From 7ea5e9ed3c1164139624ad910831d25001f81394 Mon Sep 17 00:00:00 2001 From: Gabe Venberg Date: Wed, 24 Sep 2025 15:02:57 +0200 Subject: [PATCH] new machine, altostratus, my remote-work remote box. --- README.md | 12 ++++ configs/home-manager/direnv.nix | 2 +- configs/nixos/distrobox.nix | 24 +++++++ flake.nix | 5 ++ hosts/altostratus/default.nix | 93 +++++++++++++++++++++++++++ hosts/altostratus/disk-config.nix | 32 +++++++++ hosts/altostratus/hardware-config.nix | 6 ++ packages/iso.nix | 1 - roles/nixos/embedded-dev.nix | 11 ++++ 9 files changed, 184 insertions(+), 2 deletions(-) create mode 100644 configs/nixos/distrobox.nix create mode 100644 hosts/altostratus/default.nix create mode 100644 hosts/altostratus/disk-config.nix create mode 100644 hosts/altostratus/hardware-config.nix create mode 100644 roles/nixos/embedded-dev.nix diff --git a/README.md b/README.md index 61bc872..d49b57f 100644 --- a/README.md +++ b/README.md @@ -31,3 +31,15 @@ Each host *must also* define the variables declared in `modules/hostopts.nix`. ## Secrets This repo uses nix-sops for secrets management, with the encrypted secrets being stored in a private repo imported as an input. if the `nix-secrets` input is commented out, the repo should still build, gracefully degrading to default, non-secret, values. + +## Spinning up a new machine: +run `nix build ./#iso` or `nix build aarch64-iso.nix` (depending on architecture), and boot it while on the same network. +(you can also use a regular nixos iso, but this has my tools and pub ssh keys already on it.) +SSH into the machine (hostname will be nixos-installer), and run `nixos-generate --show-hardware-config`, and copy the kernel modules section into your config. +run `ls /dev/disk/by-id`, and note the disk IDs. + +Now your ready to write a config. +You should probably base it off of one of the other configs in `hosts`. +Just modify it to your needs (adding roles, importing other configs, setting up networking, etc) and write a `disk-config.nix` for it. +now, run `nix run github:nix-community/nixos-anywhere -- --flake .\#$CONFIG_NAME root@nixos-installer`, and nixos anywhere will do the rest. +If the machine is headless, you probably also want to add an entry to the deploy config, to update it remotely. diff --git a/configs/home-manager/direnv.nix b/configs/home-manager/direnv.nix index 82d080e..32e5a9c 100644 --- a/configs/home-manager/direnv.nix +++ b/configs/home-manager/direnv.nix @@ -1,6 +1,6 @@ { config, - pgks, + pkgs, lib, ... }: { diff --git a/configs/nixos/distrobox.nix b/configs/nixos/distrobox.nix new file mode 100644 index 0000000..ef5027e --- /dev/null +++ b/configs/nixos/distrobox.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + lib, + ... +}: { + virtualisation.podman = { + enable = true; + dockerCompat = true; + }; + + home-manager.users.${config.host.details.user} = {config, ...}: { + home.file.distroboxConf = { + target = ".config/distrobox/distrobox.conf"; + text = '' + container_additional_volumes="/nix/store:/nix/store:ro /etc/profiles/per-user:/etc/profiles/per-user:ro /etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" + ''; + }; + + home.packages = with pkgs; [ + distrobox + ]; + }; +} diff --git a/flake.nix b/flake.nix index 15dc423..c670550 100644 --- a/flake.nix +++ b/flake.nix @@ -96,6 +96,7 @@ cumulus = import ./hosts/cumulus {inherit inputs myLib;}; cirrus = import ./hosts/cirrus {inherit inputs myLib;}; cirrostratus = import ./hosts/cirrostratus {inherit inputs myLib;}; + altostratus = import ./hosts/altostratus {inherit inputs myLib;}; }; # Standalone home-manager configuration entrypoint @@ -122,6 +123,10 @@ profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.cirrostratus; remoteBuild = true; }; + altostratus = { + hostname = "altostratus"; + profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.altostratus; + }; }; sshUser = "root"; }; diff --git a/hosts/altostratus/default.nix b/hosts/altostratus/default.nix new file mode 100644 index 0000000..573f0f4 --- /dev/null +++ b/hosts/altostratus/default.nix @@ -0,0 +1,93 @@ +{ + inputs, + myLib, + ... +}: +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs myLib;}; + modules = [ + inputs.home-manager.nixosModules.home-manager + inputs.disko.nixosModules.disko + ./disk-config.nix + ./hardware-config.nix + ../../configs/nixos/common.nix + ../../configs/nixos/sshd.nix + ../../configs/nixos/secrets.nix + ../../configs/nixos/tailscale.nix + ../../roles/nixos/embedded-dev.nix + ({ + config, + pkgs, + lib, + ... + }: { + hardware.enableRedistributableFirmware = true; + host.details = { + user = "gabe"; + fullName = "Gabe Venberg"; + gui.enable = false; + }; + networking.hostName = "altostratus"; # Define your hostname. + networking.hostId = "c62c7ef6"; + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + services.resolved.enable = true; + users.users.${config.host.details.user}.extraGroups = ["networkmanager"]; + + # home-manager.sharedModules = [ + # inputs.sops-nix.homeManagerModules.sops + # ]; + home-manager.users.${config.host.details.user} = { + inputs, + osConfig, + lib, + ... + }: { + host.details = osConfig.host.details; + user = { + git = { + profile = { + name = config.host.details.fullName; + email = "gabevenberg@gmail.com"; + }; + workProfile = { + enable = true; + email = "gabriel.venberg@assistme.io"; + }; + }; + }; + imports = [ + ../../roles/home-manager/minimal-terminal.nix + ../../configs/home-manager/common.nix + # ../../configs/home-manager/secrets.nix + ]; + + # sops = lib.mkIf (inputs ? nix-secrets) { + # secrets = { + # }; + # }; + }; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.05"; # Did you read the comment? + }) + ]; +} diff --git a/hosts/altostratus/disk-config.nix b/hosts/altostratus/disk-config.nix new file mode 100644 index 0000000..1bd53be --- /dev/null +++ b/hosts/altostratus/disk-config.nix @@ -0,0 +1,32 @@ +{ + disko.devices = { + disk = { + emmc = { + device = "/dev/disk/by-id/ata-INTENSO_SSD_1832501004002497"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/altostratus/hardware-config.nix b/hosts/altostratus/hardware-config.nix new file mode 100644 index 0000000..61fa8ee --- /dev/null +++ b/hosts/altostratus/hardware-config.nix @@ -0,0 +1,6 @@ +{ + boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; +} diff --git a/packages/iso.nix b/packages/iso.nix index f28e0cd..abdbedb 100644 --- a/packages/iso.nix +++ b/packages/iso.nix @@ -21,7 +21,6 @@ config, pkgs, lib, - inputs, modulesPath, options, ... diff --git a/roles/nixos/embedded-dev.nix b/roles/nixos/embedded-dev.nix new file mode 100644 index 0000000..4dccc1c --- /dev/null +++ b/roles/nixos/embedded-dev.nix @@ -0,0 +1,11 @@ +{ + inputs, + config, + pkgs, + lib, + ... +}: { + imports = [ + ../../configs/nixos/distrobox.nix + ]; +}