evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

basic vmware gen

Browse Source
This commit is contained in:
Evan Reichard 2025-03-31 20:37:44 -04:00
parent dccbb234f2
commit 712d10cef3
6 changed files with 22 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -1,17 +1,24 @@
# Description
This repository contains the configuration for multiple machines, as well as my home / IDE config (home-manager).
It takes heavy inspiration from [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix).
## Home Manager
### NixOS
Utilizing [Home Manager](https://nix-community.github.io/home-manager/). Check out the [README.md](./home-manager/README.md).
```bash
## NixOS
```
### NixOS Generators
```bash
nix build .#packages.x86_64-linux.rke2-image
nix build .#vmwareConfigurations.rke2-node
```
### Home Manager
```bash
home-manager switch --flake .#evanreichard@MBP-Personal
```
### NixOS Hosts

125
flake.nix
View File

@ -52,130 +52,5 @@
sops-nix.nixosModules.sops
];
};
outputs-builder = channels: {
# Define packages using nixos-generators
packages.x86_64-linux = {
# VMware image
vmware-image = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "vmware";
modules = [
# Your VMware configuration
./hosts/vmware-image.nix
];
};
# Keep your other images
rke2-image = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "vmware";
modules = [
./hosts/rke2-image.nix
];
};
usb-image = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "raw-efi";
modules = [
./hosts/usb-image.nix
];
};
};
};
};
}
# outputs = { self, nixpkgs, disko, nixos-generators, apple-silicon }:
# let
# mkSystem = { systemConfig ? { }, moduleConfig }: nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# modules = [
# disko.nixosModules.disko
# ./lib/disk-config.nix
# ./lib/common-system.nix
# systemConfig
# ({ ... }: moduleConfig)
# ];
# };
# in
# {
# # NixOS Generators
# packages.x86_64-linux = {
# # RKE2
# rke2-image = nixos-generators.nixosGenerate {
# system = "x86_64-linux";
# format = "vmware";
# modules = [
# ./hosts/rke2-image.nix
# ];
# };
# usb-image = nixos-generators.nixosGenerate {
# system = "x86_64-linux";
# format = "raw-efi";
# modules = [
# ./hosts/usb-image.nix
# ];
# };
# };
# # NixOS Configurations
# nixosConfigurations = {
# # MBP NixOS Asahi
# mpb-asahi = nixpkgs.lib.nixosSystem {
# system = "aarch64-linux";
# modules = [
# apple-silicon.nixosModules.default
# ./hosts/mbp-asahi.nix
# ];
# };
# # Office Server (LLaMA / ADS-B)
# lin-va-office = mkSystem {
# systemConfig = ./hosts/office-server.nix;
# moduleConfig = {
# hostName = "lin-va-office";
# mainDiskID = "/dev/disk/by-id/ata-MTFDDAK512MBF-1AN1ZABHA_161212233628";
# network = {
# interface = "enp5s0";
# address = "10.0.50.120";
# defaultGateway = "10.0.50.254";
# nameservers = [ "10.0.50.254" ];
# };
# };
# };
# # Utility Room Desktop
# lin-va-utility = mkSystem {
# systemConfig = ./hosts/utility-desktop.nix;
# moduleConfig = {
# hostName = "lin-va-utility";
# mainDiskID = "/dev/disk/by-id/nvme-eui.0026b768429d3eb5";
# network = {
# interface = "eno1";
# address = "10.0.20.50";
# defaultGateway = "10.0.20.254";
# nameservers = [ "10.0.20.254" ];
# };
# };
# };
# # Nix Builder
# lin-va-nix-builder = mkSystem {
# systemConfig = ./hosts/builder.nix;
# moduleConfig = {
# hostName = "lin-va-nix-builder";
# mainDiskID = "/dev/xvda";
# enableXenGuest = true;
# network = {
# interface = "enX0";
# address = "10.0.50.130";
# defaultGateway = "10.0.50.254";
# nameservers = [ "10.0.50.254" ];
# };
# };
# };
# };
# };

