diff --git a/flake.lock b/flake.lock index 9b0eab5..6186600 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1698611440, @@ -18,8 +36,24 @@ }, "root": { "inputs": { + "flake-utils": "flake-utils", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 5a08031..2804c87 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,9 @@ description = "NixOS ISO of netali"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, nixpkgs }@inputs: { + outputs = { self, nixpkgs, flake-utils, ... }@inputs: { iso = (nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -13,5 +14,13 @@ hydraJobs.iso = self.iso; - }; -} \ No newline at end of file + overlays.default = (import ./packages); + } // flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + packages = { + netali-configure-net-ruby = pkgs.callPackage ./packages/netali-configure-net-ruby {}; + netali-default-config-ruby = pkgs.callPackage ./packages/netali-default-config-ruby {}; + }; + }); +} diff --git a/iso.nix b/iso.nix index 061db43..a99959d 100644 --- a/iso.nix +++ b/iso.nix @@ -9,6 +9,8 @@ "profiles/base.nix" ]; + nixpkgs.overlays = [ (import ./packages) ]; + networking.hostName = "netalis-nixos-iso"; isoImage.isoBaseName = "netalis-nixos-iso"; @@ -67,6 +69,10 @@ # Some compression/archiver tools. unzip zip + + # own packages + netali-configure-net-ruby + netali-default-config-ruby ]; time.timeZone = "Europe/Berlin"; diff --git a/packages/default.nix b/packages/default.nix new file mode 100644 index 0000000..ce5ae65 --- /dev/null +++ b/packages/default.nix @@ -0,0 +1,4 @@ +final: prev: { + netali-configure-net-ruby = final.callPackage ./netali-configure-net-ruby {}; + netali-default-config-ruby = final.callPackage ./netali-default-config-ruby {}; +} diff --git a/packages/netali-configure-net-ruby/default.nix b/packages/netali-configure-net-ruby/default.nix new file mode 100644 index 0000000..ae3334b --- /dev/null +++ b/packages/netali-configure-net-ruby/default.nix @@ -0,0 +1,20 @@ +{ writeShellScriptBin, iproute2 }: + +writeShellScriptBin "netali-configure-net-ruby" '' + if [[ $# -ne 2 ]]; then + echo "Usage: netali-configure-net-ruby [interface] [last-ip-block]" + echo "" + echo "interface: name of the network interface to configure" + echo "last-ip-block: last block of the IPv6 address of this host" + exit 1 + fi + + INTERFACE=$1 + LAST_IP_BLOCK=$2 + + ${iproute2}/bin/ip link set up $INTERFACE + ${iproute2}/bin/ip a a 2001:67c:a6c:a::$LAST_IP_BLOCK/64 dev $INTERFACE + ${iproute2}/bin/ip r a default via fe80::1 dev $INTERFACE + + echo "nameserver 2606:4700:4700::1111" > /etc/resolv.conf +'' diff --git a/packages/netali-default-config-ruby/config-template.txt b/packages/netali-default-config-ruby/config-template.txt new file mode 100644 index 0000000..c3c0708 --- /dev/null +++ b/packages/netali-default-config-ruby/config-template.txt @@ -0,0 +1,81 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.tmp.useTmpfs = true; + + networking.nftables.enable = true; + + security.sudo.wheelNeedsPassword = false; + + users.users.netali = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ]; + }; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de-latin1"; + }; + + services.qemuGuest.enable = true; + + system.stateVersion = "23.05"; + + networking.hostName = "$TARGET_HOSTNAME"; + + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + services.openssh.ports = [ 1022 ]; + + networking.useDHCP = false; + networking.dhcpcd.enable = false; + + networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ]; + + nix = { + settings = { + trusted-users = [ "@wheel" ]; + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + extraOptions = '' + min-free = 104857600 + max-free = 1073741824 + ''; # more readable: min-free = 100*1024*1024; max-free = 1024*1024*1024; + }; + + systemd.network = { + enable = true; + networks = { + "40-ens18" = { + name = "ens18"; + networkConfig = { + IPv6AcceptRA = false; + }; + address = [ + "2001:67c:a6c:a::$LAST_IP_BLOCK/64" + ]; + gateway = [ + "2001:67c:a6c:a::1" + ]; + }; + }; + }; +} diff --git a/packages/netali-default-config-ruby/default.nix b/packages/netali-default-config-ruby/default.nix new file mode 100644 index 0000000..7fa4884 --- /dev/null +++ b/packages/netali-default-config-ruby/default.nix @@ -0,0 +1,18 @@ +{ writeShellScriptBin, envsubst }: + +writeShellScriptBin "netali-default-config-ruby" '' + if [[ $# -ne 3 ]]; then + echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]" + echo "" + echo "out-path: path to which the configuration will be written" + echo "hostname: path to which the configuration will be written" + echo "last-ip-block: last block of the IPv6 address of this host" + exit 1 + fi + + OUT_PATH=$1 + export TARGET_HOSTNAME="$2" + export LAST_IP_BLOCK="$3" + + ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH +''