nixos-anywhere | cleanup and update

2025-12-19 07:54:42 -06:00 · 2025-12-19 07:54:42 -06:00 · 649c74ce60
commit 649c74ce60
parent 57a4119ff4
8 changed files with 117 additions and 347 deletions
--- a/nixos-anywhere/configuration-vm.nix
+++ b/nixos-anywhere/configuration-vm.nix
@ -1,46 +0,0 @@
-{ modulesPath, config, lib, pkgs, ... }: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    (modulesPath + "/profiles/qemu-guest.nix")
-    ./disk-config-vm.nix
-  ];
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [ "consoleblank=60" ];
-    loader = {
-      timeout = 10;
-      /* systemd-boot = {
-           enable = true;
-         };
-      */
-      grub = {
-        device = "nodev";
-        efiSupport = true;
-        efiInstallAsRemovable = true;
-        forceInstall = true;
-      };
-      efi = {
-        #canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-    plymouth = {
-      enable = true;
-      theme = "breeze";
-    };
-    kernel = { sysctl = { "vm.swappiness" = 10; }; };
-  };
-  services.openssh.enable = true;
-
-  environment.systemPackages =
-    map lib.lowPrio [ pkgs.curl pkgs.git pkgs.git-crypt ];
-
-  users.users.root = {
-    initialPassword = "changeme";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
-    ];
-  };
-
-  system.stateVersion = "24.11";
-}
--- a/nixos-anywhere/configuration-vps.nix
+++ b/nixos-anywhere/configuration-vps.nix
@ -1,57 +0,0 @@
-{ modulesPath, config, lib, pkgs, ... }: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    (modulesPath + "/profiles/qemu-guest.nix")
-    ./disk-config-vps.nix
-  ];
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [ "consoleblank=60" ];
-    loader = {
-      timeout = 10;
-      /* systemd-boot = {
-           enable = true;
-         };
-      */
-      grub = {
-        device = "nodev";
-        efiSupport = true;
-        efiInstallAsRemovable = true;
-        forceInstall = true;
-      };
-      efi = {
-        #canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-    plymouth = {
-      enable = true;
-      theme = "breeze";
-    };
-    kernel = { sysctl = { "vm.swappiness" = 10; }; };
-  };
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-  networking.enableIPv6 = true;
-  networking.useDHCP = false;
-  services.openssh.enable = true;
-
-  # Set your time zone.
-  time = {
-    timeZone = "America/Chicago";
-    hardwareClockInLocalTime = false;
-  };
-
-  environment.systemPackages =
-    map lib.lowPrio [ pkgs.curl pkgs.git pkgs.git-crypt ];
-
-  users.users.root = {
-    initialPassword = "changeme";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
-    ];
-  };
-
-  system.stateVersion = "24.11";
-}
--- a/nixos-anywhere/configuration.nix
+++ b/nixos-anywhere/configuration.nix
@ -1,57 +1,47 @@
-{ modulesPath, config, lib, pkgs, ... }: {
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+} @ args: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
  ];
-  disko.devices.disk.main.device = "/dev/sda";
-  boot = {
-    kernelPackages = pkgs.linuxPackages_zen;
-    kernelParams = [ "consoleblank=60" ];
-    # extraModulePackages = [config.boot.kernelPackages.ddcci-driver];
-    # kernelModules = ["i2c-dev" "ddcci_backlight"];
-    loader = if (pkgs.hostPlatform != lib.mkDefault "aarch64-linux") then {
-      systemd-boot = { enable = true; };
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    } else {
-      grub.enable = false;
-      generic-extlinux-compatible.enable = true;
-    };
-    plymouth = {
-      enable = true;
-      theme = "breeze";
-    };
-    kernel = { sysctl = { "vm.swappiness" = 10; }; };
+  boot.kernelParams = ["consoleblank=60"];
+  boot.plymouth = {
+    enable = true;
+    theme = "breeze";
+  };
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
  };
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-  networking.enableIPv6 = true;
-  networking.useDHCP = false;
  services.openssh.enable = true;

-  # Set your time zone.
  time = {
    timeZone = "America/Chicago";
    hardwareClockInLocalTime = false;
  };

-  environment.systemPackages =
-    map lib.lowPrio [ pkgs.curl pkgs.git pkgs.git-crypt ];
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.git
+    pkgs.git-crypt
+    pkgs.sops
+    pkgs.age
+  ];

-  users.users.root = {
-    initialPassword = "changeme";
-    openssh.authorizedKeys.keys = [
+  users.users.root.openssh.authorizedKeys.keys =
+    [
      "ssh-dss AAAAB3NzaC1kc3MAAACBAL/6Wxt6Rr9agFaw41WYMU6IoF3X1bpdrFSUJg+CgaIXEnHFZJgNhcGfoGMp9H1ikOy/yN5GDqsEuiDYlWu3Dild0Q8k1cDMiL4m/xUwLDgFByPBYZ2FlAikogFXm5cMLneD7jP82FZKa8YpTzmk78iGNCcCYdrZL+AWgfrKZJ0DAAAAFQC//npxf4/Pq/lKBZED/RLyYKm0qwAAAIEAr5q/6h03QE7cxE71VbpQlEQkDSBmOOxrvoDCKPAT4H9gZGW8PAuJ2MWl3VF1qWcq2BBLzJsPkbVC0BsjyohV2EJsQuf/EUixb6gldUSWL5wOlGBW1pzlMiJ+cTPYqXDS0bcwkrMWtBbUxKZt0dl+LV6q6FpT8QWvqY6dGkAccKwAAACAKDKIyHf7as7R0F0uwd++PW40+pesv48NQIOZOi7KpBeSyHvXFKFEv/thr1QWJaaLAm4PMRBoNq6tC11oRez5p5nSDmJO3HnZirALnmnBWZYPDkKGSONMF4jC0nAmQl3r0u3OwiwJO9MJjTOjy6G7U1j3T0Z3bOdPG1WUHiWAkYE= don@harper"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB/Rdi63nQcI3GTKxYniXoWibv08D/qoMUewHwqZb4VvSh2RWBVepjWBoehpqrDxr5oGLUP/tBv65KOACP7sRBJ8Bf8wiJTNxFOrJi9qYPta719hP1PVjZZ+PklgZcblO0kaPUVEwhVPvW89uNsL8u2niLQ+m5wt6SMp1LVjXLp4dvpzTj7nbVNkEa8Y55os3S+JuNjDlKT135+LRcn7yF1GUZJ2A6nAKJ+S7NPlJPaWfEUBISic5msn2ZPPyoOQvYZyfIwysdON2a6wBv8SFrHFT3CA+gkwJITcpVk+FB1Cnb476swYYbLSOzHmJmo/LG8Jpw6aZDbvYvocJn6qS8r6iFVHKfvyI9/EsHoEKYndJ4yJWfYijMTX3sm24/fxAVeo9/JHQFQf1JbYPm5QFDWZsSOYCYrQfkBr3NRFNxHT7BnbpD5SH73fiXWr3kWHJchl65kCl6Bp4w5JB4T0fef7V4YhJMh/gs0E1LuRmLP9hgNUCLg/v/1T0DRVaTuSNIJCgS96gWfwYeT8q09035P3G+Xa+Ppa7HS8GTSHQiv4BVMcBphcwexsE50WM9a0sYqLcseua5E68nVwU0s7DY6h/UmgcL3y/4mFCMkGeMffXPfjkz22l7GUOst4PhQkjFFqKt9goqWdw79pXG2HvvY4j4p/92E+NGLTbQCYuj duck@duckland.org 2020-21"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyDBNnaE5SWxVm0Sfum6n+q8Y8+AixsMV3qZNTbMITpAH9M4xvmVmtRLi9en+Nl6HDZG60yB/2woE5IdqmoYVF1Dtdl+E0UNepSlWdfkoqoxzt3xszzEL+aEmmC+nDUWGkE7YpHDX9KI49gJ8LNdQbc9LxLzZ0S93cTJH3D8GKD5ztE2523SAnO7hf3pU5wlSTDRXvyAEii/9MS1NARRXMWWLRRWxiECXGJs3KQm/QdN/M6mpz3KwpbNvUwJTs9G4sYLecL0LHepox3c8c7BAxjcxKgycnzWnFwfPLW/VwQ/n5N/AYaaN0oY31uFBg5dpTOJudxMWujewrtCnAYtYpU1R8b0FU18n677xF+Efsbgq+27A/nveMctg+3/TSVJbKsHyi18UMPc6V8ZmGkMJ7jcYU3F/VpzIrRoWpeMd9OgSQDi/q/DdblGf9PcdHll6mudeDkFWt95PIgLWoUFlWmfe7X+7BGHvtllIw2fUIpiAeKBG8NK1e25oKk4sKs9k= don@loki"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDC8G4NyTDMaIpzZLfBdsBLyL0DRB1BblrbXu2U6VENMslKe6BuJZ0JJgdpcaLTdNLjDklRuTGhbezf9CoCZffIszPXU6uHPSEmb/3y/J3wN4tJKlK2rgENMFMjy8VxOES17b+OcfluliWtxrkHylvnO0UJSFq9gfPXbgMZMhnemTnvMCICmmTd5OeJ+dOhlFW3b7QoaE5Eb98Z/2+DarSBCi0V4ESdufnpVa3NofCerZ56TumN9Lsl2X1qZKHearjRQ3XDObPJ6yaaoQ8pmJs2Tm1FVZJ8UMZL8/I5RtlWK1s/+fgwGIasGWvqKBLTZte5IY95/9FtCcloHYpTRmQnfoIly9ShetA6wsierhMu36G/GmD4813neo62Qh0wZq87/CwNjBW8A6E+J8R+oXBsdjaVT4SNqJZgpuuRit9Jp75Mb3Vmh/wnuD+AtLH7Kmu2kYA+xMvNYvLGEeObb6+HiUheCJhGxW+YRBh9COuxp6+77sitIZovROMimkdJimZ/grWCPSfz0PYbNfuWmu6udmAQOarZ7lhX2b0y/T3I+LP3yoxfAwTFyjjyxJuPRF2grDDEug9pG3EnJLUDAuXh5hSrf1TVg12KQ346+/gllJyQ92HW+0KW/jQV5PsGy6O4ySYSRRaSBkAzjxfDzByzSYDyqhAaINyVwRfKWscIxw== don@dragon"
-    ];
-  };
+    ]
+    ++ (args.extraPublicKeys or []); # this is used for unit-testing this module and can be removed if not needed

