From f211bd408be677e78c2d643fc278d96d214f8f90 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Thu, 26 Nov 2020 22:43:02 +0100 Subject: [PATCH] Manage remote systems --- flake.nix | 2 + machines/lasting-integrity/default.nix | 54 +++++++++++++++++++++ machines/lasting-integrity/hardware.nix | 62 ++++++++++++++++++++++++ machines/lasting-integrity/secret.nix | Bin 0 -> 1374 bytes machines/urithiru/default.nix | 54 +++++++++++++++++++++ machines/urithiru/hardware.nix | 62 ++++++++++++++++++++++++ machines/urithiru/secret.nix | Bin 0 -> 1374 bytes remote.sh | 5 ++ 8 files changed, 239 insertions(+) create mode 100644 machines/lasting-integrity/default.nix create mode 100644 machines/lasting-integrity/hardware.nix create mode 100644 machines/lasting-integrity/secret.nix create mode 100644 machines/urithiru/default.nix create mode 100644 machines/urithiru/hardware.nix create mode 100644 machines/urithiru/secret.nix create mode 100755 remote.sh diff --git a/flake.nix b/flake.nix index 6ebf07e1..f34b5d14 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,8 @@ nixosConfigurations = { kharbranth = mkSystem "x86_64-linux" "kharbranth"; kholinar = mkSystem "x86_64-linux" "kholinar"; + lasting-integrity = mkSystem "x86_64-linux" "lasting-integrity"; + urithiru = mkSystem "x86_64-linux" "urithiru"; }; }; } diff --git a/machines/lasting-integrity/default.nix b/machines/lasting-integrity/default.nix new file mode 100644 index 00000000..1eb2e0cc --- /dev/null +++ b/machines/lasting-integrity/default.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware.nix + ./secret.nix + ]; + + boot.loader = { + grub = { + enable = true; + efiSupport = true; + mirroredBoots = [ + { devices = [ "nodev" ]; path = "/boot/ESP0"; } + { devices = [ "nodev" ]; path = "/boot/ESP1"; } + ]; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/EFI"; + }; + }; + + time.timeZone = "Europe/Berlin"; + + networking = { + hostName = "lasting-integrity"; + hostId = "b352adfe"; + useDHCP = false; + interfaces = { + eno1.useDHCP = false; + eno2.useDHCP = false; + eno3.useDHCP = false; + eno4.useDHCP = false; + }; + }; + + users = { + mutableUsers = false; + defaultUserShell = pkgs.zsh; + users.charlotte = { + isNormalUser = true; + extraGroups = [ "wheel" "systemd-journal" ]; + }; + }; + + services.openssh.enable = true; + services.openssh.permitRootLogin = "prohibit-password"; + + services.zfs.autoScrub.enable = true; + services.zfs.trim.enable = true; + + system.stateVersion = "20.09"; +} diff --git a/machines/lasting-integrity/hardware.nix b/machines/lasting-integrity/hardware.nix new file mode 100644 index 00000000..0acf8b9e --- /dev/null +++ b/machines/lasting-integrity/hardware.nix @@ -0,0 +1,62 @@ +{ lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + kernelModules = [ ]; + postDeviceCommands = lib.mkAfter '' + zfs rollback -r zroot/local/root@blank + ''; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + supportedFilesystems = [ "zfs" ]; + }; + + fileSystems = { + "/" = { + device = "zroot/local/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "zroot/local/nix"; + fsType = "zfs"; + }; + "/nix/store" = { + device = "zroot/local/nix-store"; + fsType = "zfs"; + }; + "/data" = { + device = "zroot/safe/data"; + fsType = "zfs"; + }; + "/cache" = { + device = "zroot/safe/cache"; + fsType = "zfs"; + }; + "/srv/data" = { + device = "zdata/data"; + fsType = "zfs"; + }; + "/boot/ESP0" = { + device = "/dev/disk/by-uuid/BC0C-3065"; + fsType = "vfat"; + }; + "/boot/ESP1" = { + device = "/dev/disk/by-uuid/BC67-2D0D"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/7b9d63e0-5525-4022-9d1a-6c62d52dfb78"; } + { device = "/dev/disk/by-uuid/2602f9a5-c42a-4514-bc4a-30fbb2c08ee9"; } + { device = "/dev/disk/by-uuid/0f98f67f-227f-4a03-892d-d2dfd37e39ad"; } + { device = "/dev/disk/by-uuid/c7bd8b09-45cb-42cd-b355-1a1f2ebde6d4"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/machines/lasting-integrity/secret.nix b/machines/lasting-integrity/secret.nix new file mode 100644 index 0000000000000000000000000000000000000000..fdd368684065ad720d770af2354ad4925e1ee274 GIT binary patch literal 1374 zcmZQ@_Y83kiVO&0*y^(Lde!{N7o$oiUE6ufmoMr=obBbF&b60+9k{@@VbXSkYL;%n z&AC%=iwHTG1xQ~P>0_y>o5as0v-wB!JDy#M|6VwqPTsUCtTFBI>%VL!?@voOtPqW; ziZ0`_TD#=mi?klUpWhUW7cTdDS2nlzZpfLc6Fevij9H#B%==7{{LnYnGPbkwP}H^jx9G?LcbbJ{LZu-19Qq3FjG%4N%6 zp4;|;^~$R1x=EKpr`5jSs_qakd|6~~;c3PaHqMAgA`0H>U%tJqa$xFbmYUwNRatSO zLQ}?iADflmOeR{oC@k3YdooAmMX%WvOp9u(Z|-s_YKdL-b&7HvmsfrHw_wtmkm#rF`vL+KFSuzpY~wth zbMg7Pm{Nuh6(3KpSo!20OTo0V;Fh<(=fxEMOGIy;)O+7;{h~jQE(fKpe*ga6B=+pL zHzvILt|Yf)iRvtsZi680SJ&+scmE39lgVh3;!^5nEFxU_hU2ZujkC(y8vQa=lSyl@ zk(hn;-H+d`XKGz8bKmh6?rYE0ZOA?JZ_@d5t7CgK?=!~y-@p3yr_(j=lRv2HZ$9~K zTO8|_2|0_E_V4AXsg?Lq`7UHxz)Rig`EC0z1UFBAv`Q|^qjcNe)6Qc1(%5U>ioDg% znwP14?Z7EZJH}V*BX9C%+}*nMChtG5=k3Z-DrNI!6ouXGB7f!YKejVUU+21%(~R>C zTV5*$Dc^diSaZq#`A&_=+PRG0v%_|K&AGV#^^!<+`SgdPzc(#RTYvFo<;7cj_;i^=|!d4F%ox?qRBG1pb+Pi-$b7-vGs_%{yw=)Hph+Itjrzl|0u5=i(M9 z3;#bjs>nChRsViP-+6KAhH144q5*#GQHRd7KDv3qt@vA@@y}n^6u0VVU5P!nc-Ktb zSA2^uxc&X9$tq=Wo5?QGX8&=1*26CD8~0mZ3J<&Cc-#9OZ|tf!FRISlrhN$cx#V_f zq)1?qr%7*xmg`ohrDx`eipWp7V|}h=g6qMosYVYfdC#!eHR$Kwee^cY`r_peSNpFC zns}Z(FKgT@T(Ilbq~`|$?>>(FAtajQBp#Z*q&@d%tC*6VO;5p$U;){G8S^*=>@%N~ z|B#P06Wpw#81Ay+7`M6S3eq%zbD7jRn(A)!17^8ok&j892Y-zwzdeO52=NUrgGgvi#Q3 z<*q;Yyo;FEOs{a~lRFwbzE4SBhWx|i9r#G&0*l$^v3jol( BtDgV> literal 0 HcmV?d00001 diff --git a/machines/urithiru/default.nix b/machines/urithiru/default.nix new file mode 100644 index 00000000..9ef72d6f --- /dev/null +++ b/machines/urithiru/default.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware.nix + ./secret.nix + ]; + + boot.loader = { + grub = { + enable = true; + efiSupport = true; + mirroredBoots = [ + { devices = [ "nodev" ]; path = "/boot/ESP0"; } + { devices = [ "nodev" ]; path = "/boot/ESP1"; } + ]; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/EFI"; + }; + }; + + time.timeZone = "Europe/Berlin"; + + networking = { + hostName = "urithiru"; + hostId = "079e60ba"; + useDHCP = false; + interfaces = { + eno1.useDHCP = false; + eno2.useDHCP = false; + eno3.useDHCP = false; + eno4.useDHCP = false; + }; + }; + + users = { + mutableUsers = false; + defaultUserShell = pkgs.zsh; + users.charlotte = { + isNormalUser = true; + extraGroups = [ "wheel" "systemd-journal" ]; + }; + }; + + services.openssh.enable = true; + services.openssh.permitRootLogin = "prohibit-password"; + + services.zfs.autoScrub.enable = true; + services.zfs.trim.enable = true; + + system.stateVersion = "20.09"; +} diff --git a/machines/urithiru/hardware.nix b/machines/urithiru/hardware.nix new file mode 100644 index 00000000..67436165 --- /dev/null +++ b/machines/urithiru/hardware.nix @@ -0,0 +1,62 @@ +{ lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + kernelModules = [ ]; + postDeviceCommands = lib.mkAfter '' + zfs rollback -r zroot/local/root@blank + ''; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + supportedFilesystems = [ "zfs" ]; + }; + + fileSystems = { + "/" = { + device = "zroot/local/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "zroot/local/nix"; + fsType = "zfs"; + }; + "/nix/store" = { + device = "zroot/local/nix-store"; + fsType = "zfs"; + }; + "/data" = { + device = "zroot/safe/data"; + fsType = "zfs"; + }; + "/cache" = { + device = "zroot/safe/cache"; + fsType = "zfs"; + }; + "/srv/data" = { + device = "zdata/data"; + fsType = "zfs"; + }; + "/boot/ESP0" = { + device = "/dev/disk/by-uuid/6ED1-0638"; + fsType = "vfat"; + }; + "/boot/ESP1" = { + device = "/dev/disk/by-uuid/6F25-C8B8"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/2b90207f-2d08-49aa-8a05-2c98c59224c1"; } + { device = "/dev/disk/by-uuid/e0c10fec-cef8-43ac-8a41-905c9d50609f"; } + { device = "/dev/disk/by-uuid/860a9a86-7882-479c-8be8-f51a5edbf7f7"; } + { device = "/dev/disk/by-uuid/088f30de-c76d-4843-ac62-8442852b372d"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/machines/urithiru/secret.nix b/machines/urithiru/secret.nix new file mode 100644 index 0000000000000000000000000000000000000000..cd6eaead0b9bbd14dea3f7982be40a807979ada0 GIT binary patch literal 1374 zcmZQ@_Y83kiVO&0@PFgZyv;q8-=pS-aN-voTgij+%jER#-S69eFGG2ESIV{@X{Qf& zzh>x9y+yLZ|7t8cBY-cH=I?^^z&Z&@qXN&H{NP`KiH`x%!^Ri-%t z-_~u`UTPiK`l#OdtMsa_s@8yeTlr^9m0t9s>PL_@-vQ%((+9pUKOd{^i#~VYp6kZ4 zm73M||FqXe-hJoU@UgBkt?41xFSkv1=SOoMoX*yDYu4NaYx`wnY9Bil|CgK;6#ty1 z|KGw%(ut?OMe&A+{XHwSE#!=eLW-2HIDYeKce7#X~`gTr{m75;OJz$GC7Un$r-<#rq=K>!)T;JYFVrhBPHG4zo zb(6PT^BX%mFBCqh)V>y&T&l)!bCnfm^D%j!qlt48W`?ZJPJjD3o_o_W|KOm@SC`Bv zkF~CUv&y1pt<%1K_e$26o6NnKe+ZZ`l_>SAeW>=*rI%~&sDDe2^0+Yfx${mx=kWa%5xh$)bEiz=2>E?)+ewua zMdv&GqLbDn#~$C7@bW>B?$p}g2Ue<65?30&_^>r#YxBK=TTeXVt6QdJrTu6)uu$uo znvGAa$D}!5^CvyMAoz0G!5vdqXLp%N=ZMFJMLwIZ`gfo4t2mFj>)O`uR_L1HXXD;{ zZ2C1P*0r7i%vnyJw-+4Qth+AV&d9afcwq%^i}K?1Q>k-2zVloa+FY_X^RBb$qC;^^ z^=BvdPx&vf;;c_t+)s|Y#|$CqPk&BXd!)Iw^~po^8$VtIPP@53>x#@h>q{5?=f6{o zEh(P<$xXY!_e$rb56iOr)1wOC8TjPw@3&t1AT&+Z#vv|g^?sdu zk!+`X+o!nPuxYS4yGP-F{|?DZt-SXBGFEySvXzfS^_;!Twq;MBsaN~n{GICC!*37F zjao4G%`;DRhxnfn&r3J;=j5z5(VZoKJ}bH0e39^ydt1J_%-?u**|9&50~Y?7$hQAS zUBmvR4=V5NRWaEtn9-0^zvdjD?>_muZr{gO#imy7;+v~IW$uHI8eXygyDFG(%Sz8{ z$m{f$`L^D(gl*>WT#fHrI6wWk#=j@@ue6%2uCr2T#wJbEzfDo%s(rFb{)rzy9hh2u z!esH2H=C!+ubp6*eLt$u>XAXx_uVPB*2?!C{kk;Q_ca+*G2Z)EcJJZZn5FiSbB>rw z@J!u5-)Y9L9{HIjQ~LZ|)0_8xI3lq}e(j1A5=F0hj`=YBw4XJrt7p!l7jyW}scke% z6f)S>?wGox$mZ$xxdNI#Hxu`p9}<4a=*b`&{^?Ze;%7?&y8dVJZ`yrl7FVFc=d=}ompD(gZYDVh?tHa-3$^M({rB=G>!e#vz z`(3)&yI-GmWI4TX)!nF8*4eWvUg=TDQb$im$`+IHm4>_jZOUu7*Sh?l7Zt|sNk6z1$rR_8N)HJpAl$_d~ z2nmi;*;dm9z0FSip1syYOoFX_r$@G!Vg8)F71s;9pC4gy+roY@*SLk