Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
c743c79639
@ -2,15 +2,17 @@
|
|||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "tinc_graphs-${version}";
|
name = "tinc_graphs-${version}";
|
||||||
version = "0.3.10";
|
version = "0.3.11";
|
||||||
|
|
||||||
propagatedBuildInputs = with pkgs;[
|
propagatedBuildInputs = with pkgs;[
|
||||||
python3Packages.pygeoip
|
python3Packages.pygeoip
|
||||||
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
||||||
];
|
];
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
|
url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
|
||||||
sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
|
sha256 = "0akvi2srwqny3cd4b9ghssq8wi4kcxd2khabnnvylzs1s9i28fpa";
|
||||||
};
|
};
|
||||||
|
|
||||||
preFixup = with pkgs;''
|
preFixup = with pkgs;''
|
||||||
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
||||||
wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin"
|
wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin"
|
||||||
|
@ -3,20 +3,32 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/makefu>
|
#<stockholm/makefu>
|
||||||
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||||
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
|
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
# <stockholm/makefu/2configs/tools/core.nix>
|
||||||
|
./justdoit.nix
|
||||||
|
{
|
||||||
|
kexec.justdoit = {
|
||||||
|
# bootSize = 512;
|
||||||
|
rootDevice = "/dev/sdb";
|
||||||
|
swapSize = 1024;
|
||||||
|
bootType = "vfat";
|
||||||
|
luksEncrypt = true;
|
||||||
|
uefi = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||||
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
||||||
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
||||||
krebs.build.host = { cores = 0; };
|
#krebs.build.host = { cores = 0; };
|
||||||
isoImage.isoBaseName = lib.mkForce "stockholm";
|
isoImage.isoBaseName = lib.mkForce "stockholm";
|
||||||
krebs.hidden-ssh.enable = true;
|
#krebs.hidden-ssh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
# environment.systemPackages = with pkgs; [
|
||||||
aria2
|
# aria2
|
||||||
ddrescue
|
# ddrescue
|
||||||
];
|
# ];
|
||||||
environment.extraInit = ''
|
environment.extraInit = ''
|
||||||
EDITOR=vim
|
EDITOR=vim
|
||||||
'';
|
'';
|
||||||
|
128
makefu/1systems/iso/justdoit.nix
Normal file
128
makefu/1systems/iso/justdoit.nix
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.kexec.justdoit;
|
||||||
|
x = if cfg.nvme then "p" else "";
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
kexec.justdoit = {
|
||||||
|
rootDevice = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/dev/sda";
|
||||||
|
description = "the root block device that justdoit will nuke from orbit and force nixos onto";
|
||||||
|
};
|
||||||
|
bootSize = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 256;
|
||||||
|
description = "size of /boot in mb";
|
||||||
|
};
|
||||||
|
bootType = mkOption {
|
||||||
|
type = types.enum [ "ext4" "vfat" "zfs" ];
|
||||||
|
default = "ext4";
|
||||||
|
};
|
||||||
|
swapSize = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 1024;
|
||||||
|
description = "size of swap in mb";
|
||||||
|
};
|
||||||
|
poolName = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "tank";
|
||||||
|
description = "zfs pool name";
|
||||||
|
};
|
||||||
|
luksEncrypt = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "encrypt all of zfs and swap";
|
||||||
|
};
|
||||||
|
uefi = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "create a uefi install";
|
||||||
|
};
|
||||||
|
nvme = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "rootDevice is nvme";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = let
|
||||||
|
mkBootTable = {
|
||||||
|
ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT";
|
||||||
|
vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT";
|
||||||
|
zfs = "";
|
||||||
|
};
|
||||||
|
in lib.mkIf true {
|
||||||
|
system.build.justdoit = pkgs.writeScriptBin "justdoit" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
set -e
|
||||||
|
vgchange -a n
|
||||||
|
wipefs -a ${cfg.rootDevice}
|
||||||
|
dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000
|
||||||
|
sfdisk ${cfg.rootDevice} <<EOF
|
||||||
|
label: gpt
|
||||||
|
device: ${cfg.rootDevice}
|
||||||
