diff --git a/README.md b/README.md index 8bd8e8c..c9021cf 100644 --- a/README.md +++ b/README.md @@ -43,3 +43,4 @@ Below is a table of all hosts, with links to their respective README files, whic | `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) | | `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | | `himalia` | [hosts/himalia/README.md](./hosts/himalia/README.md) | +| `jupiter` | [hosts/jupiter/README.md](./hosts/jupiter/README.md) | diff --git a/flake.nix b/flake.nix index 7357ab7..8778c2f 100644 --- a/flake.nix +++ b/flake.nix @@ -154,6 +154,12 @@ modules = [ ./hosts/himalia ]; specialArgs = { inherit inputs system; }; }; + + jupiter = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ ./hosts/jupiter ]; + specialArgs = { inherit inputs system; }; + }; }; } // inputs.flake-utils.lib.eachSystem [ "x86_64-linux" ] ( diff --git a/hosts/common/configs/system/ssh/default.nix b/hosts/common/configs/system/ssh/default.nix index 0582eaf..a6dd5fb 100644 --- a/hosts/common/configs/system/ssh/default.nix +++ b/hosts/common/configs/system/ssh/default.nix @@ -5,5 +5,6 @@ eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub; + jupiter.publicKeyFile = ../../../../jupiter/secrets/ssh_host_ed25519_key.pub; }; } diff --git a/hosts/eirene/users/nick/configs/console/ssh/default.nix b/hosts/eirene/users/nick/configs/console/ssh/default.nix index 0c5000a..daa0f8e 100644 --- a/hosts/eirene/users/nick/configs/console/ssh/default.nix +++ b/hosts/eirene/users/nick/configs/console/ssh/default.nix @@ -17,6 +17,16 @@ in "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; }; - programs.clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; + programs = { + ssh.matchBlocks = { + "karaolidis.com" = { + hostname = "karaolidis.com"; + user = "nick"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + }; + + clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; + }; }; } diff --git a/hosts/elara/users/nikara/configs/console/ssh/default.nix b/hosts/elara/users/nikara/configs/console/ssh/default.nix index 2733836..96773ba 100644 --- a/hosts/elara/users/nikara/configs/console/ssh/default.nix +++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix @@ -53,6 +53,12 @@ in programs = { ssh = { matchBlocks = { + "karaolidis.com" = { + hostname = "karaolidis.com"; + user = "nick"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + "cldlgn.fyi.sas.com" = { inherit user; hostname = "cldlgn.fyi.sas.com"; diff --git a/hosts/installer/users/nick/configs/console/ssh/default.nix b/hosts/installer/users/nick/configs/console/ssh/default.nix index a609011..9093627 100644 --- a/hosts/installer/users/nick/configs/console/ssh/default.nix +++ b/hosts/installer/users/nick/configs/console/ssh/default.nix @@ -4,13 +4,22 @@ }: { ... }: { - home-manager.users.${user}.sops.secrets = { - "ssh/key" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_personal_ed25519_key"; + home-manager.users.${user} = { + sops.secrets = { + "ssh/key" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + + "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; }; - "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - + programs.ssh.matchBlocks = { + "karaolidis.com" = { + hostname = "karaolidis.com"; + user = "nick"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + }; }; } diff --git a/hosts/jupiter/README.md b/hosts/jupiter/README.md new file mode 100644 index 0000000..d62e953 --- /dev/null +++ b/hosts/jupiter/README.md @@ -0,0 +1,26 @@ +# jupiter + +## Post-Install Checklist + +## RAID Management + +Remember to update [format.nix](format.nix). + +### Adding a new drive + +``` +parted /dev/sdd -- mklabel gpt +parted /dev/sdd -- mkpart primary 0% 100% +cryptsetup luksFormat /dev/sdd +cryptsetup open /dev/sdd storage2 +btrfs device add /dev/mapper/storage2 /mnt/storage +btrfs balance start -dconvert=raid1 -mconvert=raid1 /mnt/storage +``` + +### Removing an old drive + +``` +sudo btrfs device remove /dev/mapper/storage1 /mnt/storage +btrfs balance start -dconvert=raid1 -mconvert=raid1 /mnt/storage +sudo cryptsetup close storage1 +``` diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix new file mode 100644 index 0000000..09a00ac --- /dev/null +++ b/hosts/jupiter/default.nix @@ -0,0 +1,54 @@ +{ lib, inputs, ... }: +{ + imports = [ + ../../lib + + inputs.disko.nixosModules.disko + ./format.nix + + ./hardware + + ../common/configs/system/boot + ../common/configs/system/btrfs + ../common/configs/system/documentation + ../common/configs/system/git + ../common/configs/system/impermanence + ../common/configs/system/neovim + ../common/configs/system/networkmanager + ../common/configs/system/nix + ../common/configs/system/nix-cleanup + ../common/configs/system/nixpkgs + ../common/configs/system/ntp + ../common/configs/system/podman + ../common/configs/system/smartmontools + ../common/configs/system/sops + ../common/configs/system/sshd + ../common/configs/system/sudo + ../common/configs/system/system + ../common/configs/system/users + ../common/configs/system/zsh + + ./users/storm + ./users/nick + ]; + + fileSystems."