diff --git a/INSTALLING.md b/INSTALLING.md index 95dc57f..51d0f95 100644 --- a/INSTALLING.md +++ b/INSTALLING.md @@ -1,5 +1,52 @@ # Install +## Standard install (BIOS) + +``` +parted /dev/sda -- mklabel msdos +parted /dev/sda -- mkpart primary 1MiB -8GiB +parted /dev/sda -- mkpart primary linux-swap -8GiB 100% +mkfs.ext4 -L nixos /dev/sda1 +mkswap -L swap /dev/sda2 +mount /dev/disk/by-label/nixos /mnt +swapon /dev/sda2 +nixos-generate-config --root /mnt + +# Copy initial-config.nix to /etc/nixos/configuration.nix +# Uncomment BIOS section and comment the EFI section +# Also copy wpa_supplicant.conf in /etc if Wifi is needed +# /!\ Save hardware-configuration.nix to this repo! + +nixos-install +reboot +``` + +## Standard install (UEFI) + +``` +parted /dev/sda -- mklabel gpt +parted /dev/sda -- mkpart primary 512MiB -8GiB +parted /dev/sda -- mkpart primary linux-swap -8GiB 100% +parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB +parted /dev/sda -- set 3 boot on +mkfs.ext4 -L nixos /dev/sda1 +mkswap -L swap /dev/sda2 +mkfs.fat -F 32 -n boot /dev/sda3 +mount /dev/disk/by-label/nixos /mnt +mkdir -p /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot +swapon /dev/sda2 +nixos-generate-config --root /mnt + +# Copy initial-config.nix to /etc/nixos/configuration.nix +# Also copy wpa_supplicant.conf in /etc if Wifi is needed +# /!\ Save hardware-configuration.nix to this repo! + +nixos-install +reboot +``` + +## LVM/LUKS install This documentation describes how to install NixOS with LVM and LUKS. This is heavily based on [https://qfpl.io/posts/installing-nixos/](https://qfpl.io/posts/installing-nixos/). @@ -64,8 +111,8 @@ nixos-generate-config --root /mnt # Copy initial-config.nix to /etc/nixos/configuration.nix # Also copy wpa_supplicant.conf in /etc if Wifi is needed -# Edit initial-config.nix to uncomment LUKS section if needed -# If so, set correct Luks drive +# Edit initial-config.nix to uncomment LUKS section +# And set correct Luks drive # /!\ Save hardware-configuration.nix to this repo! # Install @@ -77,6 +124,7 @@ reboot # If no other device is available, go to the next step directly. ``` +## Post-install for PCs Everything should now be installed on the host. However, local deployement will not work as the github repo will not have been cloned, channels are not set and some local files might be missing. To do so, on the newly installed device: ``` @@ -94,7 +142,7 @@ sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable unstable; sud sudo nixos-rebuild switch ``` -# Mount from live +## Mount from live with LUKS ``` cryptsetup luksOpen /dev/sda2 nixos-enc lvscan diff --git a/dotfiles/emacs.d/init.el b/dotfiles/emacs.d/init.el index 839bd72..b825b64 100644 --- a/dotfiles/emacs.d/init.el +++ b/dotfiles/emacs.d/init.el @@ -39,9 +39,10 @@ (setq save-abbrevs 'silent) ;; Use use-package -(package-install 'use-package) -(eval-when-compile - (require 'use-package)) +(unless (package-installed-p 'use-package) + (package-refresh-contents) + (package-install 'use-package)) +(require 'use-package) ;; Install all packages if not installed (require 'use-package-ensure