hypervisorName = "atlas";
isRaspberryPi = false;
isVirtualMachine = false;
isHypervisor = false;
nixosModule = { config, ... }: { nixosModule = { config, ... }: {
microvm.balloonMem = 7680; microvm.balloonMem = 7680;
@ -115,6 +135,9 @@
bancomart = { bancomart = {
type = "virtual"; type = "virtual";
hypervisorName = "jefke"; hypervisorName = "jefke";
isRaspberryPi = false;
isVirtualMachine = false;
isHypervisor = false;
nixosModule = { nixosModule = {
microvm.balloonMem = 7680; microvm.balloonMem = 7680;
@ -129,6 +152,9 @@
vpay = { vpay = {
type = "virtual"; type = "virtual";
hypervisorName = "lewis"; hypervisorName = "lewis";
isRaspberryPi = false;
isVirtualMachine = false;
isHypervisor = false;
nixosModule = { nixosModule = {
microvm.balloonMem = 5120; microvm.balloonMem = 5120;

77
nixos/modules/networking/default.nix
View file

@ -22,11 +22,26 @@ in {
}; };
}; };
mainNicNamePattern = lib.mkOption { staticNetworking = lib.mkOption {
default = "en*"; default = false;
type = lib.types.bool;
description = ''
Whether this machine has static networking configuration applied.
Routing is prepopulated, but IP addresses have to be set.
'';
};
staticIPv4 = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = '' description = ''
Pattern to match the name of this machine's main NIC. Static IPv4 address for the machine.
'';
};
staticIPv6 = lib.mkOption {
type = lib.types.str;
description = ''
Static IPv6 address for the machine.
''; '';
}; };
}; };
@ -35,7 +50,7 @@ in {
networking = { networking = {
domain = if machine.type == "physical" then "hyp" else "dmz"; domain = if machine.type == "physical" then "hyp" else "dmz";
nftables.enable = true; nftables.enable = true;
useDHCP = true; useDHCP = false;
firewall = { firewall = {
enable = true; enable = true;
@ -43,10 +58,10 @@ in {
}; };
}; };
systemd.network = lib.mkIf (false && machine.type == "physical") { systemd.network = {
enable = true; enable = true;
netdevs = { netdevs = lib.mkIf machine.isHypervisor {
"20-vlandmz" = { "20-vlandmz" = {
vlanConfig.Id = 30; vlanConfig.Id = 30;
@ -64,9 +79,10 @@ in {
}; };
}; };
networks = { networks = lib.attrsets.mergeAttrsList [
(lib.optionalAttrs machine.isHypervisor {
"30-main-nic" = { "30-main-nic" = {
matchConfig.Name = cfg.mainNicNamePattern; matchConfig.Name = "en*";
vlan = [ "vlandmz" ]; vlan = [ "vlandmz" ];
networkConfig = { networkConfig = {
@ -100,7 +116,52 @@ in {
matchConfig.Name = "vm-*"; matchConfig.Name = "vm-*";
networkConfig.Bridge = cfg.dmz.bridgeName; networkConfig.Bridge = cfg.dmz.bridgeName;
}; };
})
(lib.optionalAttrs machine.isVirtualMachine {
"30-main-nic" = {
matchConfig.Name = "en*";
networkConfig = {
IPv6AcceptRA = ! cfg.staticNetworking;
DHCP = lib.mkIf (! cfg.staticNetworking) "yes";
Address = lib.mkIf cfg.staticNetworking [
"${cfg.staticIPv4}/${cfg.dmz.ipv4.prefixLength}"
"${cfg.staticIPv6}/${cfg.dmz.ipv6.prefixLength}"
];
DNS = lib.mkIf cfg.staticNetworking [
cfg.dmz.ipv4.router
cfg.dmz.ipv6.router
];
}; };
routes = lib.mkIf cfg.staticNetworking [
{
routeConfig = {
Gateway = cfg.dmz.ipv4.router;
Destination = "0.0.0.0/0";
};
}
{
routeConfig = {
Gateway = cfg.dmz.ipv6.router;
Destination = "::/0";
};
}
];
};
})
(lib.optionalAttrs machine.isRaspberryPi {
"30-main-nic" = {
matchConfig.Name = "end*";
networkConfig = {
IPv6AcceptRA = true;
DHCP = "yes";
};
};
})
];
}; };
}; };
} }

19
nixos/modules/storage.nix
View file

@ -26,13 +26,23 @@ in {
}; };
}; };
config = lib.mkIf (false && machine.type == "physical") { config = {
fileSystems.${cfg.dataMountPoint} = lib.mkIf (! isNull cfg.dataPartition) { fileSystems = lib.attrsets.mergeAttrsList [
device = cfg.dataPartition; (lib.optionalAttrs machine.isHypervisor {
"${cfg.dataMountPoint}".device = cfg.dataPartition;
})
(lib.optionalAttrs machine.isRaspberryPi {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
}; };
})
];
# TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then. # TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then.
disko.devices.disk.vdb = { disko = lib.mkIf machine.isHypervisor {
devices.disk.vdb = {
device = cfg.osDisk; device = cfg.osDisk;
type = "disk"; type = "disk";
@ -66,4 +76,5 @@ in {
}; };
}; };
}; };
};
} }