-  system.stateVersion = "24.11";
+  system.stateVersion = "25.11";
 }
--- a/nixos-anywhere/disk-config-t2.nix
+++ b/nixos-anywhere/disk-config-t2.nix
@ -1,53 +0,0 @@
-# Example to create a bios compatible gpt partition
-{ lib, ... }: {
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/mmcblk0";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [ "defaults" ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/nixos-anywhere/disk-config-vm.nix
+++ b/nixos-anywhere/disk-config-vm.nix
@ -1,53 +0,0 @@
-# Example to create a bios compatible gpt partition
-{ lib, ... }: {
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/vda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [ "defaults" ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/nixos-anywhere/disk-config-vps.nix
+++ b/nixos-anywhere/disk-config-vps.nix
@ -1,53 +0,0 @@
-# Example to create a bios compatible gpt partition
-{ lib, ... }: {
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/sda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [ "defaults" ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/nixos-anywhere/disk-config.nix
+++ b/nixos-anywhere/disk-config.nix
@ -2,37 +2,38 @@
 # Update devices to match your hardware.
 # {
 #  imports = [ ./disko-config.nix ];
-#  disko.devices.disk.main.device = "/dev/sda";
+#  disko.devices.disk1.main.device = "/dev/sda";
 # }
-{
+{lib, ...}: {
  disko.devices = {
-    disk = {
-      main = {
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            boot = {
-              size = "1M";
-              type = "EF02"; # for grub MBR
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
            };
-            ESP = {
-              size = "1G";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "umask=0077" ];
-              };
-            };
-            root = {
-              size = "100%";
-              content = {
-                type = "filesystem";
-                format = "ext4";
-                mountpoint = "/";
-              };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
            };
          };
        };
--- a/nixos-anywhere/flake.nix
+++ b/nixos-anywhere/flake.nix
@ -2,27 +2,68 @@
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
  inputs.disko.url = "github:nix-community/disko";
  inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
+  inputs.nixos-facter-modules.url = "github:numtide/nixos-facter-modules";

-  outputs = { nixpkgs, disko, ... }: {
-    nixosConfigurations.fred = nixpkgs.lib.nixosSystem {
-      stdenv.hostPlatform.system = "x86_64-linux";
-      modules = [ disko.nixosModules.disko ./configuration.nix ];
+  outputs =
+    {
+      nixpkgs,
+      disko,
+      nixos-facter-modules,
+      ...
+    }:
+    {
+      nixosConfigurations.hetzner-cloud = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./configuration.nix
+        ];
+      };
+      # tested with 2GB/2CPU droplet, 1GB droplets do not have enough RAM for kexec
+      nixosConfigurations.digitalocean = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./digitalocean.nix
+          disko.nixosModules.disko
+          { disko.devices.disk.disk1.device = "/dev/vda"; }
+          ./configuration.nix
+        ];
+      };
+      nixosConfigurations.hetzner-cloud-aarch64 = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./configuration.nix
+        ];
+      };
+
+      # Use this for all other targets
+      # nixos-anywhere --flake .#generic --generate-hardware-config nixos-generate-config ./hardware-configuration.nix <hostname>
+      nixosConfigurations.generic = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./configuration.nix
+          ./hardware-configuration.nix
+        ];
+      };
+
+      # Slightly experimental: Like generic, but with nixos-facter (https://github.com/numtide/nixos-facter)
+      # nixos-anywhere --flake .#generic-nixos-facter --generate-hardware-config nixos-facter facter.json <hostname>
+      nixosConfigurations.generic-nixos-facter = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./configuration.nix
+          nixos-facter-modules.nixosModules.facter
+          {
+            config.facter.reportPath =
+              if builtins.pathExists ./facter.json then
+                ./facter.json
+              else
+                throw "Have you forgotten to run nixos-anywhere with `--generate-hardware-config nixos-facter ./facter.json`?";
+          }
+        ];
+      };
    };
-    nixosConfigurations.book = nixpkgs.lib.nixosSystem {
-      stdenv.hostPlatform.system = "x86_64-linux";
-      modules = [ disko.nixosModules.disko ./configuration.nix ];
-    };
-    nixosConfigurations.t2 = nixpkgs.lib.nixosSystem {
-      stdenv.hostPlatform.system = "aarch64-linux";
-      modules = [ disko.nixosModules.disko ./configuration.nix ];
-    };
-    nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
-      stdenv.hostPlatform.system = "x86_64-linux";
-      modules = [ disko.nixosModules.disko ./configuration-vm.nix ];
-    };
-    nixosConfigurations.w2 = nixpkgs.lib.nixosSystem {
-      stdenv.hostPlatform.system = "x86_64-linux";
-      modules = [ disko.nixosModules.disko ./configuration-vps.nix ];
-    };
-  };
 }