basic vmware gen
This commit is contained in:
parent
dccbb234f2
commit
712d10cef3
15
README.md
15
README.md
@ -1,17 +1,24 @@
|
||||
# Description
|
||||
|
||||
This repository contains the configuration for multiple machines, as well as my home / IDE config (home-manager).
|
||||
It takes heavy inspiration from [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix).
|
||||
|
||||
## Home Manager
|
||||
### NixOS
|
||||
|
||||
Utilizing [Home Manager](https://nix-community.github.io/home-manager/). Check out the [README.md](./home-manager/README.md).
|
||||
```bash
|
||||
|
||||
## NixOS
|
||||
```
|
||||
|
||||
### NixOS Generators
|
||||
|
||||
```bash
|
||||
nix build .#packages.x86_64-linux.rke2-image
|
||||
nix build .#vmwareConfigurations.rke2-node
|
||||
```
|
||||
|
||||
### Home Manager
|
||||
|
||||
```bash
|
||||
home-manager switch --flake .#evanreichard@MBP-Personal
|
||||
```
|
||||
|
||||
### NixOS Hosts
|
||||
|
125
flake.nix
125
flake.nix
@ -52,130 +52,5 @@
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
|
||||
outputs-builder = channels: {
|
||||
# Define packages using nixos-generators
|
||||
packages.x86_64-linux = {
|
||||
# VMware image
|
||||
vmware-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "vmware";
|
||||
modules = [
|
||||
# Your VMware configuration
|
||||
./hosts/vmware-image.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Keep your other images
|
||||
rke2-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "vmware";
|
||||
modules = [
|
||||
./hosts/rke2-image.nix
|
||||
];
|
||||
};
|
||||
|
||||
usb-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "raw-efi";
|
||||
modules = [
|
||||
./hosts/usb-image.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
# outputs = { self, nixpkgs, disko, nixos-generators, apple-silicon }:
|
||||
# let
|
||||
# mkSystem = { systemConfig ? { }, moduleConfig }: nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# modules = [
|
||||
# disko.nixosModules.disko
|
||||
# ./lib/disk-config.nix
|
||||
# ./lib/common-system.nix
|
||||
# systemConfig
|
||||
# ({ ... }: moduleConfig)
|
||||
# ];
|
||||
# };
|
||||
# in
|
||||
# {
|
||||
# # NixOS Generators
|
||||
# packages.x86_64-linux = {
|
||||
# # RKE2
|
||||
# rke2-image = nixos-generators.nixosGenerate {
|
||||
# system = "x86_64-linux";
|
||||
# format = "vmware";
|
||||
# modules = [
|
||||
# ./hosts/rke2-image.nix
|
||||
# ];
|
||||
# };
|
||||
|
||||
# usb-image = nixos-generators.nixosGenerate {
|
||||
# system = "x86_64-linux";
|
||||
# format = "raw-efi";
|
||||
# modules = [
|
||||
# ./hosts/usb-image.nix
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# # NixOS Configurations
|
||||
# nixosConfigurations = {
|
||||
# # MBP NixOS Asahi
|
||||
# mpb-asahi = nixpkgs.lib.nixosSystem {
|
||||
# system = "aarch64-linux";
|
||||
# modules = [
|
||||
# apple-silicon.nixosModules.default
|
||||
# ./hosts/mbp-asahi.nix
|
||||
# ];
|
||||
# };
|
||||
|
||||
# # Office Server (LLaMA / ADS-B)
|
||||
# lin-va-office = mkSystem {
|
||||
# systemConfig = ./hosts/office-server.nix;
|
||||
# moduleConfig = {
|
||||
# hostName = "lin-va-office";
|
||||
# mainDiskID = "/dev/disk/by-id/ata-MTFDDAK512MBF-1AN1ZABHA_161212233628";
|
||||
# network = {
|
||||
# interface = "enp5s0";
|
||||
# address = "10.0.50.120";
|
||||
# defaultGateway = "10.0.50.254";
|
||||
# nameservers = [ "10.0.50.254" ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
# # Utility Room Desktop
|
||||
# lin-va-utility = mkSystem {
|
||||
# systemConfig = ./hosts/utility-desktop.nix;
|
||||
# moduleConfig = {
|
||||
# hostName = "lin-va-utility";
|
||||
# mainDiskID = "/dev/disk/by-id/nvme-eui.0026b768429d3eb5";
|
||||
# network = {
|
||||
# interface = "eno1";
|
||||
# address = "10.0.20.50";
|
||||
# defaultGateway = "10.0.20.254";
|
||||
# nameservers = [ "10.0.20.254" ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
# # Nix Builder
|
||||
# lin-va-nix-builder = mkSystem {
|
||||
# systemConfig = ./hosts/builder.nix;
|
||||
# moduleConfig = {
|
||||
# hostName = "lin-va-nix-builder";
|
||||
# mainDiskID = "/dev/xvda";
|
||||
# enableXenGuest = true;
|
||||
# network = {
|
||||
# interface = "enX0";
|
||||
# address = "10.0.50.130";
|
||||
# defaultGateway = "10.0.50.254";
|
||||
# nameservers = [ "10.0.50.254" ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, lib, inputs, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf types;
|
||||
inherit (lib) types optionalAttrs;
|
||||
inherit (lib.${namespace}) mkOpt mkBoolOpt;
|
||||
|
||||
cfg = config.${namespace}.hardware.asahi;
|
||||
@ -16,12 +16,12 @@ in
|
||||
firmwareDirectory = mkOpt types.path null "firmware directory";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
hardware = {
|
||||
asahi = {
|
||||
peripheralFirmwareDirectory = cfg.firmwareDirectory;
|
||||
useExperimentalGPUDriver = cfg.enableGPU;
|
||||
};
|
||||
config = {
|
||||
hardware.asahi = {
