From 92f34a8e0c3c962e37c231bbfb5845782ab482ca Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 21 Jan 2025 18:45:06 -0600 Subject: [PATCH] oracle machine --- hosts/linode/l002/linode.nix | 1 - hosts/linode/l004/linode.nix | 1 - hosts/lio/flake.lock | 100 ++++---- hosts/lio/flake.nix | 2 + hosts/oracle/o001/configuration.nix | 8 + hosts/oracle/o001/flake.lock | 245 +++++++++++++++++++ hosts/oracle/o001/flake.nix | 97 ++++++++ hosts/oracle/o001/hardware-configuration.nix | 37 +++ hosts/oracle/oracle.nix | 31 +++ hosts/oracle/readme.md | 4 + 10 files changed, 474 insertions(+), 52 deletions(-) create mode 100644 hosts/oracle/o001/configuration.nix create mode 100644 hosts/oracle/o001/flake.lock create mode 100644 hosts/oracle/o001/flake.nix create mode 100644 hosts/oracle/o001/hardware-configuration.nix create mode 100644 hosts/oracle/oracle.nix create mode 100644 hosts/oracle/readme.md diff --git a/hosts/linode/l002/linode.nix b/hosts/linode/l002/linode.nix index 2fca20d..638f35b 100644 --- a/hosts/linode/l002/linode.nix +++ b/hosts/linode/l002/linode.nix @@ -12,7 +12,6 @@ boot.loader.grub.device = "nodev"; boot.loader.timeout = 10; - # TODO disable after first startup with ssh keys services.openssh = { enable = true; settings.PermitRootLogin = "yes"; diff --git a/hosts/linode/l004/linode.nix b/hosts/linode/l004/linode.nix index 2fca20d..638f35b 100644 --- a/hosts/linode/l004/linode.nix +++ b/hosts/linode/l004/linode.nix @@ -12,7 +12,6 @@ boot.loader.grub.device = "nodev"; boot.loader.timeout = 10; - # TODO disable after first startup with ssh keys services.openssh = { enable = true; settings.PermitRootLogin = "yes"; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 82beb6a..a45e004 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -242,11 +242,11 @@ "ragenix": "ragenix" }, "locked": { - "lastModified": 1736544189, - "narHash": "sha256-itFFi1SGZRdmREBhcDpuSD93bInq2Juoj3JQ7Q/oF+8=", + "lastModified": 1737492763, + "narHash": "sha256-AMh+4cqU9bhOQ85du76RsJ78ip1yDaiTtModlpREMSI=", "ref": "mod_secrets", - "rev": "17777b25238d4cb84b903252c49c75bd7030a3f6", - "revCount": 8, + "rev": "b45dd1d219a656c52cde4b98c509c36ed1833ae0", + "revCount": 11, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -321,11 +321,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1736848588, - "narHash": "sha256-9B6fQqphF3j9lpcxQnKyIUgp3NyGi7ikb9CjCYqixcY=", + "lastModified": 1737482271, + "narHash": "sha256-97Ifbrh2mxDqAxwqmSa66hL+0jYZwkFtyEZNj55pN3o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "357cd3dfdb8993af11268d755d53357720675e66", + "rev": "eca7c9bba81687dc5bf882015549d95cf21b8bd7", "type": "github" }, "original": { @@ -401,11 +401,11 @@ "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": { "flake": false, "locked": { - "lastModified": 1736541470, - "narHash": "sha256-rW77UTZwBxyZQ/f6uw9T+f2Y3fwo7CY4/lv3ARwsxGk=", + "lastModified": 1737054285, + "narHash": "sha256-7yepeUhhViVJpbj48qg0Z3cCCtGt6bZ90hM/ie+5LqA=", "owner": "MeanderingProgrammer", "repo": "render-markdown.nvim", - "rev": "d7b646f2e6136d963e1bd3abbb9e2ac3fa90837a", + "rev": "ad055861d17afe058bd835e82292e14a64b51b1d", "type": "github" }, "original": { @@ -481,11 +481,11 @@ "nvim_plugin-b0o/schemastore.nvim": { "flake": false, "locked": { - "lastModified": 1736791258, - "narHash": "sha256-kUxvFfeRW9VO4l44wW8/lz+AqygzXgKXyHpy/1lS4ZU=", + "lastModified": 1737356906, + "narHash": "sha256-tTSFLptUoqB5Z0yhDKwqoz0EpEP5Gr7b/0LFQhenAGc=", "owner": "b0o", "repo": "schemastore.nvim", - "rev": "feaa60d3451d7f7e52eaf76a07ea52808d68cf6c", + "rev": "f79b4d02f88fc58940f5786ed33af737bc015657", "type": "github" }, "original": { @@ -689,11 +689,11 @@ "nvim_plugin-lewis6991/gitsigns.nvim": { "flake": false, "locked": { - "lastModified": 1736536783, - "narHash": "sha256-4x/3UQtN9fecGUNoulFUQEKCjRtSJd7I8qmpEIc/58c=", + "lastModified": 