diff --git a/initial-config.nix b/initial-config.nix index d9a9544..2b585ed 100644 --- a/initial-config.nix +++ b/initial-config.nix @@ -15,6 +15,13 @@ # } #]; + # BIOS + #boot.loader.grub = { + # enable = true; + # version = 2; + # device = "/dev/sda"; + #}; + # UEFI boot.loader.systemd-boot.enable = true; # General settings @@ -60,7 +67,7 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dchSro0m3PmK0ZjxwRZ7kthxIzVU6T+apdG09/7vH/TS9UfoAB3fSUs80dplXB6UxzRmqNdqh5vHd9SUMre/S8NPmFCwwM98bqUNCNx6ZMwstSY/15PCVUkQk8fBXI4L/eUvYGpkBX3jjvqp75XWR8yIvx7l6189ljmt4Wrt1p6gUxJKRO8PjZxFHriAykNOC+MtOkjseT0iK//ij7XYj6zYq1fQLw92lB4AWgw3dvRmhag79yHeKVT2zCBD4zw8q9gAGIp6vc+5L3X/5q2i8wm9hh/TeBY3IhFOiMzzYbPMWIjsx4tk6iUv2Gtpdp/B0Nx/FnlEtS1MZeWfjwA6vQFWS/G/OPM2SHbUmzgJ4lufm2yEj67P0vGSPvHg7uonxhf5OVf8J+p8bmVC5s4SEG5aKuBN/+9El71joN7491+mEWGAl0PqJbDU5UEC6wYigx2wAUVtF3mB5QtbKiZ5UYVly/u+ejACr+K2651+EEAqjPx4xrRm9tlLn2LslMCuRQ2QDzOcl5iM3ZkCbAHIFS8ZGc94w84SNL22jV6kPLcrs8S5isO79cDYuxqUM/Aa3VpYuminpUFNEPYy25UjNtWZUFp2kef1JP9dAD27pWCW1Nlgc0SqmEusBsvflzdQmhvCZuBCU/Xy16WPb2WL8lxcCZVuQvcPKz3dgGQD5w== m-gregoire" ]; - system.stateVersion = "18.09"; + system.stateVersion = "19.03"; # For SSH # https://askubuntu.com/questions/54145/how-to-fix-strange-backspace-behaviour-with-urxvt-zsh diff --git a/modules/default.nix b/modules/default.nix index 5e387a9..d46aab4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -151,6 +151,38 @@ description = "Domain aliases"; }; }; + fenrir = { + ip.default = mkOption { + type = types.str; + example = "1.1.1.1"; + description = "Ip of the host"; + }; + ssh.port = mkOption { + type = types.port; + example = [ "22" ]; + description = "Specifies on which port the SSH daemon listens."; + }; + extraDomains = mkOption { + type = types.listOf types.str; + description = "Domain aliases"; + }; + }; + fenrirDocker = { + ip.default = mkOption { + type = types.str; + example = "1.1.1.1"; + description = "Ip of the host"; + }; + ssh.port = mkOption { + type = types.port; + example = [ "22" ]; + description = "Specifies on which port the SSH daemon listens."; + }; + extraDomains = mkOption { + type = types.listOf types.str; + description = "Domain aliases"; + }; + }; mimir = { ip = { default = mkOption { diff --git a/nixops/Fenrir.nix b/nixops/Fenrir.nix new file mode 100644 index 0000000..b965086 --- /dev/null +++ b/nixops/Fenrir.nix @@ -0,0 +1,10 @@ +{ + FenrirDocker = + { config, pkgs, ... }: + { + deployment = { + targetHost = "FenrirDocker"; + targetPort = config.resources.hosts.fenrirDocker.ssh.port; + }; + }; +} diff --git a/nixops/generateDeployment.sh b/nixops/generateDeployment.sh index 51c5ccb..99cb924 100755 --- a/nixops/generateDeployment.sh +++ b/nixops/generateDeployment.sh @@ -1,11 +1,20 @@ #!