|
||||
enable = cfg.enable;
|
||||
} // optionalAttrs cfg.enable {
|
||||
peripheralFirmwareDirectory = cfg.firmwareDirectory;
|
||||
useExperimentalGPUDriver = cfg.enableGPU;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,189 +0,0 @@
|
||||
{ pkgs, lib, modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
config = {
|
||||
# Basic System
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
time.timeZone = "UTC";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
autoResize = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
# Xen
|
||||
"xen_blkfront"
|
||||
"xen_netfront"
|
||||
];
|
||||
kernelModules = [ "xen_netfront" "xen_blkfront" ];
|
||||
supportedFilesystems = [ "ext4" "xenfs" ];
|
||||
};
|
||||
kernelModules = [
|
||||
# Xen VM Requirements
|
||||
"xen_netfront"
|
||||
"xen_blkfront"
|
||||
"xenfs"
|
||||
|
||||
# iSCSI
|
||||
"iscsi_tcp"
|
||||
];
|
||||
};
|
||||
|
||||
# Add Intel Arc A310 GPU Drivers
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
libvdpau-va-gl
|
||||
intel-vaapi-driver
|
||||
intel-media-driver
|
||||
intel-compute-runtime
|
||||
intel-ocl
|
||||
];
|
||||
};
|
||||
|
||||
# Network Configuration
|
||||
networking = {
|
||||
hostName = lib.mkForce "";
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
||||
allowedTCPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
6443 # Kubernetes API
|
||||
9345 # RKE2 supervisor API
|
||||
2379 # etcd Client Port
|
||||
2380 # etcd Peer Port
|
||||
2381 # etcd Metrics Port
|
||||
10250 # kubelet metrics
|
||||
9099 # Canal CNI health checks
|
||||
];
|
||||
|
||||
allowedUDPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
8472 # Canal CNI with VXLAN
|
||||
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
|
||||
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
|
||||
];
|
||||
|
||||
# Allow Multicast
|
||||
extraCommands = ''
|
||||
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
# Enable Xen Guest Utilities
|
||||
xe-guest-utilities.enable = true;
|
||||
|
||||
# Enable iSCSI
|
||||
openiscsi = {
|
||||
enable = true;
|
||||
name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
|
||||
};
|
||||
|
||||
# Cloud Init
|
||||
cloud-init = {
|
||||
enable = true;
|
||||
network.enable = true;
|
||||
settings = {
|
||||
datasource_list = [ "NoCloud" ];
|
||||
preserve_hostname = false;
|
||||
system_info.distro = "nixos";
|
||||
system_info.network.renderers = [ "networkd" ];
|
||||
};
|
||||
};
|
||||
|
||||
# Enable SSH
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable RKE2
|
||||
rke2 = {
|
||||
enable = true;
|
||||
disable = [ "rke2-ingress-nginx" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
# RKE2 - Wait Cloud Init
|
||||
rke2-server = {
|
||||
after = [ "cloud-final.service" ];
|
||||
requires = [ "cloud-final.service" ];
|
||||
};
|
||||
|
||||
# Runtime iSCSI Initiator Setup
|
||||
iscsi-initiator-setup = {
|
||||
description = "Setup iSCSI Initiator Name";
|
||||
requires = [ "cloud-final.service" ];
|
||||
before = [ "iscsid.service" ];
|
||||
after = [ "cloud-final.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
path = [ pkgs.hostname pkgs.util-linux ];
|
||||
script = ''
|
||||
mkdir -p /run/iscsi
|
||||
echo "InitiatorName=iqn.2025.org.nixos:$(hostname)" > /run/iscsi/initiatorname.iscsi
|
||||
mount --bind /run/iscsi/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
|
||||
# Add Symlinks Expected by Democratic
|
||||
system.activationScripts = {
|
||||
iscsi-initiator = ''
|
||||
mkdir -p /usr/bin
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
|
||||
'';
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
htop
|
||||
intel-gpu-tools
|
||||
k9s
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
nfs-utils
|
||||
openiscsi
|
||||
tmux
|
||||
vim
|
||||
];
|
||||
|
||||
# Don't Manage - Runtime Generation
|
||||
etc."iscsi/initiatorname.iscsi".enable = false;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,46 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# Basic System
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
time.timeZone = "UTC";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
autoResize = true;
|
||||
};
|
||||
|
||||
# SSH
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
# Firewall Configuration
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
];
|
||||
};
|
||||
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
htop
|
||||
tmux
|
||||
vim
|
||||
];
|
||||
}
|
4
hosts/rke2-image.nix → systems/x86_64-vmware/rke2-node/default.nix
Normal file → Executable file
4
hosts/rke2-image.nix → systems/x86_64-vmware/rke2-node/default.nix
Normal file → Executable file
@ -4,6 +4,10 @@
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
config = {
|
||||
reichard = {
|
||||
nix.enable = false;
|
||||
};
|
||||
|
||||
# Basic System
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
Loading…
x
Reference in New Issue
Block a user