diff --git a/README.md b/README.md index afb077f2..23b9bd34 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -[![status-badge](https://ci.cyplo.dev/api/badges/cyplo/dotfiles/status.svg)](https://ci.cyplo.dev/cyplo/dotfiles) https://git.cyplo.dev/cyplo/dotfiles @@ -9,6 +8,8 @@ This is using flakes for reproducibility and home manager for setting up user-sp Workstations are set up by running ` sudo nixos-rebuild switch --flake '.#'` and servers are by `nixos-rebuild switch --flake '.#servername' --target-host root@hostname`. I don't use home manager the program, everything is referenced from the top flake. +## Setting up a new server +* use nixos-anywhere + disko ## infra setup diff --git a/flake.nix b/flake.nix index 9ffbe048..d75e03f0 100644 --- a/flake.nix +++ b/flake.nix @@ -158,6 +158,7 @@ thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; + cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet"; mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; homescreen = mkRaspi nixpkgs-stable "homescreen"; diff --git a/nixos/boxes/cupsnet/README.md b/nixos/boxes/cupsnet/README.md new file mode 100644 index 00000000..f4345b7b --- /dev/null +++ b/nixos/boxes/cupsnet/README.md @@ -0,0 +1,4 @@ +* upload custom dvd with nixos minimal via sftp +* boot +* add ssh authorized key for root +* `nix run github:numtide/nixos-anywhere -- root@v2202401214093251449.happysrv.de --flake '.#cupsnet'` diff --git a/nixos/boxes/cupsnet/boot.nix b/nixos/boxes/cupsnet/boot.nix new file mode 100644 index 00000000..c8049267 --- /dev/null +++ b/nixos/boxes/cupsnet/boot.nix @@ -0,0 +1,16 @@ +{ + config, + pkgs, + inputs, + lib, + ... +}: { + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "ahci" "usbhid" "sr_mod"]; + + boot.loader.grub = { + devices = ["/dev/vda"]; + efiSupport = true; + efiInstallAsRemovable = true; + }; +} diff --git a/nixos/boxes/cupsnet/default.nix b/nixos/boxes/cupsnet/default.nix new file mode 100644 index 00000000..e891608d --- /dev/null +++ b/nixos/boxes/cupsnet/default.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + inputs, + lib, + ... +}: { + imports = [ + "${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix" + ../cli.nix + ../send-logs.nix + ./boot.nix + ./disks.nix + ]; + networking.hostName = "cupsnet"; + + zramSwap = { + enable = true; + algorithm = "zstd"; + memoryPercent = 100; + }; + + time.timeZone = "Europe/London"; +} diff --git a/nixos/boxes/cupsnet/disks.nix b/nixos/boxes/cupsnet/disks.nix new file mode 100644 index 00000000..2512d237 --- /dev/null +++ b/nixos/boxes/cupsnet/disks.nix @@ -0,0 +1,45 @@ +_: { + disko.devices = { + disk = { + vda = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + start = "0"; + end = "1M"; + flags = ["bios_grub"]; + } + { + name = "ESP"; + start = "1M"; + end = "512M"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "primary"; + start = "512M"; + end = "100%"; + part-type = "primary"; + bootable = false; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; + } + ]; + }; + }; + }; + }; +} diff --git a/nixos/tailscale/keys.sops.yaml b/nixos/tailscale/keys.sops.yaml index 03fbc51b..09f66ecd 100644 --- a/nixos/tailscale/keys.sops.yaml +++ b/nixos/tailscale/keys.sops.yaml @@ -6,6 +6,7 @@ tailscale-key-vultr1: ENC[AES256_GCM,data:RRTgKN0uKXaPoObBcNL1zTlLr+XxhBT1EXbHFn tailscale-key-yoga: ENC[AES256_GCM,data:p8n0AoQhqg9IrsMFHVaPa/4tbOghgGqPmWCoP2O9qtqKa7VWXIMYUirdV76jhcenMOvb6UOykhk8,iv:VbqKTg5ZwLgeE0sbCp5381QX0/QY7DXAkalWVFsWyoA=,tag:w+/Y5yU8dnzJ2+xO41nN2Q==,type:str] tailscale-key-mb1: ENC[AES256_GCM,data:S2neG5u49KbxcT+YBoiPwUheeeC/yts8orvVjY/75TWXNKnNlElaVtu9yySNdwo4kioJPw5LAzxq,iv:tLDdn70rvxI0FTaxLTTPVWQ5ct8Z8yq9SqrgOxlGCGA=,tag:88MW1ehQfPH2yqPKwJsK0Q==,type:str] tailscale-key-thinky: ENC[AES256_GCM,data:jhMFMqetLCBXuesK86623rY7jtRvnWYb6GS+5giXDWJxAQ7W+/9K47oQ8WHY+rNkcSTXBygimUk=,iv:5AVhcJzmgGpJtfo0fy299H2vQKVzEjDvCj22tTZcLVo=,tag:XYmUjTN8K2qu3dEkKtABuA==,type:str] +tailscale-key-cupsnet: ENC[AES256_GCM,data:DDEZeixQ4LCsGAZFKy0c4bLecfZqIBZk1NjGf2UEPBp9qryHt/WV9N6zgxzl+vEl+QLZH1IH/+fA,iv:SoVL16N0fGZ7dYWkoxBfhjhKy0Qxi7otk1rgkbK2RPM=,tag:iwvEv1RPRHpRL7FTBR4tFQ==,type:str] tailscale-key-fixme: ENC[AES256_GCM,data:+S55wv2XGGTWuSO5rH/aQWgsSXUIKPmD+Q69O0P2LJHz9V+xAd0MEtk=,iv:/j2MxHG025lc8z3elehxwvMXN3YEcaKuGmDdWKEsJmI=,tag:50UBfo1YafrLozTei27R4g==,type:str] sops: kms: [] @@ -112,8 +113,8 @@ sops: eDU3UnhLZWZnYkpwVWd1RWxSOWh3d2sKhtvrXSDt+IU6R9c/kJ9bM1lbmzPZmiXh UYMyAqjLY906HafUf6GkbDTmdVA0CI11jcxtLPxb95tP1IvsG/YFKg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-06T07:49:40Z" - mac: ENC[AES256_GCM,data:s1qFnUQFdlcpdVhR62sPR05hXVmdntU9zSN/h2QdwffIfBJNlkMtT5yYl5hNQDvt1MjZs3GWxi3tKYnO4l4oxRyyK8C70BZHUB4sHucLmoom3WRbGagNLX15QvQXp/iiuyiuJDjy3ri92akawhgWCjySMcMgREuM2mdblImxWfA=,iv:bLpdEvQLaIB6bnPzgj9sxPaf6iPKlNHjPr/wY+0/WAY=,tag:mVpWqBXYY7fFS0WKDKmfzw==,type:str] + lastmodified: "2024-01-01T13:38:21Z" + mac: ENC[AES256_GCM,data:flXlr85oCD1IEqWX+kIljk1bO1LssxjoKuWO4iZqWf5HUcxojofjO4gTDxXKBIDi0R5B0XnZh0RrZ6fw2CiTzV/YwoaGmbqnFIvyKV8pQrSbINBqh351ZZDsrtG4gDANJmaV0RdS7Iu7EM7Fx/KpQ2VN8tGoyKf4fn7TtmZZu78=,iv:FI2R4nQfBL7NQpP8xycWgrG7ATfmUxqvZIcG3QC2QBA=,tag:Mzhvk5LxZuwUU5rj208wYw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1