1737480894, + "narHash": "sha256-RCpA9ECnla38cNX9PyxVL+yvdNpfZcIr/kQ/4QY6zBQ=", "owner": "lewis6991", "repo": "gitsigns.nvim", - "rev": "abcd00a7d5bc1a9470cb21b023c575acade3e4db", + "rev": "2ff0c29f2a6b1247d96cc59535d53e5589fb50b6", "type": "github" }, "original": { @@ -721,11 +721,11 @@ "nvim_plugin-lukas-reineke/indent-blankline.nvim": { "flake": false, "locked": { - "lastModified": 1736837539, - "narHash": "sha256-Y1WP3wDj2MFgqW1ssUro9enLZS+OM3XViv3j/4+5rrc=", + "lastModified": 1737369467, + "narHash": "sha256-0+boInVEzS2myYil/l+frs8PAa/2eJcVTyXnEk6TGvI=", "owner": "lukas-reineke", "repo": "indent-blankline.nvim", - "rev": "7a698a1d7ed755af9f5a88733b23ca246ce2df28", + "rev": "e10626f7fcd51ccd56d7ffc00883ba7e0aa28f78", "type": "github" }, "original": { @@ -785,11 +785,11 @@ "nvim_plugin-mfussenegger/nvim-lint": { "flake": false, "locked": { - "lastModified": 1736154173, - "narHash": "sha256-OChCLXHAqa129NiGfmwddq0Hj5F9AtC3TmFbnNCZqfo=", + "lastModified": 1737286954, + "narHash": "sha256-E0M+H+l2XSGv+l2meqyt443wFsToc1gtpQKYj4ygVPg=", "owner": "mfussenegger", "repo": "nvim-lint", - "rev": "dfa45de973c3ce7bd1b9a6d346f896a68ad07e44", + "rev": "ec9fda13a5254783a80b37563ed5eb97b75c28b7", "type": "github" }, "original": { @@ -801,11 +801,11 @@ "nvim_plugin-mrcjkb/rustaceanvim": { "flake": false, "locked": { - "lastModified": 1736641181, - "narHash": "sha256-WHMX6I3C0fzzerYvWjrrGVg4w81IBi05BbpsGus8qzs=", + "lastModified": 1737246102, + "narHash": "sha256-SSBv1+GxuVpYhpCH//6EXFJ4NXZdZM0pGe19f53JpiA=", "owner": "mrcjkb", "repo": "rustaceanvim", - "rev": "ff10ab2bdcdbd55fdd9651d147a879bad7900647", + "rev": "8cf9705d98cc77837aa388a5d48f9a73f27f4782", "type": "github" }, "original": { @@ -817,11 +817,11 @@ "nvim_plugin-neovim/nvim-lspconfig": { "flake": false, "locked": { - "lastModified": 1736832200, - "narHash": "sha256-Ul1hBFF3N9D/SHarxBJlAsEZ7JAoy9Fm2UrkMvUJYWE=", + "lastModified": 1737470744, + "narHash": "sha256-3tTusoDm8GbKkiBMRdto/BeDHgiU0RBL4pGq+PHqLo8=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "355c565eae59810c1af4cf132938fa0fc251c5a2", + "rev": "d9fbdafd80350b38c15521e11e66936032ed90d1", "type": "github" }, "original": { @@ -961,11 +961,11 @@ "nvim_plugin-nvim-tree/nvim-tree.lua": { "flake": false, "locked": { - "lastModified": 1736743295, - "narHash": "sha256-33spbOlZaHYuFxY6DHSlg/RyMb1lC4TCM/KrpacUp0A=", + "lastModified": 1737156486, + "narHash": "sha256-b8YOOIYML9aKy4Y7S+iLKIaTfCqrxK1wB/ZaeFRCUmo=", "owner": "nvim-tree", "repo": "nvim-tree.lua", - "rev": "d529a99f88e0dff02e0aa275db2f595cd252a2c8", + "rev": "fca0b67c0b5a31727fb33addc4d9c100736a2894", "type": "github" }, "original": { @@ -993,11 +993,11 @@ "nvim_plugin-nvim-treesitter/nvim-treesitter-context": { "flake": false, "locked": { - "lastModified": 1736249562, - "narHash": "sha256-XuKCAKy+CW0FWye5dS/B6FYTMTgsWm3oRCS+IHYciw0=", + "lastModified": 1737125584, + "narHash": "sha256-W5fELF3Am1c6wpA4/JxWjGVWQuDYKUqKO+M2+7anugM=", "owner": "nvim-treesitter", "repo": "nvim-treesitter-context", - "rev": "d0dd7ce5a9d0be1f28086e818e52fdc5c78975df", + "rev": "bece284c5322ddf6946fa4bdc383a2bc033269d7", "type": "github" }, "original": { @@ -1025,11 +1025,11 @@ "nvim_plugin-rcarriga/nvim-notify": { "flake": false, "locked": { - "lastModified": 1736431316, - "narHash": "sha256-C+HjESSYbDwWoDLGJqydV4eflH6327iAHbGyInKbgSA=", + "lastModified": 1737405174, + "narHash": "sha256-6vNfc7E9DMXF0IBXJCLA8Rp+uOgbDch/Q7beW0ys3Vo=", "owner": "rcarriga", "repo": "nvim-notify", - "rev": "a3020c2cf4dfc4c4f390c4a21e84e35e46cf5d17", + "rev": "22f29093eae7785773ee9d543f8750348b1a195c", "type": "github" }, "original": { @@ -1105,11 +1105,11 @@ "nvim_plugin-stevearc/conform.nvim": { "flake": false, "locked": { - "lastModified": 1735948416, - "narHash": "sha256-WDLu6TTmjAOkFndPlgSJyRosZ/SQkrcjJZQfLjALoes=", + "lastModified": 1737055718, + "narHash": "sha256-EjV/EesdZvpvOaeoqUJCkcIejFUdCsQEsbt0dj41jL0=", "owner": "stevearc", "repo": "conform.nvim", - "rev": "70019124aa4f2e6838be9fbd2007f6d13b27a96d", + "rev": "6dc21d4ce050c2e592d9635b7983d67baf216e3d", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ "nvim_plugin-yetone/avante.nvim": { "flake": false, "locked": { - "lastModified": 1736840397, - "narHash": "sha256-YQGAif+ClBDBtKulN6Bxk1MZXWnPdF/HUmXGDzk0J0o=", + "lastModified": 1737417446, + "narHash": "sha256-7u6FzuRRyNk7NDO1be7/ptR8qFDZFxseifQadA1+hy4=", "owner": "yetone", "repo": "avante.nvim", - "rev": "bd8afce3b0cac6e3d5e1a409692975199be38b81", + "rev": "15a471b1558cd0c83353aa621405b43f30454f33", "type": "github" }, "original": { @@ -1364,11 +1364,11 @@ "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1736849023, - "narHash": "sha256-oybO6JqkU6uc+Kaab/QuFgvdVaE5wAJK2WqBECArDaA=", + "lastModified": 1737483156, + "narHash": "sha256-9J2jwkSZOi4oEgFcscUw/E1HiJUHpkenALOeoEosW74=", "ref": "refs/heads/master", - "rev": "184e7327aa85457cae8563daf7b8f72e38e9045b", - "revCount": 256, + "rev": "b6d1f596766f16087b841387af2658f3275d40d7", + "revCount": 257, "type": "git", "url": "https://git.joshuabell.xyz/nvim" }, @@ -1429,11 +1429,11 @@ ] }, "locked": { - "lastModified": 1736735482, - "narHash": "sha256-QOA4jCDyyUM9Y2Vba+HSZ/5LdtCMGaTE/7NkkUzBr50=", + "lastModified": 1737426362, + "narHash": "sha256-4SavpRWfRw2pLG1qqErWpk/hI1eCzqjKcE1motxHZgo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "cf960a1938ee91200fe0d2f7b2582fde2429d562", + "rev": "2103fcb16359438d42141bac873ed2367a05cbe7", "type": "github" }, "original": { diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index ee884e0..0a57786 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -59,6 +59,8 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" ]; + # Allow emulation of aarch64-linux binaries for cross compiling + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; mods = { common = { diff --git a/hosts/oracle/o001/configuration.nix b/hosts/oracle/o001/configuration.nix new file mode 100644 index 0000000..fa85440 --- /dev/null +++ b/hosts/oracle/o001/configuration.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/oracle/o001/flake.lock b/hosts/oracle/o001/flake.lock new file mode 100644 index 0000000..8e22d2d --- /dev/null +++ b/hosts/oracle/o001/flake.lock @@ -0,0 +1,245 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "mod_common": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737140780, + "narHash": "sha256-qf0GX8TZcu05RqBdqm3kYz82EVWH0Ijl7FMa89UMAks=", + "ref": "mod_common", + "rev": "172ff3a299bbd8463fdd71a2ac2dc257bc7331e8", + "revCount": 11, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_common", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "mod_nebula": { + "locked": { + "lastModified": 1737504380, + "narHash": "sha256-fCUUWkXAzsJDdZuGoG4GhAMdGld4J8cvDtzo6SlB9Dg=", + "ref": "mod_nebula", + "rev": "70cea59e9f1f750fd0aee8cde8cd54aee8601336", + "revCount": 5, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_nebula", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "mod_ros_stormd": { + "inputs": { + "ringofstorms-stormd": "ringofstorms-stormd" + }, + "locked": { + "lastModified": 1736544199, + "narHash": "sha256-OWboCDCBHFy+PuWsFVShEqEaLEgVdZR98k9zrNIb+3s=", + "ref": "mod_stormd", + "rev": "765c7f4436db03936960373ff77dc2d41f0c4cd5", + "revCount": 2, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_stormd", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1737299813, + "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "ringofstorms-stormd": { + "inputs": { + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1735420577, + "narHash": "sha256-2HWEALz0PVJCiP/2iZuDMj4qyukXR5IxNKFxT1NAMlQ=", + "ref": "refs/heads/master", + "rev": "7edf6888a460708889fabea2c762d4dfed4fa64f", + "revCount": 