Added (new-fangled) plato.

Also added build-seed.sha1sum and build-timestamp to /etc.
2021-11-30 15:30:32 -08:00 · 2021-11-30 15:30:32 -08:00 · d6bc280a25
commit d6bc280a25
parent 55d8ca47fe
6 changed files with 134 additions and 62 deletions
--- a/config/common.nix
+++ b/config/common.nix
@ -4,15 +4,23 @@ with lib;
 # Config common to all hosts, which don't belong anywhere else
 {
  config = let
-    home-generator = pkgs.callPackage ../nix-home {};
+    hashed-build-seed = pkgs.stdenv.mkDerivation {
-    host-domain = config.fudo.hosts.${config.instance.hostname}.domain;
+      name = "build-seed-hash";
      phases = [ "installPhase" ];
      buildInputs = with pkgs; [ coreutils ];
      installPhase = ''
        echo "${config.instance.build-seed}" | sha1sum | grep -o "^[^ ]*" > $out
      '';
    };
  in {
    nix.nixPath = lib.mkBefore [ "/nix/var/nix/profiles/per-user/$USER/channels" ];
-    # home-manager.users.root = home-generator.generate-config {
+    environment.etc = {
-    #   username = "root";
+      build-timestamp.text = toString config.instance.build-timestamp;
-    #   home-dir = "/root";
+      "build-seed.sha1sum".text = "${hashed-build-seed}";
-    #   user-email = "root@${config.instance.hostname}.${host-domain}";
+    };
    # } { };
  };
 }
--- a/config/hardware/plato.nix
+++ b/config/hardware/plato.nix
@ -1,3 +1,107 @@
 { config, lib, pkgs, ... }:
 {
  config = {
    boot = {
      initrd = {
        luks.devices.plato-unlocked = {
          device = "/dev/plato/plato-locked";
          preLVM = false;
          allowDiscards = true;
        };
        availableKernelModules = [
          "xhci_pci"
          "ehci_pci"
          "ahci"
          "usb_storage"
          "usbhid"
          "sd_mod"
          "r8169"
        ];
        kernelModules = [ "dm-snapshot" ];
      };
      loader = {
        grub = {
          enable = true;
          version = 2;
          device = "/dev/sda";
        };
      };
      kernelModules = [ ];
      extraModulePackages = [ ];
    };
    fileSystems = {
      "/" = {
        device = "plato-root";
        fsType = "tmpfs";
        options = [ "mode=755" "size=12G" ];
      };
      "/boot" = {
        device = "/dev/disk/by-label/plato-boot";
        fsType = "ext4";
        options = [ "noatime" "nodiratime" "noexec" ];
      };
      "/nix" = {
        device = "/dev/disk/by-label/plato-data";
        fsType = "btrfs";
        options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ];
      };
      "/var/log" = {
        device = "/dev/disk/by-label/plato-data";
        fsType = "btrfs";
        options = [ "subvol=@log" "compress=zstd" "noatime" "nodiratime" "noexec" ];
        neededForBoot = true;
      };
      "/state" = {
        device = "/dev/disk/by-label/plato-data";
        fsType = "btrfs";
        options = [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };
      "/home" = {
        device = "/dev/disk/by-label/plato-data";
        fsType = "btrfs";
        options = [ "subvol=@home" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };
    };
    swapDevices = [{
      device = "/dev/plato/plato-swap";
      randomEncryption.enable = true;
    }];
    networking = {
      macvlans = {
        intif0 = {
          interface = "enp1s0";
          mode = "bridge";
        };
      };
      interfaces = {
        enp1s0.useDHCP = false;
        intif0 = {
          macAddress = "02:25:b7:67:c4:c2";
        };
      };
    };
  };
 }
 { config, lib, pkgs, ... }:
 with lib; {
@ -69,8 +173,8 @@ with lib; {
    interfaces = {
      enp1s0.useDHCP = false;
      intif0 = {
-        # output of: echo plato-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
+        macAddress =
-        macAddress = "02:25:b7:67:c4:c2";
+          pkgs.lib.network.generate-mac-address config.instance.hostname "intif0";
      };
    };
  };
--- a/config/hardware/socrates.nix
+++ b/config/hardware/socrates.nix
@ -20,20 +20,6 @@
          "r8169"
        ];
        kernelModules = [ "dm-snapshot" ];
        # network = {
        #   enable = true;
        #   ssh = {
        #     enable = true;
        #     port = 22;
        #     authorizedKeys = [
        #       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0= niten@plato"
        #     ];
        #     hostKeys = [
        #       "/state/ssh/ssh_host_ed25519_key"
        #       "/state/ssh/ssh_host_rsa_key"
        #     ];
        #   };
        # };
      };
      loader = {
--- a/config/host-config/plato.nix
+++ b/config/host-config/plato.nix
@ -6,13 +6,14 @@ let primary-ip = "10.0.0.21";
 in {
  config = {
    networking = {
      useDHCP = false;
      defaultGateway = {
        address = "10.0.0.1";
        interface = "intif0";
      };
-      interfaces = {
+      interfaces.intif0 = {
        intif0 = {
        useDHCP = false;
        ipv4.addresses = [{
          address = primary-ip;
@ -20,7 +21,6 @@ in {
        }];
      };
    };
    };
    fudo.secrets = {
      secret-group = "fudo-secrets";
@ -28,17 +28,8 @@ in {
      secret-paths = [ "/state/secrets" ];
    };
    # boot.kernelParams = [ "nomodeset" ];
    # console.font = "VGA";
    systemd.tmpfiles.rules = [
-      "L /root/.gnupg - - - - /state/root/gnupg"
+      "L /etc/adjtime - - - - /state/etc/adjtime"
      # "L /root/.emacs.d - - - - /state/root/emacs.d"
      "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
      "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
      "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
      "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
      "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
    ];
    environment = {
@ -46,18 +37,11 @@ in {
        nixopsUnstable
      ];
      etc = {
        nixos.source = "/state/nixos";
        adjtime.source = "/state/etc/adjtime";
        NIXOS.source = "/state/etc/NIXOS";
        "host-config.nix".source = "/state/etc/host-config.nix";
      };
    };
-    system.stateVersion = "20.09";
+    system.stateVersion = "21.05";
    boot.initrd.postDeviceCommands = lib.mkAfter ''
      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
    '';
    security.sudo.extraConfig = ''
      # rollback results in sudo lectures after each reboot
--- a/config/host-config/socrates.nix
+++ b/config/host-config/socrates.nix
@ -28,12 +28,9 @@ in {
      secret-paths = [ "/state/secrets" ];
    };
-    # systemd.tmpfiles.rules = [
+    systemd.tmpfiles.rules = [
-    #   "L /root/.gnupg - - - - /state/root/gnupg"
+      "L /etc/adjtime - - - - /state/etc/adjtime"
-    #   "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
+    ];
    #   "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
    #   "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
    # ];
    environment = {
      systemPackages = with pkgs; [
@ -41,8 +38,6 @@ in {
      ];
      etc = {
        nixos.source = "/state/nixos";
        adjtime.source = "/state/etc/adjtime";
        NIXOS.source = "/state/etc/NIXOS";
      };
    };
--- a/config/profile-config/common.nix
+++ b/config/profile-config/common.nix
@ -39,11 +39,6 @@ in {
      etc.nixos-live.source = ../../.;
      systemPackages = global-packages;
      # shellInit = ''
      #   ${pkgs.gnupg}/bin/gpg-connect-agent /bye
      #   export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
      # '';
    };
    system.autoUpgrade.enable = false;