From 3341a9bb2ddf0df1282db0f7cb55956b81251fd3 Mon Sep 17 00:00:00 2001 From: Kalle Struik Date: Tue, 4 Feb 2025 02:15:57 +0100 Subject: [PATCH] Add cloud-init based template system --- flake.nix | 20 ++++-- systems/template/configuration.nix | 108 +++++++++++++++++++++++++++++ 2 files changed, 121 insertions(+), 7 deletions(-) create mode 100644 systems/template/configuration.nix diff --git a/flake.nix b/flake.nix index b6ecb61..f297424 100644 --- a/flake.nix +++ b/flake.nix @@ -24,12 +24,18 @@ }; in { - nixosConfigurations = nixpkgs.lib.mapAttrs ( - _: value: - (utils.mkSystem { - inherit hosts; - hostConfig = value; - }) - ) hosts; + nixosConfigurations = + (nixpkgs.lib.mapAttrs ( + _: value: + (utils.mkSystem { + inherit hosts; + hostConfig = value; + }) + ) hosts) + // { + template = nixpkgs.lib.nixosSystem { + modules = [ ./systems/template/configuration.nix ]; + }; + }; }; } diff --git a/systems/template/configuration.nix b/systems/template/configuration.nix new file mode 100644 index 0000000..c014b40 --- /dev/null +++ b/systems/template/configuration.nix @@ -0,0 +1,108 @@ +{ + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + time.timeZone = "Europe/Amsterdam"; + i18n.defaultLocale = "en_US.UTF-8"; + networking.hostName = "nixos-template"; + networking.dhcpcd.enable = false; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + services.qemuGuest.enable = true; + + nix.settings.trusted-users = [ + "root" + "@wheel" + ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + users.users."maintenance" = { + isNormalUser = true; + group = "maintenance"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ]; + }; + users.groups."maintenance" = { }; + security.sudo.wheelNeedsPassword = false; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + }; + programs.ssh.startAgent = true; + + services.cloud-init = { + enable = true; + network.enable = true; + config = '' + system_info: + distro: nixos + network: + renderers: [ 'networkd' ] + default_user: + name: ops + users: + - default + ssh_pwauth: false + chpasswd: + expire: false + cloud_init_modules: + - migrator + - seed_random + - growpart + - resizefs + cloud_config_modules: + - disk_setup + - mounts + - set-passwords + - ssh + cloud_final_modules: [] + ''; + }; + + boot.supportedFilesystems = [ "btrfs" ]; + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = [ + "defaults" + "mode=755" + ]; + }; + "/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + "/nix" = { + device = "/dev/disk/by-label/btrfs"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=nix" + "noatime" + ]; + }; + "/persistent" = { + device = "/dev/disk/by-label/btrfs"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=persistent" + "noatime" + ]; + autoResize = true; + neededForBoot = true; + }; + }; + +}