Add cloud-init based template system

2025-02-04 02:15:57 +01:00 · 2025-02-04 02:15:57 +01:00 · 3341a9bb2d
parent 7eb8bbaacc
commit 3341a9bb2d
2 changed files with 121 additions and 7 deletions
--- a/flake.nix
+++ b/flake.nix
@ -24,12 +24,18 @@
      };
    in
    {
-      nixosConfigurations = nixpkgs.lib.mapAttrs (
+      nixosConfigurations =
+        (nixpkgs.lib.mapAttrs (
          _: value:
          (utils.mkSystem {
            inherit hosts;
            hostConfig = value;
          })
-      ) hosts;
+        ) hosts)
+        // {
+          template = nixpkgs.lib.nixosSystem {
+            modules = [ ./systems/template/configuration.nix ];
+          };
+        };
    };
 }
--- a/systems/template/configuration.nix
+++ b/systems/template/configuration.nix
@ -0,0 +1,108 @@
+{
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  time.timeZone = "Europe/Amsterdam";
+  i18n.defaultLocale = "en_US.UTF-8";
+  networking.hostName = "nixos-template";
+  networking.dhcpcd.enable = false;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  services.qemuGuest.enable = true;
+
+  nix.settings.trusted-users = [
+    "root"
+    "@wheel"
+  ];
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  users.users."maintenance" = {
+    isNormalUser = true;
+    group = "maintenance";
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ];
+  };
+  users.groups."maintenance" = { };
+  security.sudo.wheelNeedsPassword = false;
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+  programs.ssh.startAgent = true;
+
+  services.cloud-init = {
+    enable = true;
+    network.enable = true;
+    config = ''
+      system_info:
+        distro: nixos
+        network:
+          renderers: [ 'networkd' ]
+        default_user:
+          name: ops
+        users:
+          - default
+        ssh_pwauth: false
+        chpasswd:
+          expire: false
+        cloud_init_modules:
+          - migrator
+          - seed_random
+          - growpart
+          - resizefs
+        cloud_config_modules:
+          - disk_setup
+          - mounts
+          - set-passwords
+          - ssh
+        cloud_final_modules: []
+    '';
+  };
+
+  boot.supportedFilesystems = [ "btrfs" ];
+  fileSystems = {
+    "/" = {
+      device = "none";
+      fsType = "tmpfs";
+      options = [
+        "defaults"
+        "mode=755"
+      ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+    };
+    "/nix" = {
+      device = "/dev/disk/by-label/btrfs";
+      fsType = "btrfs";
+      options = [
+        "compress=zstd"
+        "subvol=nix"
+        "noatime"
+      ];
+    };
+    "/persistent" = {
+      device = "/dev/disk/by-label/btrfs";
+      fsType = "btrfs";
+      options = [
+        "compress=zstd"
+        "subvol=persistent"
+        "noatime"
+      ];
+      autoResize = true;
+      neededForBoot = true;
+    };
+  };
+
+}