update various
This commit is contained in:
parent
29070dd277
commit
528fcce2d3
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
.DS_Store
|
||||
_scratch
|
||||
result
|
||||
|
150
bootstrap.sh
Executable file
150
bootstrap.sh
Executable file
@ -0,0 +1,150 @@
|
||||
#!/bin/sh
|
||||
|
||||
function cmd_image() {
|
||||
local usage="Usage: $0 image --name <image-name>"
|
||||
local name=""
|
||||
local remote=false
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--name)
|
||||
name="$2"
|
||||
shift 2
|
||||
;;
|
||||
--remote)
|
||||
remote=true
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo "$usage"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$name" ]; then
|
||||
echo "$usage"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Validate Config Exists
|
||||
if ! nix eval --json --impure \
|
||||
--experimental-features "nix-command flakes" \
|
||||
".#packages.x86_64-linux" \
|
||||
--apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then
|
||||
echo "Error: NixOS Generator Config '$name' not found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
build_args=(".#packages.x86_64-linux.$name")
|
||||
if [ "$remote" = true ]; then
|
||||
build_args+=("-j0")
|
||||
fi
|
||||
|
||||
if ! nix build "${build_args[@]}"; then
|
||||
echo "Error: Image build failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Successfully built image: $name"
|
||||
}
|
||||
|
||||
function cmd_install() {
|
||||
local usage="Usage: $0 install --name <system-name>"
|
||||
local name=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--name)
|
||||
name="$2"
|
||||
shift 2
|
||||
;;
|
||||
*)
|
||||
echo "$usage"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$name" ]; then
|
||||
echo "$usage"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Validate Config Exists
|
||||
if ! nix eval --json --impure \
|
||||
--experimental-features "nix-command flakes" \
|
||||
".#nixosConfigurations" \
|
||||
--apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then
|
||||
echo "Error: NixOS configuration '$name' not found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Validate mainDiskID Exists
|
||||
if ! disk_id=$(nix eval --raw --impure \
|
||||
--experimental-features "nix-command flakes" \
|
||||
".#nixosConfigurations.$name.config.mainDiskID" 2>/dev/null); then
|
||||
echo "Error: mainDiskID not defined for configuration '$name'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Validate Disk Exists
|
||||
if [ ! -e "$disk_id" ]; then
|
||||
echo "Error: Disk $disk_id not found on system"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Prompt Format
|
||||
read -p "This will format disk $disk_id. Continue? (y/n) " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
||||
echo "Operation Cancelled"
|
||||
exit 1
|
||||
fi
|
||||
echo "Formatting disk: $disk_id"
|
||||
|
||||
# Format Disk
|
||||
if ! sudo nix \
|
||||
--experimental-features "nix-command flakes" \
|
||||
run github:nix-community/disko -- \
|
||||
--mode disko \
|
||||
--flake "/etc/nixos#$name"; then
|
||||
echo "Error: Disk formatting failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Install NixOS
|
||||
echo "Installing $name to disk: $disk_id"
|
||||
if ! sudo nixos-install --flake "/etc/nixos#$name"; then
|
||||
echo "Error: NixOS installation failed"
|
||||
exit 1
|
||||
fi
|
||||
echo "Successfully installed $name to disk: $disk_id"
|
||||
|
||||
# Prompt Reboot
|
||||
read -p "Reboot? (y/n) " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
||||
echo "Operation Complete - Not Rebooting"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Reboot
|
||||
echo "Operation Complete - Rebooting"
|
||||
sudo reboot
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
image)
|
||||
shift
|
||||
cmd_image "$@"
|
||||
;;
|
||||
install)
|
||||
shift
|
||||
cmd_install "$@"
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {image|install} --name <name>"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
@ -24,7 +24,9 @@
|
||||
};
|
||||
in
|
||||
{
|
||||
# NixOS Generators
|
||||
packages.x86_64-linux = {
|
||||
# RKE2
|
||||
rke2-image = nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "vmware";
|
||||
@ -34,6 +36,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
# NixOS Configurations
|
||||
nixosConfigurations = {
|
||||
# LLaMA C++ Server
|
||||
lin-va-llama1 = mkSystem {
|
||||
@ -51,6 +54,12 @@
|
||||
hostName = "lin-va-nix-builder";
|
||||
mainDiskID = "/dev/xvda";
|
||||
enableXenGuest = true;
|
||||
network = {
|
||||
interface = "enX0";
|
||||
address = "10.0.50.130";
|
||||
defaultGateway = "10.0.50.254";
|
||||
nameservers = [ "10.0.50.254" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -2,4 +2,4 @@
|
||||
sshCommand = "ssh -i ~/Keys/work"
|
||||
|
||||
[user]
|
||||
email = evan@prophet.security
|
||||
email = evan@prophetsecurity.ai
|
||||
|
@ -4,8 +4,7 @@
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGGGpRpDQRstoqnCAQioSnh6PZRzNQL7lGJHksIkcoF evanreichard@Evans-MacBook-Pro.local"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
|
@ -140,7 +140,7 @@
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
@ -148,7 +148,6 @@
|
||||
# Add Symlinks Expected by Democratic
|
||||
system.activationScripts = {
|
||||
iscsi-initiator = ''
|
||||
# Democratic CSI Requirements
|
||||
mkdir -p /usr/bin
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
# Node Nix Config
|
||||
# NixOS Config
|
||||
options = {
|
||||
hostName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
@ -11,6 +11,35 @@
|
||||
default = false;
|
||||
description = "Whether to enable Xen guest support";
|
||||
};
|
||||
network = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
options = {
|
||||
interface = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Network interface name";
|
||||
example = "enp0s3";
|
||||
};
|
||||
address = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Static IP address";
|
||||
example = "10.0.20.200";
|
||||
};
|
||||
defaultGateway = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Default gateway IP";
|
||||
example = "10.0.20.254";
|
||||
};
|
||||
nameservers = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = "List of DNS servers";
|
||||
example = [ "10.0.20.254" "8.8.8.8" ];
|
||||
default = [ "8.8.8.8" "8.8.4.4" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
default = null;
|
||||
description = "Network configuration";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
@ -41,12 +70,24 @@
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
}
|
||||
|
||||
# Network Configuration
|
||||
(lib.mkIf (config.network != null) {
|
||||
networking = {
|
||||
inherit (config.network) defaultGateway nameservers;
|
||||
interfaces.${config.network.interface}.ipv4.addresses = [{
|
||||
inherit (config.network) address;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
})
|
||||
|
||||
# Xen Guest
|
||||
(lib.mkIf config.enableXenGuest {
|
||||
services.xe-guest-utilities.enable = true;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user