51, + "type": "git", + "url": "ssh://git.joshuabell.xyz:3032/stormd" + }, + "original": { + "type": "git", + "url": "ssh://git.joshuabell.xyz:3032/stormd" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "mod_common": "mod_common", + "mod_nebula": "mod_nebula", + "mod_ros_stormd": "mod_ros_stormd", + "nixpkgs": "nixpkgs_3" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "mod_ros_stormd", + "ringofstorms-stormd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729218602, + "narHash": "sha256-KDmYxpkFWa0Go0WnOpkgQOypVaQxbwgpEutET5ey1VQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "9051466c82b9b3a6ba9e06be99621ad25423ec94", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/oracle/o001/flake.nix b/hosts/oracle/o001/flake.nix new file mode 100644 index 0000000..f1b1ac0 --- /dev/null +++ b/hosts/oracle/o001/flake.nix @@ -0,0 +1,97 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + deploy-rs.url = "github:serokell/deploy-rs"; + + mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; + mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd"; + mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula"; + }; + + outputs = + { + self, + nixpkgs, + deploy-rs, + ... + }@inputs: + let + configuration_name = "o001"; + lib = nixpkgs.lib; + in + { + deploy = { + sshUser = "root"; + sshOpts = [ + "-i" + "/run/agenix/nix2oracle" + ]; + nodes.${configuration_name} = { + hostname = "149.130.211.142"; + targetPlatform = "aarch64-linux"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; + }; + }; + }; + + nixosConfigurations = { + nixos = self.nixosConfigurations.${configuration_name}; + "${configuration_name}" = + let + auto_modules = builtins.concatMap ( + input: + lib.optionals + (builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules) + [ + input.nixosModules.default + ] + ) (builtins.attrValues inputs); + in + (lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./configuration.nix + ./hardware-configuration.nix + ( + { pkgs, ... }: + { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle" + ]; + mods = { + nebula = { + serviceEnabled = false; + }; + common = { + disableRemoteBuildsOnLio = true; + systemName = configuration_name; + allowUnfree = true; + primaryUser = "luser"; + docker = true; + users = { + luser = { + extraGroups = [ + "wheel" + "networkmanager" + ]; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle" + ]; + }; + }; + }; + }; + } + ) + ] ++ auto_modules; + specialArgs = { + inherit inputs; + }; + }); + }; + }; +} diff --git a/hosts/oracle/o001/hardware-configuration.nix b/hosts/oracle/o001/hardware-configuration.nix new file mode 100644 index 0000000..ea91524 --- /dev/null +++ b/hosts/oracle/o001/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/e0a4976e-ed77-4bda-9474-160d39dc1047"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/D730-6BC3"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/oracle/oracle.nix b/hosts/oracle/oracle.nix new file mode 100644 index 0000000..6766794 --- /dev/null +++ b/hosts/oracle/oracle.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: +{ + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # TODO disable after first startup with ssh keys + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + }; + + # networking.usePredictableInterfaceNames = false; + # networking.useDHCP = false; # Disable DHCP globally as we will not need it. + # required for ssh? + # networking.interfaces.eth0.useDHCP = true; + + environment.systemPackages = with pkgs; [ + inetutils + mtr + sysstat + gitMinimal + vim + nano + ]; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle" + ]; +} diff --git a/hosts/oracle/readme.md b/hosts/oracle/readme.md new file mode 100644 index 0000000..c8a8a11 --- /dev/null +++ b/hosts/oracle/readme.md @@ -0,0 +1,4 @@ +Mostly followed: https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ +- kexectools -> kexec-tools +- create mnt/boot after mounting mnt +- copy over oracle.nix and import for first nixos-install