From 6cdce670de4cae3b9d044409bea932c3d98e8fc6 Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Mon, 10 Jan 2022 14:42:59 -0800 Subject: [PATCH] [meta] subterranean-animism Use NixOS for subterranean-animism --- meta/linode/Makefile | 4 + meta/linode/bootstrap-linode-nixos/main.tf | 77 +++++++++++++++++++ meta/linode/bootstrap/main.tf | 2 +- meta/linode/main.tf | 42 ++++++++++ .../subterranean-animism/configuration.nix | 43 +++++++++++ .../hardware-configuration.nix | 26 +++++++ meta/linode/subterranean-animism/linode.nix | 20 +++++ meta/linode/variables.tf | 6 ++ 8 files changed, 219 insertions(+), 1 deletion(-) create mode 100644 meta/linode/Makefile create mode 100644 meta/linode/bootstrap-linode-nixos/main.tf create mode 100644 meta/linode/subterranean-animism/configuration.nix create mode 100644 meta/linode/subterranean-animism/hardware-configuration.nix create mode 100644 meta/linode/subterranean-animism/linode.nix diff --git a/meta/linode/Makefile b/meta/linode/Makefile new file mode 100644 index 0000000..a28c94a --- /dev/null +++ b/meta/linode/Makefile @@ -0,0 +1,4 @@ +.PHONY: subterranean-animism +subterranean-animism: + rsync -avz --delete subterranean-animism/ subterranean-animism:/etc/nixos + ssh subterranean-animism nixos-rebuild switch diff --git a/meta/linode/bootstrap-linode-nixos/main.tf b/meta/linode/bootstrap-linode-nixos/main.tf new file mode 100644 index 0000000..d444139 --- /dev/null +++ b/meta/linode/bootstrap-linode-nixos/main.tf @@ -0,0 +1,77 @@ +terraform { + required_providers { + linode = { + source = "linode/linode" + } + } +} + +provider "linode" {} + +# For creating a NixOS image on Linode: +# +# https://www.linode.com/docs/guides/install-nixos-on-linode/ +# +resource "linode_instance" "nixos" { + label = "nixos" + type = "g6-nanode-1" + region = "us-west" + + disk { + label = "Installer" + size = 1024 + } + + disk { + label = "Swap" + size = 512 + filesystem = "swap" + } + + disk { + label = "NixOS" + size = 24064 + } + + config { + label = "Installer" + helpers { + updatedb_disabled = false + distro = false + modules_dep = false + network = false + } + devices { + sda { + disk_label = "NixOS" + } + sdb { + disk_label = "Swap" + } + sdc { + disk_label = "Installer" + } + } + kernel = "linode/direct-disk" + root_device = "/dev/sdc" + } + + config { + label = "Boot" + helpers { + updatedb_disabled = false + distro = false + modules_dep = false + network = false + } + devices { + sda { + disk_label = "NixOS" + } + sdb { + disk_label = "Swap" + } + } + kernel = "linode/grub2" + } +} diff --git a/meta/linode/bootstrap/main.tf b/meta/linode/bootstrap/main.tf index f3a6078..75cf2fc 100644 --- a/meta/linode/bootstrap/main.tf +++ b/meta/linode/bootstrap/main.tf @@ -2,7 +2,6 @@ terraform { required_providers { linode = { source = "linode/linode" - version = "1.24.0" } } } @@ -25,3 +24,4 @@ output "kubeconfig" { value = linode_lke_cluster.lotus_land_story.kubeconfig sensitive = true } + diff --git a/meta/linode/main.tf b/meta/linode/main.tf index 1ea56ba..9523f3b 100644 --- a/meta/linode/main.tf +++ b/meta/linode/main.tf @@ -6,6 +6,9 @@ terraform { helm = { source = "hashicorp/helm" } + linode = { + source = "linode/linode" + } } } @@ -19,6 +22,8 @@ provider "kubernetes" { config_path = ".kube/config" } +provider "linode" {} + resource "kubernetes_namespace" "cert_manager" { metadata { name = "cert-manager" @@ -102,3 +107,40 @@ resource "helm_release" "ingress_nginx" { chart = "ingress-nginx" version = "4.0.13" } + +resource "linode_instance" "subterranean_animism" { + label = "subterranean-animism" + type = "g6-nanode-1" + region = "us-west" + + disk { + label = "Swap" + size = 512 + filesystem = "swap" + } + + disk { + label = "NixOS" + size = 25088 + image = "private/${var.nixos_image_id}" + } + + config { + label = "Boot" + helpers { + updatedb_disabled = false + distro = false + modules_dep = false + network = false + } + devices { + sda { + disk_label = "NixOS" + } + sdb { + disk_label = "Swap" + } + } + kernel = "linode/grub2" + } +} diff --git a/meta/linode/subterranean-animism/configuration.nix b/meta/linode/subterranean-animism/configuration.nix new file mode 100644 index 0000000..5dcb9bc --- /dev/null +++ b/meta/linode/subterranean-animism/configuration.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + imports = + [ ./hardware-configuration.nix # Include the results of the hardware scan. + ./linode.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + + networking.hostName = "subterranean-animism"; # Define your hostname. + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.eth0.useDHCP = true; + + environment.systemPackages = with pkgs; [ + vim + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.11"; # Did you read the comment? + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + passwordAuthentication = false; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgX0tA28NO3djYaV++JxggR0t47xou+R0HQVwVjzj8s" + ]; +} + diff --git a/meta/linode/subterranean-animism/hardware-configuration.nix b/meta/linode/subterranean-animism/hardware-configuration.nix new file mode 100644 index 0000000..108d5a3 --- /dev/null +++ b/meta/linode/subterranean-animism/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/85c07f31-0a04-4539-8c92-dd24e6498680"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/3ebb99fa-f9c5-4daa-8c7f-e6abc62ef5b6"; } + ]; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/meta/linode/subterranean-animism/linode.nix b/meta/linode/subterranean-animism/linode.nix new file mode 100644 index 0000000..d354c58 --- /dev/null +++ b/meta/linode/subterranean-animism/linode.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + # Use /dev/sdX identifiers for disks instead of UUIDs + fileSystems."/".device = lib.mkForce "/dev/sda"; + swapDevices = lib.mkForce [ { device = "/dev/sdb"; } ]; + + # Enable LISH + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + networking.usePredictableInterfaceNames = false; +} diff --git a/meta/linode/variables.tf b/meta/linode/variables.tf index 0c5be25..2217df2 100644 --- a/meta/linode/variables.tf +++ b/meta/linode/variables.tf @@ -9,3 +9,9 @@ variable "letsencrypt_email" { nullable = false sensitive = true } + +variable "nixos_image_id" { + type = string + nullable = false + sensitive = true +}