/usr/bin/env bash -nixops create home.nix Bur.nix Mimir.nix Skuld.nix -d home +nixops destroy -d home 2> /dev/null +nixops destroy -d cloud 2> /dev/null +nixops destroy -d pcs 2> /dev/null +nixops destroy -d servers 2> /dev/null +nixops delete -d home 2> /dev/null +nixops delete -d cloud 2> /dev/null +nixops delete -d pcs 2> /dev/null +nixops delete -d servers 2> /dev/null + +nixops create home.nix Bur.nix Mimir.nix Skuld.nix Fenrir.nix -d home nixops create cloud.nix Eldir.nix -d cloud nixops create pcs.nix Bur.nix Mimir.nix -d pcs -nixops create servers.nix Eldir.nix Skuld.nix -d servers +nixops create servers.nix Eldir.nix Skuld.nix Fenrir.nix -d servers -nixops deploy -d home -nixops deploy -d cloud -nixops deploy -d pcs -nixops deploy -d servers +#nixops deploy -d home +#nixops deploy -d cloud +#nixops deploy -d pcs +#nixops deploy -d servers diff --git a/nixops/home.nix b/nixops/home.nix index 901b6c0..6500df4 100644 --- a/nixops/home.nix +++ b/nixops/home.nix @@ -27,4 +27,13 @@ ../nixos/hosts/Skuld/configuration.nix ]; }; + + FenrirDocker = + { config, pkgs, ... }: + { + imports = + [ + ../nixos/hosts/FenrirDocker/configuration.nix + ]; + }; } diff --git a/nixops/servers.nix b/nixops/servers.nix index 0b07230..ad3a822 100644 --- a/nixops/servers.nix +++ b/nixops/servers.nix @@ -18,4 +18,13 @@ ../nixos/hosts/Skuld/configuration.nix ]; }; + + FenrirDocker = + { config, pkgs, ... }: + { + imports = + [ + ../nixos/hosts/FenrirDocker/configuration.nix + ]; + }; } diff --git a/nixos/common.nix b/nixos/common.nix index 345925d..2529230 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -39,7 +39,8 @@ nixpkgs.overlays = import ../nixpkgs/overlays.nix; networking.hostName = config.resources.hostname; - networking.nameservers = config.resources.networking.DNS; + # + networking.firewall.allowedTCPPorts = config.resources.networking.firewall.openTCPPorts; networking.firewall.allowedUDPPorts = config.resources.networking.firewall.openUDPPorts; diff --git a/nixos/dev/boot/grub-bios.nix b/nixos/dev/boot/grub-bios.nix new file mode 100644 index 0000000..70e7d53 --- /dev/null +++ b/nixos/dev/boot/grub-bios.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +{ + # BIOS + # General settings + boot.loader.timeout = 2; + # GRUB + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/sda"; + }; +} diff --git a/nixos/grub.nix b/nixos/dev/boot/grub-uefi.nix similarity index 100% rename from nixos/grub.nix rename to nixos/dev/boot/grub-uefi.nix diff --git a/nixos/systemd-boot.nix b/nixos/dev/boot/systemd-boot.nix similarity index 100% rename from nixos/systemd-boot.nix rename to nixos/dev/boot/systemd-boot.nix diff --git a/nixos/hosts/Bur/configuration.nix b/nixos/hosts/Bur/configuration.nix index e7c09fb..780c99e 100644 --- a/nixos/hosts/Bur/configuration.nix +++ b/nixos/hosts/Bur/configuration.nix @@ -3,15 +3,15 @@ { imports = [ - ./../../dev/luks.nix ../../../resources/hosts/Bur ../../../vendor/infrastructure-private/resources/hosts/Bur ../../common.nix ../../dev/bluetooth.nix + ../../dev/boot/grub-uefi.nix ../../dev/suspend.nix - ../../grub.nix ../../networks/home ../../profiles/PC + ./../../dev/luks.nix ./hardware-configuration.nix ]; diff --git a/nixos/hosts/FenrirDocker/configuration.nix b/nixos/hosts/FenrirDocker/configuration.nix new file mode 100644 index 0000000..dd98faa --- /dev/null +++ b/nixos/hosts/FenrirDocker/configuration.nix @@ -0,0 +1,36 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../../resources/hosts/FenrirDocker + ../../../vendor/infrastructure-private/resources/hosts/FenrirDocker + ../../common.nix + ../../dev/bluetooth.nix + ../../dev/boot/grub-bios.nix + ../../dev/nfs.nix + ../../dev/wireguard-server.nix + ../../networks/home + ../../profiles/Server + ./hardware-configuration.nix + ]; + + networking.firewall.allowedTCPPorts = [ config.resources.hosts.fenrirDocker.ssh.port ]; + services.openssh.ports = [ config.resources.hosts.fenrirDocker.ssh.port ]; + + networking.hosts = { + # This part is used to define custom DNS records by my PiHole + "${config.resources.hosts.bur.ip.default}" = [ "Bur" "${builtins.concatStringsSep " " config.resources.hosts.bur.extraDomains}" ]; + "${config.resources.hosts.eldir.ip.default}" = [ "Eldir" "${builtins.concatStringsSep " " config.resources.hosts.eldir.extraDomains}" ]; + "${config.resources.hosts.idunn.ip.default}" = [ "Idunn" "${builtins.concatStringsSep " " config.resources.hosts.idunn.extraDomains}" ]; + "${config.resources.hosts.mimir.ip.default}" = [ "Mimir" "${builtins.concatStringsSep " " config.resources.hosts.mimir.extraDomains}" ]; + "${config.resources.hosts.skuld.ip.default}" = [ "Skuld" "${builtins.concatStringsSep " " config.resources.hosts.skuld.extraDomains}" ]; + "${config.resources.hosts.fenrir.ip.default}" = [ "Fenrir" "${builtins.concatStringsSep " " config.resources.hosts.fenrir.extraDomains}" ]; + # Basic hostname already defined in the home profile + "${config.resources.hosts.beyla.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.beyla.extraDomains}" ]; + "${config.resources.hosts.octopi.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.octopi.extraDomains}" ]; + # Basic hostname binded to localhost + "${config.resources.hosts.fenrirDocker.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.fenrirDocker.extraDomains}" ]; + } // config.resources.hosts.extra; + + system.stateVersion = "19.09"; +} diff --git a/nixos/hosts/FenrirDocker/hardware-configuration.nix b/nixos/hosts/FenrirDocker/hardware-configuration.nix new file mode 100644 index 0000000..3d9ec24 --- /dev/null +++ b/nixos/hosts/FenrirDocker/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/95112719-5914-4701-b56f-55effa844554"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 1; +} diff --git a/nixos/hosts/Skuld/hassio.nix b/nixos/hosts/FenrirDocker/hassio.nix similarity index 100% rename from nixos/hosts/Skuld/hassio.nix rename to nixos/hosts/FenrirDocker/hassio.nix diff --git a/nixos/hosts/Mimir/configuration.nix b/nixos/hosts/Mimir/configuration.nix index 62acf76..b8b743f 100644 --- a/nixos/hosts/Mimir/configuration.nix +++ b/nixos/hosts/Mimir/configuration.nix @@ -3,16 +3,16 @@ { imports = [ - ./../../dev/luks.nix ../../../resources/hosts/Mimir ../../../vendor/infrastructure-private/resources/hosts/Mimir ../../common.nix ../../dev/bluetooth.nix + ../../dev/boot/grub-uefi.nix ../../dev/steam.nix ../../dev/virtualbox.nix - ../../grub.nix ../../networks/home ../../profiles/PC + ./../../dev/luks.nix ./hardware-configuration.nix ]; diff --git a/nixos/hosts/Skuld/configuration.nix b/nixos/hosts/Skuld/configuration.nix index 84927a2..f954a0a 100644 --- a/nixos/hosts/Skuld/configuration.nix +++ b/nixos/hosts/Skuld/configuration.nix @@ -6,11 +6,11 @@ ../../../vendor/infrastructure-private/resources/hosts/Skuld ../../common.nix ../../dev/bluetooth.nix + ../../dev/boot/systemd-boot.nix ../../dev/nfs.nix ../../dev/wireguard-server.nix ../../networks/home ../../profiles/Server - ../../systemd-boot.nix ./hardware-configuration.nix ./mail-server.nix ]; @@ -18,19 +18,6 @@ networking.firewall.allowedTCPPorts = [ config.resources.hosts.skuld.ssh.port ]; services.openssh.ports = [ config.resources.hosts.skuld.ssh.port ]; - networking.hosts = { - # This part is used to define custom DNS records by my Octopi - "${config.resources.hosts.bur.ip.default}" = [ "Bur" "${builtins.concatStringsSep " " config.resources.hosts.bur.extraDomains}" ]; - "${config.resources.hosts.eldir.ip.default}" = [ "Eldir" "${builtins.concatStringsSep " " config.resources.hosts.eldir.extraDomains}" ]; - "${config.resources.hosts.idunn.ip.default}" = [ "Idunn" "${builtins.concatStringsSep " " config.resources.hosts.idunn.extraDomains}" ]; - "${config.resources.hosts.mimir.ip.default}" = [ "Mimir" "${builtins.concatStringsSep " " config.resources.hosts.mimir.extraDomains}" ]; - # Basic hostname already defined in the home profile - "${config.resources.hosts.beyla.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.beyla.extraDomains}" ]; - "${config.resources.hosts.octopi.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.octopi.extraDomains}" ]; - # Basic hostname binded to localhost - "${config.resources.hosts.skuld.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.skuld.extraDomains}" ]; - } // config.resources.hosts.extra; - boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub.efiSupport = false; diff --git a/nixos/networks/cloud/default.nix b/nixos/networks/cloud/default.nix index dca5a20..25cac3b 100644 --- a/nixos/networks/cloud/default.nix +++ b/nixos/networks/cloud/default.nix @@ -4,4 +4,6 @@ imports = [ ../../../vendor/infrastructure-private/resources/networks/cloud/default.nix ]; + + networking.nameservers = config.resources.networking.DNS; } diff --git a/nixos/profiles/PC/default.nix b/nixos/profiles/PC/default.nix index de60ac4..7a834ba 100644 --- a/nixos/profiles/PC/default.nix +++ b/nixos/profiles/PC/default.nix @@ -7,7 +7,7 @@ ../../dev/3D.nix ../../dev/android.nix ../../dev/fwudp.nix - ../../dev/ipfs.nix + #../../dev/ipfs.nix ../../dev/openvpn-client.nix ../../dev/pam.nix ../../dev/teamviewer.nix @@ -54,6 +54,8 @@ # Non-PC hosts and non-localhost descriptor (MimirEth but not Mimir) networking.hosts = { "${config.resources.hosts.skuld.ip.default}" = [ "Skuld" ]; + "${config.resources.hosts.fenrir.ip.default}" = [ "Fenrir" ]; + "${config.resources.hosts.fenrirDocker.ip.default}" = [ "FenrirDocker" ]; "${config.resources.hosts.eldir.ip.default}" = [ "Eldir" ]; "${config.resources.hosts.idunn.ip.wifi}" = [ "IdunnWifi" (if config.resources.hosts.idunn.ip.wifi == config.resources.hosts.idunn.ip.default then "Idunn" else "") ]; "${config.resources.hosts.idunn.ip.eth}" = [ "IdunnEth" (if config.resources.hosts.idunn.ip.eth == config.resources.hosts.idunn.ip.default