khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat: initial NixOS support

Khue Doan a9c7b698 64540e14

+259
+19
infra/.modules/nixos/Makefile
··· 1 + .POSIX: 2 + 3 + .PHONY: * 4 + default: switch 5 + 6 + switch: 7 + sudo nixos-rebuild \ 8 + --flake '.#netamos' \ 9 + --impure \ 10 + switch 11 + 12 + update: 13 + nix flake update 14 + 15 + test: 16 + @nix \ 17 + --experimental-features 'nix-command flakes' \ 18 + run \ 19 + '.#nixosConfigurations.test.config.system.build.vmWithDisko'
+146
infra/.modules/nixos/configuration.nix
··· 1 + { config, pkgs, ... }: 2 + 3 + { 4 + disko.devices = { 5 + disk = { 6 + main = { 7 + type = "disk"; 8 + content = { 9 + type = "gpt"; 10 + partitions = { 11 + boot = { 12 + size = "1M"; 13 + type = "EF02"; # for grub MBR 14 + }; 15 + ESP = { 16 + size = "1G"; 17 + type = "EF00"; 18 + content = { 19 + type = "filesystem"; 20 + format = "vfat"; 21 + mountpoint = "/boot"; 22 + mountOptions = [ "umask=0077" ]; 23 + }; 24 + }; 25 + root = { 26 + size = "100%"; 27 + content = { 28 + type = "filesystem"; 29 + format = "ext4"; 30 + mountpoint = "/"; 31 + }; 32 + }; 33 + }; 34 + }; 35 + }; 36 + }; 37 + }; 38 + 39 + boot = { 40 + loader = { 41 + systemd-boot = { 42 + enable = true; 43 + }; 44 + efi = { 45 + canTouchEfiVariables = true; 46 + }; 47 + }; 48 + }; 49 + 50 + networking = { 51 + networkmanager = { 52 + enable = true; 53 + }; 54 + firewall = { 55 + # https://docs.k3s.io/installation/requirements#inbound-rules-for-k3s-server-nodes 56 + allowedTCPPorts = [ 57 + 6443 58 + 10250 59 + ]; 60 + allowedTCPPortRanges = [ 61 + { from = 2379; to = 2380; } 62 + ]; 63 + }; 64 + }; 65 + 66 + time.timeZone = "Asia/Ho_Chi_Minh"; 67 + i18n.defaultLocale = "en_US.UTF-8"; 68 + 69 + nix = { 70 + settings = { 71 + experimental-features = [ 72 + "nix-command" 73 + "flakes" 74 + ]; 75 + }; 76 + optimise.automatic = true; 77 + gc = { 78 + automatic = true; 79 + dates = "weekly"; 80 + options = "--delete-older-than 30d"; 81 + }; 82 + }; 83 + 84 + services = { 85 + openssh.enable = true; 86 + k3s = { 87 + enable = true; 88 + role = "server"; 89 + extraFlags = toString [ 90 + "--disable-helm-controller" 91 + "--disable-network-policy" 92 + "--disable=traefik" 93 + "--secrets-encryption=true" 94 + 95 + # TODO not sure why it doesn't play nice with the registry config below 96 + # "--snapshotter=stargz" 97 + 98 + # TODO if the node doesn't have IPv6, this will fail, so we can't enable by default yet 99 + # "--cluster-cidr=10.42.0.0/16,2001:cafe:42::/56" 100 + # "--service-cidr=10.43.0.0/16,2001:cafe:43::/112" 101 + ]; 102 + }; 103 + yggdrasil = { 104 + enable = true; 105 + persistentKeys = true; 106 + settings = { 107 + Peers = [ 108 + # https://publicpeers.neilalexander.dev 109 + "tls://sin.yuetau.net:6643" # Singapore 110 + "tls://mima.localghost.org:443" # Philippines 111 + "tls://133.18.201.69:54232" # Japan 112 + "tls://vpn.itrus.su:7992" # Netherlands 113 + "tls://ygg.jjolly.dev:3443" # United States 114 + ]; 115 + }; 116 + }; 117 + }; 118 + 119 + # TODO switch to services.k3s.registries https://github.com/NixOS/nixpkgs/pull/292023 120 + # Static ClusterIP so we can pull from the internal registry without going through an ingress for better performance 121 + # Alternatively this can be done by resolving DNS on the node via CoreDNS in some way, maybe via /etc/resolv.conf? 122 + # nix-shell -p dig --command "dig @10.43.0.10 zot.zot.svc.cluster.local" 123 + environment.etc."rancher/k3s/registries.yaml".text = '' 124 + mirrors: 125 + zot.zot.svc.cluster.local: 126 + endpoint: 127 + - http://10.43.0.50:5000 128 + ''; 129 + 130 + users.users.admin = { 131 + isNormalUser = true; 132 + description = "Admin"; 133 + extraGroups = [ 134 + "networkmanager" 135 + "wheel" 136 + ]; 137 + packages = with pkgs; [ 138 + neovim 139 + git 140 + gnumake 141 + tmux 142 + ]; 143 + }; 144 + 145 + system.stateVersion = "23.11"; 146 + }
+48
infra/.modules/nixos/flake.lock
··· 1 + { 2 + "nodes": { 3 + "disko": { 4 + "inputs": { 5 + "nixpkgs": [ 6 + "nixpkgs" 7 + ] 8 + }, 9 + "locked": { 10 + "lastModified": 1731274291, 11 + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", 12 + "owner": "nix-community", 13 + "repo": "disko", 14 + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", 15 + "type": "github" 16 + }, 17 + "original": { 18 + "owner": "nix-community", 19 + "repo": "disko", 20 + "type": "github" 21 + } 22 + }, 23 + "nixpkgs": { 24 + "locked": { 25 + "lastModified": 1731239293, 26 + "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", 27 + "owner": "NixOS", 28 + "repo": "nixpkgs", 29 + "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", 30 + "type": "github" 31 + }, 32 + "original": { 33 + "owner": "NixOS", 34 + "ref": "nixos-24.05", 35 + "repo": "nixpkgs", 36 + "type": "github" 37 + } 38 + }, 39 + "root": { 40 + "inputs": { 41 + "disko": "disko", 42 + "nixpkgs": "nixpkgs" 43 + } 44 + } 45 + }, 46 + "root": "root", 47 + "version": 7 48 + }
+31
infra/.modules/nixos/flake.nix
··· 1 + { 2 + description = "Netamos"; 3 + 4 + inputs = { 5 + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; 6 + disko = { 7 + url = "github:nix-community/disko"; 8 + inputs.nixpkgs.follows = "nixpkgs"; 9 + }; 10 + }; 11 + 12 + outputs = { self, nixpkgs, disko }: { 13 + nixosConfigurations = { 14 + netamos = nixpkgs.lib.nixosSystem { 15 + system = "x86_64-linux"; # TODO support multiple systems 16 + modules = [ 17 + disko.nixosModules.disko 18 + ./configuration.nix 19 + ]; 20 + }; 21 + test = nixpkgs.lib.nixosSystem { 22 + system = "x86_64-linux"; # TODO support multiple systems 23 + modules = [ 24 + disko.nixosModules.disko 25 + ./configuration.nix 26 + ./test.nix 27 + ]; 28 + }; 29 + }; 30 + }; 31 + }
+15
infra/.modules/nixos/test.nix
··· 1 + { modulesPath, ... }: 2 + 3 + { 4 + imports = [ 5 + (modulesPath + "/virtualisation/qemu-vm.nix") 6 + ]; 7 + 8 + disko.devices.disk.main.device = "/dev/sda"; 9 + users.users.admin = { 10 + password = "test"; 11 + }; 12 + virtualisation = { 13 + graphics = false; 14 + }; 15 + }