14
modules/nixos/hardware/asahi/default.nix
View File

@ -1,6 +1,6 @@
{ config, lib, inputs, namespace, ... }:
let
inherit (lib) mkIf types;
inherit (lib) types optionalAttrs;
inherit (lib.${namespace}) mkOpt mkBoolOpt;
cfg = config.${namespace}.hardware.asahi;
@ -16,12 +16,12 @@ in
firmwareDirectory = mkOpt types.path null "firmware directory";
};
config = mkIf cfg.enable {
hardware = {
asahi = {
peripheralFirmwareDirectory = cfg.firmwareDirectory;
useExperimentalGPUDriver = cfg.enableGPU;
};
config = {
hardware.asahi = {
enable = cfg.enable;
} // optionalAttrs cfg.enable {
peripheralFirmwareDirectory = cfg.firmwareDirectory;
useExperimentalGPUDriver = cfg.enableGPU;
};
};
}

189
systems/x86_64-virtual/rke2-image.nix
View File

@ -1,189 +0,0 @@
{ pkgs, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
config = {
# Basic System
system.stateVersion = "24.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
time.timeZone = "UTC";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
autoResize = true;
};
boot = {
initrd = {
availableKernelModules = [
# Xen
"xen_blkfront"
"xen_netfront"
];
kernelModules = [ "xen_netfront" "xen_blkfront" ];
supportedFilesystems = [ "ext4" "xenfs" ];
};
kernelModules = [
# Xen VM Requirements
"xen_netfront"
"xen_blkfront"
"xenfs"
# iSCSI
"iscsi_tcp"
];
};
# Add Intel Arc A310 GPU Drivers
nixpkgs.config.allowUnfree = true;
hardware.enableRedistributableFirmware = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
libvdpau-va-gl
intel-vaapi-driver
intel-media-driver
intel-compute-runtime
intel-ocl
];
};
# Network Configuration
networking = {
hostName = lib.mkForce "";
useNetworkd = true;
useDHCP = false;
firewall = {
enable = true;
allowedTCPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
10250 # kubelet metrics
9099 # Canal CNI health checks
];
allowedUDPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
];
# Allow Multicast
extraCommands = ''
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
'';
};
};
services = {
# Enable Xen Guest Utilities
xe-guest-utilities.enable = true;
# Enable iSCSI
openiscsi = {
enable = true;
name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
};
# Cloud Init
cloud-init = {
enable = true;
network.enable = true;
settings = {
datasource_list = [ "NoCloud" ];
preserve_hostname = false;
system_info.distro = "nixos";
system_info.network.renderers = [ "networkd" ];
};
};
# Enable SSH
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
# Enable RKE2
rke2 = {
enable = true;
disable = [ "rke2-ingress-nginx" ];
};
};
systemd.services = {
# RKE2 - Wait Cloud Init
rke2-server = {
after = [ "cloud-final.service" ];
requires = [ "cloud-final.service" ];
};
# Runtime iSCSI Initiator Setup
iscsi-initiator-setup = {
description = "Setup iSCSI Initiator Name";
requires = [ "cloud-final.service" ];
before = [ "iscsid.service" ];
after = [ "cloud-final.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = [ pkgs.hostname pkgs.util-linux ];
script = ''
mkdir -p /run/iscsi
echo "InitiatorName=iqn.2025.org.nixos:$(hostname)" > /run/iscsi/initiatorname.iscsi
mount --bind /run/iscsi/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
'';
};
};
# User Authorized Keys
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
];
hashedPassword = null;
};
# Add Symlinks Expected by Democratic
system.activationScripts = {
iscsi-initiator = ''
mkdir -p /usr/bin
ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
'';
};
# System Packages
environment = {
systemPackages = with pkgs; [
htop
intel-gpu-tools
k9s
kubectl
kubernetes-helm
nfs-utils
openiscsi
tmux
vim
];
# Don't Manage - Runtime Generation
etc."iscsi/initiatorname.iscsi".enable = false;
};
};
}

46
systems/x86_64-virtual/usb-image.nix
View File

@ -1,46 +0,0 @@
{ pkgs, ... }:
{
# Basic System
system.stateVersion = "24.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
time.timeZone = "UTC";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
autoResize = true;
};
# SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
# Firewall Configuration
networking.firewall = {
enable = true;
allowedTCPPorts = [
22
];
};
# User Authorized Keys
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
];
hashedPassword = null;
};
# System Packages
environment.systemPackages = with pkgs; [
htop
tmux
vim
];
}

4
hosts/rke2-image.nix → systems/x86_64-vmware/rke2-node/default.nix Normal file → Executable file
View File

@ -4,6 +4,10 @@
(modulesPath + "/profiles/qemu-guest.nix")
];
config = {
reichard = {
nix.enable = false;
};
# Basic System
system.stateVersion = "24.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];