/mnt/storage" = { + label = "storage"; + fsType = "btrfs"; + options = [ + "x-initrd.mount" + "defaults" + "subvol=@" + "compress=zstd:5" + "noatime" + ]; + }; + + networking = { + hostName = "jupiter"; + extraHosts = lib.strings.concatStringsSep "\n" [ "127.0.0.1 karaolidis.local" ]; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + sops.defaultSopsFile = ./secrets/secrets.yaml; +} diff --git a/hosts/jupiter/format.nix b/hosts/jupiter/format.nix new file mode 100644 index 0000000..e9a1175 --- /dev/null +++ b/hosts/jupiter/format.nix @@ -0,0 +1,137 @@ +{ + disko.devices = { + disk = { + main = { + # TODO: Set to correct device + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "esp"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + # TODO: Set correct swap size and enable + # swap = { + # name = "swap"; + # size = "64G"; + # content = { + # type = "swap"; + # resumeDevice = true; + # }; + # }; + root = { + name = "root"; + size = "100%"; + content = { + name = "main"; + type = "luks"; + passwordFile = "/tmp/keyfile"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = + let + mountOptions = [ + "compress=zstd:1" + "noatime" + ]; + in + { + "@" = { + mountpoint = "/"; + inherit mountOptions; + }; + "@persist" = { + mountpoint = "/persist"; + inherit mountOptions; + }; + "@nix" = { + mountpoint = "/nix"; + inherit mountOptions; + }; + "@cache" = { + mountpoint = "/cache"; + inherit mountOptions; + }; + }; + }; + }; + }; + }; + }; + }; + + storage0 = { + # TODO: Set to correct device + device = "/dev/vdb"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + root = { + name = "root"; + size = "100%"; + content = { + name = "storage0"; + type = "luks"; + passwordFile = "/tmp/keyfile"; + settings = { + allowDiscards = true; + }; + }; + }; + }; + }; + }; + + storage1 = { + # TODO: Set to correct device + device = "/dev/vdc"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + root = { + name = "root"; + size = "100%"; + content = { + name = "storage1"; + type = "luks"; + passwordFile = "/tmp/keyfile"; + settings = { + allowDiscards = true; + }; + + # storageN content must be placed on last alphabetical drive + content = { + type = "btrfs"; + extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; + subvolumes = { + "@" = { }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/jupiter/hardware/default.nix b/hosts/jupiter/hardware/default.nix new file mode 100644 index 0000000..bc78652 --- /dev/null +++ b/hosts/jupiter/hardware/default.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + # TODO Remove + hardware.enableAllHardware = true; + + # TODO Update + boot.initrd.kernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "virtio_blk" + "virtio_console" + "sd_mod" + ]; + + services.fstrim.enable = true; +} diff --git a/hosts/jupiter/secrets/ssh_host_ed25519_key.pub b/hosts/jupiter/secrets/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..f229419 --- /dev/null +++ b/hosts/jupiter/secrets/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQoqvM5g/0e/UAH+GHsp0IegTd+Y1WZ+H5TRvypUv03 root@jupiter diff --git a/hosts/jupiter/users/nick/default.nix b/hosts/jupiter/users/nick/default.nix new file mode 100644 index 0000000..324bbe2 --- /dev/null +++ b/hosts/jupiter/users/nick/default.nix @@ -0,0 +1,62 @@ +{ config, lib, ... }: +let + # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 + # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 + user = "nick"; + home = "/home/nick"; +in +{ + imports = [ + ../../../common/configs/user/options.nix + + (import ../../../common/configs/user/console/btop { inherit user home; }) + (import ../../../common/configs/user/console/dive { inherit user home; }) + (import ../../../common/configs/user/console/fastfetch { inherit user home; }) + (import ../../../common/configs/user/console/git { inherit user home; }) + (import ../../../common/configs/user/console/home-manager { inherit user home; }) + (import ../../../common/configs/user/console/ip { inherit user home; }) + (import ../../../common/configs/user/console/jq { inherit user home; }) + (import ../../../common/configs/user/console/lsof { inherit user home; }) + (import ../../../common/configs/user/console/ncdu { inherit user home; }) + (import ../../../common/configs/user/console/neovim { inherit user home; }) + (import ../../../common/configs/user/console/nix { inherit user home; }) + (import ../../../common/configs/user/console/nix-cleanup { inherit user home; }) + (import ../../../common/configs/user/console/nix-direnv { inherit user home; }) + (import ../../../common/configs/user/console/podman { inherit user home; }) + (import ../../../common/configs/user/console/ranger { inherit user home; }) + (import ../../../common/configs/user/console/sops { inherit user home; }) + (import ../../../common/configs/user/console/tmux { inherit user home; }) + (import ../../../common/configs/user/console/tree { inherit user home; }) + (import ../../../common/configs/user/console/unzip { inherit user home; }) + (import ../../../common/configs/user/console/wget { inherit user home; }) + (import ../../../common/configs/user/console/xdg { inherit user home; }) + (import ../../../common/configs/user/console/zsh { inherit user home; }) + ]; + + # echo "password" | mkpasswd -s + sops.secrets."${user}-password" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "password"; + neededForUsers = true; + }; + + users.users.${user} = { + inherit home; + isNormalUser = true; + email = "nick@karaolidis.com"; + fullName = "Nikolaos Karaolidis"; + description = "Nikolaos Karaolidis"; + hashedPasswordFile = config.sops.secrets."${user}-password".path; + extraGroups = [ "wheel" ]; + linger = true; + uid = lib.strings.toInt (builtins.readFile ./uid); + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" + ]; + }; + + home-manager.users.${user}.home = { + username = user; + homeDirectory = home; + }; +} diff --git a/hosts/jupiter/users/nick/uid b/hosts/jupiter/users/nick/uid new file mode 100644 index 0000000..83b33d2 --- /dev/null +++ b/hosts/jupiter/users/nick/uid @@ -0,0 +1 @@ +1000 diff --git a/hosts/jupiter/users/storm/default.nix b/hosts/jupiter/users/storm/default.nix new file mode 100644 index 0000000..b7fa8f0 --- /dev/null +++ b/hosts/jupiter/users/storm/default.nix @@ -0,0 +1,33 @@ +{ lib, ... }: +let + # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 + # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 + user = "storm"; + home = "/home/storm"; +in +{ + imports = [ + ../../../common/configs/user/options.nix + + (import ../../../common/configs/user/console/home-manager { inherit user home; }) + (import ../../../common/configs/user/console/podman { inherit user home; }) + (import ../../../common/configs/user/console/sops { inherit user home; }) + ]; + + users.users.${user} = { + inherit home; + createHome = true; + isSystemUser = true; + description = "Container Runner"; + linger = true; + uid = lib.strings.toInt (builtins.readFile ./uid); + group = user; + }; + + users.groups.${user}.gid = lib.strings.toInt (builtins.readFile ./uid); + + home-manager.users.${user}.home = { + username = user; + homeDirectory = home; + }; +} diff --git a/hosts/jupiter/users/storm/uid b/hosts/jupiter/users/storm/uid new file mode 100644 index 0000000..a6905f8 --- /dev/null +++ b/hosts/jupiter/users/storm/uid @@ -0,0 +1 @@ +999 diff --git a/lib/scripts/add-host.sh b/lib/scripts/add-host.sh index d761533..38ae5a8 100755 --- a/lib/scripts/add-host.sh +++ b/lib/scripts/add-host.sh @@ -190,12 +190,19 @@ cat < "./hosts/$host/README.md" # $host EOF +sed -i "/nixosConfigurations = {/a\\ + $host = nixpkgs.lib.nixosSystem rec {\\ + system = \"x86_64-linux\";\\ + modules = [ ./hosts/$host ];\\ + specialArgs = { inherit inputs system; };\\ + };\n\n" flake.nix + +sed -i "/knownHosts = {/a\\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix + new_entry="| \`$host\` | [hosts/$host/README.md](./hosts/$host/README.md) |" last_table_line=$(grep -n "^| " README.md | tail -n 1 | cut -d: -f1) sed -i "${last_table_line}a$new_entry" README.md -sed -i "/knownHosts = {/a\\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix - nix fmt echo "Host $host has been successfully added." diff --git a/lib/scripts/remove-host.sh b/lib/scripts/remove-host.sh index bea931e..6722c8f 100755 --- a/lib/scripts/remove-host.sh +++ b/lib/scripts/remove-host.sh @@ -19,6 +19,7 @@ find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do done sed -i "/$host/d" ./hosts/common/configs/system/ssh/default.nix +sed -i "/$host = nixpkgs.lib.nixosSystem rec {/,/^[[:space:]]*};/d" flake.nix sed -i "/$host/d" ./README.md rm -rf "./hosts/$host"