ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

create linode bootstrap readme doc

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-01-09 15:42:55 -06:00
parent 3f1f13876e
commit e067fb9f54
16 changed files with 561 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -53,8 +53,9 @@
in in
{ {
default = pkgs.mkShell { default = pkgs.mkShell {
nativeBuildInputs = [ nativeBuildInputs = with pkgs; [
mod_worktrees mod_worktrees
deploy-rs
]; ];
shellHook = '' shellHook = ''

1
hosts/h002/flake.nix
View file

@ -5,6 +5,7 @@
ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets";
mod_boot_grub.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_grub"; mod_boot_grub.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_grub";
mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd"; mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd";
mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula"; mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula";

1
hosts/l003/configuration.nix → hosts/linode/l003/configuration.nix
View file

@ -2,7 +2,6 @@
... ...
}: }:
{ {
networking.hostName = "l003";
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

135
hosts/linode/l003/flake.lock generated Normal file
View file

@ -0,0 +1,135 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"mod_common": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736191002,
"narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=",
"ref": "mod_common",
"rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2",
"revCount": 4,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_common",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"mod_common": "mod_common",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

22
hosts/l003/flake.nix → hosts/linode/l003/flake.nix
View file

@ -1,16 +1,17 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
deploy-rs.url = "github:serokell/deploy-rs";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_common.inputs.ragenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
{ {
self, self,
nixpkgs, nixpkgs,
deploy-rs,
... ...
}@inputs: }@inputs:
let let
@ -36,16 +37,14 @@
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./linode.nix ./linode.nix
./common.nix
( (
{ pkgs, ... }: { pkgs, ... }:
{ {
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
]; ];
mods = { mods = {
common = { common = {
flakeLocationOverride = "/home/luser/.config/nixos-config";
disableRemoteBuildsOnLio = true; disableRemoteBuildsOnLio = true;
systemName = configuration_name; systemName = configuration_name;
allowUnfree = true; allowUnfree = true;
@ -73,5 +72,20 @@
}; };
}); });
}; };
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
}; };
} }

0
hosts/l003/hardware-configuration.nix → hosts/linode/l003/hardware-configuration.nix
View file

0
hosts/l003/linode.nix → hosts/linode/l003/linode.nix
View file

7
hosts/linode/l004/configuration.nix Normal file
View file

@ -0,0 +1,7 @@
{
...
}:
{
boot.loader.grub.enable = true;
system.stateVersion = "24.11";
}

135
hosts/linode/l004/flake.lock generated Normal file
View file

@ -0,0 +1,135 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"mod_common": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736191002,
"narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=",
"ref": "mod_common",
"rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2",
"revCount": 4,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_common",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"mod_common": "mod_common",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

91
hosts/linode/l004/flake.nix Normal file
View file

@ -0,0 +1,91 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
deploy-rs.url = "github:serokell/deploy-rs";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
deploy-rs,
...
}@inputs:
let
configuration_name = "l004";
lib = nixpkgs.lib;
in
{
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" =
let
auto_modules = builtins.concatMap (
input:
lib.optionals
(builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules)
[
input.nixosModules.default
]
) (builtins.attrValues inputs);
in
(lib.nixosSystem {
modules = [
./configuration.nix
./hardware-configuration.nix
./linode.nix
(
{ pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
];
mods = {
common = {
disableRemoteBuildsOnLio = true;
systemName = configuration_name;
allowUnfree = true;
primaryUser = "luser";
docker = true;
users = {
luser = {
extraGroups = [
"wheel"
"networkmanager"
];
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
];
};
};
};
};
}
)
] ++ auto_modules;
specialArgs = {
inherit inputs;
};
});
};
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.232.20.245";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
};
}

34
hosts/linode/l004/hardware-configuration.nix Normal file
View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

33
hosts/linode/l004/linode.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
# https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
# TODO disable after first startup with ssh keys
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys;
networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it.
# required for ssh?
networking.interfaces.eth0.useDHCP = true;
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
}

11
hosts/l003/readme.md → hosts/linode/l004/readme.md
View file

@ -5,13 +5,6 @@ https://nixos.org/download/
`export HOSTNAME=NAME && sudo nixos-rebuild switch --flake ~/.config/nixos-config` `export HOSTNAME=NAME && sudo nixos-rebuild switch --flake ~/.config/nixos-config`
# My config # Deploying
```sh
rsync -e "ssh -i /run/agenix/nix2l002" -Pahz \
--delete-after \
--exclude 'flake.lock' \
~/.config/nixos-config/hosts/l003/ \
luser@172.234.26.141:~/.config/nixos-config/
```
`cd hosts/NAME && deploy`

39
hosts/linode/linode.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, ... }:
{
# https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
# TODO disable after first startup with ssh keys
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it.
# required for ssh?
networking.interfaces.eth0.useDHCP = true;
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
gitMinimal
vim
nano
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
];
}

59
hosts/linode/readme.md Normal file
View file

@ -0,0 +1,59 @@
# Linode setup
<https://www.linode.com/docs/guides/install-nixos-on-linode/#prepare-your-linode>
<https://nixos.org/download/>
- shutdown linode
- delete existing disks and configuration profiles
- Create Disks
- `installer`: `ext4` `1280 MB`
- `swap`: `swap` `512 MB`
- `nixos`: `ext4` all remaining space
- Create two configuration profiles, one for the installer and one to boot NixOS. For each profile, disable all of the options under Filesystem/Boot Helpers and set the Configuration Profile to match the following:
- installer profile
- Label: installer
- Kernel: Direct Disk
- /dev/sda: nixos
- /dev/sdb: swap
- /dev/sdc: installer
- root / boot device: Standard: `/dev/sdc`
- nixos profile
- Label: nixos
- Kernel: GRUB 2
- /dev/sda: nixos
- /dev/sdb: swap
- root / boot device: Standard: `/dev/sda`
- Setup installer.
- rescue mode with installer as /dev/sda
- Open LISH
```bash
# Update SSL certificates to allow HTTPS connections:
update-ca-certificates
# set the iso url to a variable
iso=https://channels.nixos.org/nixos-24.11/latest-nixos-minimal-x86_64-linux.iso
# verify sda disk is installer (~1GB)
lsblk
curl -L https://channels.nixos.org/nixos-24.11/latest-nixos-minimal-x86_64-linux.iso.sha256
# Download the ISO, write it to the installer disk, and verify the checksum:
curl -L $iso | tee >(dd of=/dev/sda) | sha256sum
# verify the shas are the same then shutdown system
shutdown 0
```
- Boot the installer configuration profile and install nixos
(open GLISH and `sudo -i && passwd #simple pass` ssh into machine for easier copy paste, rerun `passwd` with a more secure password here if desired)
- mount /dev/sda /mnt
- swapon /dev/sdb
- nixos-generate-config --root /mnt
- cd /mnt/etc/nixos
- # TODO rewrite device modifiers like they say in the tutorial? I had issues with linode's device labeling so I am leaving it to uuids, this could bite me in the future idk
- copy `linode.nix` into remote server and import it into `configuration.nix`
- update ssh key for root user if needed
- `nixos-install`
- `shutdown 0`
- delete the installer configuration profile in linode, boot into nixos configuration profile
tada, should be able to ssh with root and ssh key defined in earlier in linode.nix

5
readme.md
View file

@ -87,3 +87,8 @@ efi /EFI/Microsoft/Boot/bootmgfw.efi
- work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal - work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal
- reduce home manager, make per user modules support instead - reduce home manager, make per user modules support instead
- Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive. - Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive.
# Server hosts
simply run `deploy` in the host root and it will push changes to the server