63
nixos/physical.nix
View file

@ -1,55 +1,40 @@
{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, machine, nixos-hardware, ... }: { { pkgs, config, lib, microvm, disko, agenix, machine, machines, dns, nixos-hardware, ... }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix")
microvm.nixosModules.host microvm.nixosModules.host
nixos-hardware.nixosModules.raspberry-pi-4 ]
]; ++ lib.lists.optional (machine.isRaspberryPi) nixos-hardware.nixosModules.raspberry-pi-4;
config = { config = {
boot = lib.mkIf (machine.isHypervisor) {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
fileSystems = { initrd = {
"/" = { availableKernelModules = [
device = "/dev/disk/by-label/NIXOS_SD"; "ahci"
fsType = "ext4"; "xhci_pci"
options = [ "noatime" ]; "nvme"
}; "usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
kernelModules = [ ];
}; };
# boot.loader.grub.device = "/dev/sda"; loader = {
# boot.loader.grub.enable = true; systemd-boot.enable = true;
# boot.loader.grub.efiSupport = true; efi.canTouchEfiVariables = true;
# boot.loader.grub.efiInstallAsRemovable = true; };
# boot.loader.grub.device = "nodev"; };
# boot = {
# # kernelModules = [ "kvm-intel" ];
# kernelModules = [ ];
# extraModulePackages = [ ];
# initrd = {
# availableKernelModules = [
# "ahci"
# "xhci_pci"
# "nvme"
# "usbhid"
# "usb_storage"
# "sd_mod"
# "sdhci_pci"
# ];
# kernelModules = [ ];
# };
# loader = {
# # systemd-boot.enable = true;
# efi.canTouchEfiVariables = true;
# };
# };
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
# TODO: do we need this?
# hostPlatform = machine.arch; # hostPlatform = machine.arch;
}; };
# hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkIf (machine.isHypervisor) config.hardware.enableRedistributableFirmware;
age.identityPaths = [ "/etc/age_ed25519" ]; age.identityPaths = [ "/etc/age_ed25519" ];

90
nixos/virtual/default.nix
View file

@ -2,6 +2,7 @@
imports = [ ./docker_swarm.nix ]; imports = [ ./docker_swarm.nix ];
options.lab.vm = { options.lab.vm = {
# TODO: make global.
baseMACAddress = lib.mkOption { baseMACAddress = lib.mkOption {
default = "BA:DB:EE:F0:00:00"; default = "BA:DB:EE:F0:00:00";
type = lib.types.str; type = lib.types.str;
@ -17,29 +18,6 @@
''; '';
}; };
staticNetworking = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether this VM has static networking configuration applied.
Routing is prepopulated, but IP addresses have to be set.
'';
};
staticIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
Static IPv4 address for the VM.
'';
};
staticIPv6 = lib.mkOption {
type = lib.types.str;
description = ''
Static IPv6 address for the VM.
'';
};
shares = lib.mkOption { shares = lib.mkOption {
default = [ ]; default = [ ];
description = '' description = ''
@ -73,15 +51,19 @@
mountPoint = "/etc/ssh/host_keys"; mountPoint = "/etc/ssh/host_keys";
}]; }];
services.openssh = { services.openssh =
# hostKeys = [{ let
# path = "/etc/ssh/host_keys/ssh_host_ed25519_key"; hostKeyPath = "/etc/ssh/host_keys/ssh_host_ed25519_key";
# type = "ed25519"; in
# }]; {
hostKeys = [{
path = hostKeyPath;
type = "ed25519";
}];
# extraConfig = '' extraConfig = ''
# HostKey /etc/ssh/host_keys/ssh_host_ed25519_key HostKey ${hostKeyPath}
# ''; '';
}; };
microvm = { microvm = {
@ -108,51 +90,5 @@
mac = pkgs.lib.net.mac.add config.lab.vm.id config.lab.vm.baseMACAddress; mac = pkgs.lib.net.mac.add config.lab.vm.id config.lab.vm.baseMACAddress;
}]; }];
}; };
networking.useDHCP = false;
systemd.network =
let
cfg = config.lab.networking;
in
{
enable = true;
networks = {
"30-main-nic" = {
matchConfig.Name = "en*";
networkConfig = {
IPv6AcceptRA = ! config.lab.vm.staticNetworking;
DHCP = lib.mkIf (! config.lab.vm.staticNetworking) "yes";
Address = lib.mkIf config.lab.vm.staticNetworking [
"${ config.lab.vm.staticIPv4}/${cfg.dmz.ipv4.prefixLength}"
"${config.lab.vm.staticIPv6}/${cfg.dmz.ipv6.prefixLength}"
];
DNS = lib.mkIf config.lab.vm.staticNetworking [
cfg.dmz.ipv4.router
cfg.dmz.ipv6.router
];
};
routes = lib.mkIf config.lab.vm.staticNetworking [
{
routeConfig = {
Gateway = cfg.dmz.ipv4.router;
Destination = "0.0.0.0/0";
};
}
{
routeConfig = {
Gateway = cfg.dmz.ipv6.router;
Destination = "::/0";
};
}
];
};
};
};
}; };
} }