diff --git a/.gitignore b/.gitignore index 2837d05..62106e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .DS_Store _scratch +result diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..7732f64 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,150 @@ +#!/bin/sh + +function cmd_image() { + local usage="Usage: $0 image --name " + local name="" + local remote=false + + while [[ $# -gt 0 ]]; do + case "$1" in + --name) + name="$2" + shift 2 + ;; + --remote) + remote=true + shift + ;; + *) + echo "$usage" + exit 1 + ;; + esac + done + + if [ -z "$name" ]; then + echo "$usage" + exit 1 + fi + + # Validate Config Exists + if ! nix eval --json --impure \ + --experimental-features "nix-command flakes" \ + ".#packages.x86_64-linux" \ + --apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then + echo "Error: NixOS Generator Config '$name' not found" + exit 1 + fi + + build_args=(".#packages.x86_64-linux.$name") + if [ "$remote" = true ]; then + build_args+=("-j0") + fi + + if ! nix build "${build_args[@]}"; then + echo "Error: Image build failed" + exit 1 + fi + + echo "Successfully built image: $name" +} + +function cmd_install() { + local usage="Usage: $0 install --name " + local name="" + + while [[ $# -gt 0 ]]; do + case "$1" in + --name) + name="$2" + shift 2 + ;; + *) + echo "$usage" + exit 1 + ;; + esac + done + + if [ -z "$name" ]; then + echo "$usage" + exit 1 + fi + + # Validate Config Exists + if ! nix eval --json --impure \ + --experimental-features "nix-command flakes" \ + ".#nixosConfigurations" \ + --apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then + echo "Error: NixOS configuration '$name' not found" + exit 1 + fi + + # Validate mainDiskID Exists + if ! disk_id=$(nix eval --raw --impure \ + --experimental-features "nix-command flakes" \ + ".#nixosConfigurations.$name.config.mainDiskID" 2>/dev/null); then + echo "Error: mainDiskID not defined for configuration '$name'" + exit 1 + fi + + # Validate Disk Exists + if [ ! -e "$disk_id" ]; then + echo "Error: Disk $disk_id not found on system" + exit 1 + fi + + # Prompt Format + read -p "This will format disk $disk_id. Continue? (y/n) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + echo "Operation Cancelled" + exit 1 + fi + echo "Formatting disk: $disk_id" + + # Format Disk + if ! sudo nix \ + --experimental-features "nix-command flakes" \ + run github:nix-community/disko -- \ + --mode disko \ + --flake "/etc/nixos#$name"; then + echo "Error: Disk formatting failed" + exit 1 + fi + + # Install NixOS + echo "Installing $name to disk: $disk_id" + if ! sudo nixos-install --flake "/etc/nixos#$name"; then + echo "Error: NixOS installation failed" + exit 1 + fi + echo "Successfully installed $name to disk: $disk_id" + + # Prompt Reboot + read -p "Reboot? (y/n) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + echo "Operation Complete - Not Rebooting" + exit 0 + fi + + # Reboot + echo "Operation Complete - Rebooting" + sudo reboot +} + +case "$1" in + image) + shift + cmd_image "$@" + ;; + install) + shift + cmd_install "$@" + ;; + *) + echo "Usage: $0 {image|install} --name " + exit 1 + ;; +esac diff --git a/flake.nix b/flake.nix index fc2d444..72c8cdd 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,9 @@ }; in { + # NixOS Generators packages.x86_64-linux = { + # RKE2 rke2-image = nixos-generators.nixosGenerate { system = "x86_64-linux"; format = "vmware"; @@ -34,6 +36,7 @@ }; }; + # NixOS Configurations nixosConfigurations = { # LLaMA C++ Server lin-va-llama1 = mkSystem { @@ -51,6 +54,12 @@ hostName = "lin-va-nix-builder"; mainDiskID = "/dev/xvda"; enableXenGuest = true; + network = { + interface = "enX0"; + address = "10.0.50.130"; + defaultGateway = "10.0.50.254"; + nameservers = [ "10.0.50.254" ]; + }; }; }; }; diff --git a/home-manager/git/config/work b/home-manager/git/config/work index 426f3e9..5e6bb24 100644 --- a/home-manager/git/config/work +++ b/home-manager/git/config/work @@ -2,4 +2,4 @@ sshCommand = "ssh -i ~/Keys/work" [user] - email = evan@prophet.security + email = evan@prophetsecurity.ai diff --git a/hosts/builder.nix b/hosts/builder.nix index db2bf10..e2fdb62 100644 --- a/hosts/builder.nix +++ b/hosts/builder.nix @@ -4,8 +4,7 @@ # User Authorized Keys users.users.root = { openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGGGpRpDQRstoqnCAQioSnh6PZRzNQL7lGJHksIkcoF evanreichard@Evans-MacBook-Pro.local" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard" ]; hashedPassword = null; }; diff --git a/hosts/rke2-image.nix b/hosts/rke2-image.nix index 7f82a0a..8e1cb76 100644 --- a/hosts/rke2-image.nix +++ b/hosts/rke2-image.nix @@ -140,7 +140,7 @@ # User Authorized Keys users.users.root = { openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard" ]; hashedPassword = null; }; @@ -148,7 +148,6 @@ # Add Symlinks Expected by Democratic system.activationScripts = { iscsi-initiator = '' - # Democratic CSI Requirements mkdir -p /usr/bin ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid diff --git a/lib/common-system.nix b/lib/common-system.nix index 33ac408..9bed555 100644 --- a/lib/common-system.nix +++ b/lib/common-system.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - # Node Nix Config + # NixOS Config options = { hostName = lib.mkOption { type = lib.types.str; @@ -11,6 +11,35 @@ default = false; description = "Whether to enable Xen guest support"; }; + network = lib.mkOption { + type = lib.types.submodule { + options = { + interface = lib.mkOption { + type = lib.types.str; + description = "Network interface name"; + example = "enp0s3"; + }; + address = lib.mkOption { + type = lib.types.str; + description = "Static IP address"; + example = "10.0.20.200"; + }; + defaultGateway = lib.mkOption { + type = lib.types.str; + description = "Default gateway IP"; + example = "10.0.20.254"; + }; + nameservers = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "List of DNS servers"; + example = [ "10.0.20.254" "8.8.8.8" ]; + default = [ "8.8.8.8" "8.8.4.4" ]; + }; + }; + }; + default = null; + description = "Network configuration"; + }; }; config = lib.mkMerge [ @@ -41,12 +70,24 @@ # User Authorized Keys users.users.root = { openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard" ]; hashedPassword = null; }; } + # Network Configuration + (lib.mkIf (config.network != null) { + networking = { + inherit (config.network) defaultGateway nameservers; + interfaces.${config.network.interface}.ipv4.addresses = [{ + inherit (config.network) address; + prefixLength = 24; + }]; + }; + }) + + # Xen Guest (lib.mkIf config.enableXenGuest { services.xe-guest-utilities.enable = true;