From d774997a272d6a6e334c11899c9f4beca048150a Mon Sep 17 00:00:00 2001 From: Johannes Rothe Date: Wed, 13 Nov 2024 22:10:09 +0100 Subject: [PATCH] Take over a VPS with nixos-anywhere --- flake.lock | 37 ++++++++++++++++++++++- flake.nix | 11 ++++++- vps-configuration.nix | 36 ++++++++++++++++++++++ vps-disk-config.nix | 55 ++++++++++++++++++++++++++++++++++ vps-hardware-configuration.nix | 24 +++++++++++++++ 5 files changed, 161 insertions(+), 2 deletions(-) create mode 100644 vps-configuration.nix create mode 100644 vps-disk-config.nix create mode 100644 vps-hardware-configuration.nix diff --git a/flake.lock b/flake.lock index be045ea..5cee326 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "owner": "nix-community", + "repo": "disko", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -22,6 +40,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1730958623, + "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "85f7e662eda4fa3a995556527c87b2524b691933", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1730327045, "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", @@ -39,8 +73,9 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" } } }, diff --git a/flake.nix b/flake.nix index 40d31da..aa5cb61 100644 --- a/flake.nix +++ b/flake.nix @@ -2,12 +2,13 @@ description = "NixOS configuration flake"; inputs = { + disko.url = "github:nix-community/disko"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, home-manager, ...}: + outputs = { self, nixpkgs, home-manager, disko,...}: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; @@ -21,6 +22,14 @@ ./hardware-configuration.nix ]; }; + tien = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./vps-configuration.nix + ./vps-hardware-configuration.nix + ]; + }; }; homeConfigurations = { "rothe@lift" = home-manager.lib.homeManagerConfiguration { diff --git a/vps-configuration.nix b/vps-configuration.nix new file mode 100644 index 0000000..c1bc40e --- /dev/null +++ b/vps-configuration.nix @@ -0,0 +1,36 @@ +{ config, modulesPath, lib, pkgs, ... }: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./vps-disk-config.nix + ]; + boot.loader.grub = { + # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.hostName = "tien"; + + # do not use DHCP, as dashserv provisions IPs using cloud-init + networking.useDHCP = pkgs.lib.mkForce false; + services.cloud-init = { + enable = true; + network.enable = true; + }; + + networking.firewall = { + enable = true; + trustedInterfaces = [ "tailscale0" ]; + }; + + services.tailscale.enable = true; + + environment.systemPackages = with pkgs; [ + curl + ]; + + system.stateVersion = "24.05"; +} diff --git a/vps-disk-config.nix b/vps-disk-config.nix new file mode 100644 index 0000000..1641339 --- /dev/null +++ b/vps-disk-config.nix @@ -0,0 +1,55 @@ +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/vps-hardware-configuration.nix b/vps-hardware-configuration.nix new file mode 100644 index 0000000..f940a73 --- /dev/null +++ b/vps-hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}