|
unit: sectors
|
||||||
|
${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
|
||||||
|
${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
|
||||||
|
2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F
|
||||||
|
3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
|
||||||
|
EOF
|
||||||
|
${if cfg.luksEncrypt then ''
|
||||||
|
cryptsetup luksFormat ${cfg.rootDevice}${x}2
|
||||||
|
cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap
|
||||||
|
cryptsetup luksFormat ${cfg.rootDevice}${x}3
|
||||||
|
cryptsetup open --type luks ${cfg.rootDevice}${x}3 root
|
||||||
|
export ROOT_DEVICE=/dev/mapper/root
|
||||||
|
export SWAP_DEVICE=/dev/mapper/swap
|
||||||
|
'' else ''
|
||||||
|
export ROOT_DEVICE=${cfg.rootDevice}${x}3
|
||||||
|
export SWAP_DEVICE=${cfg.rootDevice}${x}2
|
||||||
|
''}
|
||||||
|
${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
|
||||||
|
mkdir -p /mnt
|
||||||
|
${mkBootTable.${cfg.bootType}}
|
||||||
|
mkswap $SWAP_DEVICE -L NIXOS_SWAP
|
||||||
|
zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
|
||||||
|
zfs create -o mountpoint=legacy ${cfg.poolName}/root
|
||||||
|
zfs create -o mountpoint=legacy ${cfg.poolName}/home
|
||||||
|
zfs create -o mountpoint=legacy ${cfg.poolName}/nix
|
||||||
|
swapon $SWAP_DEVICE
|
||||||
|
mount -t zfs ${cfg.poolName}/root /mnt/
|
||||||
|
mkdir /mnt/{home,nix,boot}
|
||||||
|
mount -t zfs ${cfg.poolName}/home /mnt/home/
|
||||||
|
mount -t zfs ${cfg.poolName}/nix /mnt/nix/
|
||||||
|
${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"}
|
||||||
|
nixos-generate-config --root /mnt/
|
||||||
|
hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4))
|
||||||
|
cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix
|
||||||
|
cat > /mnt/etc/nixos/generated.nix <<EOF
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
${if cfg.uefi then ''
|
||||||
|
boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
boot.loader.grub.efiSupport = true;
|
||||||
|
boot.loader.grub.device = "nodev";
|
||||||
|
'' else ''
|
||||||
|
boot.loader.grub.device = "${cfg.rootDevice}";
|
||||||
|
''}
|
||||||
|
networking.hostId = "$hostId"; # required for zfs use
|
||||||
|
${lib.optionalString cfg.luksEncrypt ''
|
||||||
|
boot.initrd.luks.devices = [
|
||||||
|
{ name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
|
||||||
|
{ name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; }
|
||||||
|
];
|
||||||
|
''}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
nixos-install
|
||||||
|
umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
|
||||||
|
zpool export ${cfg.poolName}
|
||||||
|
swapoff $SWAP_DEVICE
|
||||||
|
'';
|
||||||
|
environment.systemPackages = [ config.system.build.justdoit ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
};
|
||||||
|
}
|
40
makefu/1systems/iso/target-config.nix
Normal file
40
makefu/1systems/iso/target-config.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ./hardware-configuration.nix ./generated.nix ];
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
||||||
|
boot.zfs.forceImportRoot = false;
|
||||||
|
boot.zfs.forceImportAll = false;
|
||||||
|
boot.kernelParams = [
|
||||||
|
"boot.shell_on_fail"
|
||||||
|
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
||||||
|
];
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
|
||||||
|
boot.tmpOnTmpfs = true;
|
||||||
|
programs.bash.enableCompletion = true;
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
SystemMaxUse=1G
|
||||||
|
RuntimeMaxUse=128M
|
||||||
|
'';
|
||||||
|
|
||||||
|
# minimal
|
||||||
|
programs.command-not-found.enable = false;
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
programs.ssh.startAgent = false;
|
||||||
|
nix.useSandbox = true;
|
||||||
|
users.mutableUsers = false;
|
||||||
|
networking.firewall.rejectPackets = true;
|
||||||
|
networking.firewall.allowPing = true;
|
||||||
|
services.openssh.enable = true;
|
||||||
|
i18n = {
|
||||||
|
consoleKeyMap = "us";
|
||||||
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
};
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.ipv6.conf.all.use_tempaddr" = 2;
|
||||||
|
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||||
|
};
|
||||||
|
services.nscd.enable = false;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user