then "Idunn" else "") ]; diff --git a/nixos/profiles/PC/services.nix b/nixos/profiles/PC/services.nix index 95946a7..e2de03a 100644 --- a/nixos/profiles/PC/services.nix +++ b/nixos/profiles/PC/services.nix @@ -12,6 +12,9 @@ }; }; + # Unifi + services.unifi.enable = true; + # Smart card services.pcscd.enable = true; diff --git a/nixos/systemd-networkd.nix b/nixos/systemd-networkd.nix index a1b7996..fc7b49f 100644 --- a/nixos/systemd-networkd.nix +++ b/nixos/systemd-networkd.nix @@ -8,6 +8,8 @@ networking.wireless.enable = true; services.resolved.enable = true; + # /!\ DNS fallback is not a recovery DNS + # See https://github.com/systemd/systemd/issues/5771#issuecomment-296673115 services.resolved.extraConfig = '' FallbackDNS=${builtins.concatStringsSep " " config.resources.networking.fallbackDNS} ''; @@ -41,7 +43,7 @@ networkConfig.DHCP = "yes"; networkConfig.IPv6AcceptRA = true; dhcpConfig.Anonymize = true; - dhcpConfig.UseDNS = false; + dhcpConfig.UseDNS = true; dhcpConfig.UseHostname = false; dhcpConfig.UseNTP = false; }; @@ -56,7 +58,7 @@ networkConfig.DHCP = "yes"; networkConfig.IPv6AcceptRA = true; dhcpConfig.Anonymize = true; - dhcpConfig.UseDNS = false; + dhcpConfig.UseDNS = true; dhcpConfig.UseHostname = false; dhcpConfig.UseNTP = false; }; diff --git a/nixpkgs/overlays.nix b/nixpkgs/overlays.nix index 1aa9070..19b1305 100644 --- a/nixpkgs/overlays.nix +++ b/nixpkgs/overlays.nix @@ -10,6 +10,8 @@ inherit (unstable) docker emacs + # https://github.com/ValveSoftware/steam-for-linux/issues/6499#issuecomment-553607737 + steam ; }) ] diff --git a/resources/hosts/FenrirDocker/default.nix b/resources/hosts/FenrirDocker/default.nix new file mode 100644 index 0000000..da1271a --- /dev/null +++ b/resources/hosts/FenrirDocker/default.nix @@ -0,0 +1,11 @@ +{ config, lib,... }: + +{ + imports = [ + ../../common.nix + ]; + + config.resources = with lib; mapAttrs (_: v: mkDefault v) { + hostname = "FenrirDocker"; + }; +} diff --git a/scripts/polybar-spotify-controls b/scripts/polybar-spotify-controls index 8ead9b4..0cea920 160000 --- a/scripts/polybar-spotify-controls +++ b/scripts/polybar-spotify-controls @@ -1 +1 @@ -Subproject commit 8ead9b4e7655269141e890594994254aa657451b +Subproject commit 0cea920753f9cf744e05ab30471fff2072d7ad5b diff --git a/vendor/home-manager b/vendor/home-manager index 711109d..0f1c9f2 160000 --- a/vendor/home-manager +++ b/vendor/home-manager @@ -1 +1 @@ -Subproject commit 711109d468aa72d327dc1d2f8beabbfe6d061085 +Subproject commit 0f1c9f25cf03cd5ed62db05c461af7e13f84a7b6 diff --git a/vendor/infrastructure-private b/vendor/infrastructure-private index a87f5c9..01a6dbf 160000 --- a/vendor/infrastructure-private +++ b/vendor/infrastructure-private @@ -1 +1 @@ -Subproject commit a87f5c997f3dc645713fcf96372c1129c1e7a970 +Subproject commit 01a6dbf6ba18723e22712ac59508230498bb7661 diff --git a/vendor/nixpkgs-release b/vendor/nixpkgs-release index 5f7eae4..d1dff0b 160000 --- a/vendor/nixpkgs-release +++ b/vendor/nixpkgs-release @@ -1 +1 @@ -Subproject commit 5f7eae4bbb15ce7fa4da1984fd6ba5be7af50952 +Subproject commit d1dff0bcd9f8cd5cf8fca1ab8f08d55dff5c9c57