[meta] subterranean-animism

Use NixOS for subterranean-animism

meta/linode/Makefile

@@ -0,0 +1,4 @@
+.PHONY: subterranean-animism
+subterranean-animism:
+	rsync -avz --delete subterranean-animism/ subterranean-animism:/etc/nixos
+	ssh subterranean-animism nixos-rebuild switch

meta/linode/bootstrap-linode-nixos/main.tf

@@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    linode = {
+      source  = "linode/linode"
+    }
+  }
+}
+
+provider "linode" {}
+
+# For creating a NixOS image on Linode:
+#
+# https://www.linode.com/docs/guides/install-nixos-on-linode/
+#
+resource "linode_instance" "nixos" {
+  label = "nixos"
+  type = "g6-nanode-1"
+  region = "us-west"
+
+  disk {
+    label = "Installer"
+    size = 1024
+  }
+
+  disk {
+    label = "Swap"
+    size = 512
+    filesystem = "swap"
+  }
+
+  disk {
+    label = "NixOS"
+    size = 24064
+  }
+
+  config {
+    label = "Installer"
+    helpers {
+      updatedb_disabled = false
+      distro = false
+      modules_dep = false
+      network = false
+    }
+    devices {
+      sda {
+        disk_label = "NixOS"
+      }
+      sdb {
+        disk_label = "Swap"
+      }
+      sdc {
+        disk_label = "Installer"
+      }
+    }
+    kernel = "linode/direct-disk"
+    root_device = "/dev/sdc"
+  }
+
+  config {
+    label = "Boot"
+    helpers {
+      updatedb_disabled = false
+      distro = false
+      modules_dep = false
+      network = false
+    }
+    devices {
+      sda {
+        disk_label = "NixOS"
+      }
+      sdb {
+        disk_label = "Swap"
+      }
+    }
+    kernel = "linode/grub2"
+  }
+}

meta/linode/bootstrap/main.tf

@@ -2,7 +2,6 @@ terraform {
   required_providers {
     linode = {
       source  = "linode/linode"
-      version = "1.24.0"
     }
   }
 }
@@ -25,3 +24,4 @@ output "kubeconfig" {
    value     = linode_lke_cluster.lotus_land_story.kubeconfig
    sensitive = true
 }
+

meta/linode/main.tf

@@ -6,6 +6,9 @@ terraform {
     helm = {
       source = "hashicorp/helm"
     }
+    linode = {
+      source = "linode/linode"
+    }
   }
 }
 
@@ -19,6 +22,8 @@ provider "kubernetes" {
   config_path = ".kube/config"
 }
 
+provider "linode" {}
+
 resource "kubernetes_namespace" "cert_manager" {
   metadata {
     name = "cert-manager"
@@ -102,3 +107,40 @@ resource "helm_release" "ingress_nginx" {
   chart      = "ingress-nginx"
   version    = "4.0.13"
 }
+
+resource "linode_instance" "subterranean_animism" {
+  label  = "subterranean-animism"
+  type   = "g6-nanode-1"
+  region = "us-west"
+
+  disk {
+    label      = "Swap"
+    size       = 512
+    filesystem = "swap"
+  }
+
+  disk {
+    label = "NixOS"
+    size  = 25088
+    image = "private/${var.nixos_image_id}"
+  }
+
+  config {
+    label = "Boot"
+    helpers {
+      updatedb_disabled = false
+      distro            = false
+      modules_dep       = false
+      network           = false
+    }
+    devices {
+      sda {
+        disk_label = "NixOS"
+      }
+      sdb {
+        disk_label = "Swap"
+      }
+    }
+    kernel = "linode/grub2"
+  }
+}

meta/linode/subterranean-animism/configuration.nix

@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ ./hardware-configuration.nix # Include the results of the hardware scan.
+      ./linode.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+
+  networking.hostName = "subterranean-animism"; # Define your hostname.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.eth0.useDHCP = true;
+
+  environment.systemPackages = with pkgs; [
+    vim
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgX0tA28NO3djYaV++JxggR0t47xou+R0HQVwVjzj8s"
+  ];
+}
+

meta/linode/subterranean-animism/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/85c07f31-0a04-4539-8c92-dd24e6498680";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/3ebb99fa-f9c5-4daa-8c7f-e6abc62ef5b6"; }
+    ];
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

meta/linode/subterranean-animism/linode.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  # Use /dev/sdX identifiers for disks instead of UUIDs
+  fileSystems."/".device = lib.mkForce "/dev/sda";
+  swapDevices = lib.mkForce [ { device = "/dev/sdb"; } ];
+
+  # Enable LISH
+  boot.kernelParams = [ "console=ttyS0,19200n8" ];
+  boot.loader.grub.extraConfig = ''
+    serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
+    terminal_input serial;
+    terminal_output serial
+  '';
+  boot.loader.grub.forceInstall = true;
+  boot.loader.grub.device = "nodev";
+  boot.loader.timeout = 10;
+
+  networking.usePredictableInterfaceNames = false;
+}

meta/linode/variables.tf

@@ -9,3 +9,9 @@ variable "letsencrypt_email" {
   nullable  = false
   sensitive = true
 }
+
+variable "nixos_image_id" {
+  type      = string
+  nullable  = false
+  sensitive = true
+}