diff --git a/docs/getting-started/create-nix-config.md b/docs/getting-started/create-nix-config.md index a96bd5e..0532763 100644 --- a/docs/getting-started/create-nix-config.md +++ b/docs/getting-started/create-nix-config.md @@ -20,7 +20,7 @@ Available templates are: Alternatively, use this flake's create script: ```bash -nix run "git+https://git.sid.ovh/sid/synix#create" -- -t TEMPLATE -u YOUR_USER -H YOUR_HOSTNAME +nix run "git+https://git.sid.ovh/sid/synix#create" -- -t TEMPLATE -u YOUR_USER -h YOUR_HOSTNAME ``` Check: diff --git a/templates/nix-configs/hetzner-amd/pi4/.sops.yaml b/templates/nix-configs/hetzner-amd/pi4/.sops.yaml new file mode 100644 index 0000000..e812787 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/.sops.yaml @@ -0,0 +1,18 @@ +keys: + - &host_portuus age1lghtkhxlz2tc5j9cjm6ancvz4a0mkgevjw4e2mhfar7cr5atl50snr5rs4 + - &host_edge age194tp22lgh6uw3lcg2u0j9ylllfvs6anjk4ns7prhy8e08k20q3jq439e6c + - &user_sid age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy + - &user_steffen age1e8p35795htf7twrejyugpzw0qja2v33awcw76y4gp6acnxnkzq0s935t4t +creation_rules: + - path_regex: hosts/portuus/secrets/secrets.yaml$ + key_groups: + - age: + - *user_sid + - *user_steffen + - *host_portuus + - path_regex: hosts/edge/secrets/secrets.yaml$ + key_groups: + - age: + - *user_sid + - *user_steffen + - *host_edge diff --git a/templates/nix-configs/hetzner-amd/pi4/flake.nix b/templates/nix-configs/hetzner-amd/pi4/flake.nix new file mode 100644 index 0000000..bf2f97d --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/flake.nix @@ -0,0 +1,93 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + + synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; + synix.imputs.nixpkgs.follows = "nixpkgs"; + + git-hooks.url = "github:cachix/git-hooks.nix"; + git-hooks.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + ... + }@inputs: + let + inherit (self) outputs; + + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + ]; + + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + + overlays = [ inputs.synix.overlays.default ]; + + mkNixosConfiguration = + system: modules: + nixpkgs.lib.nixosSystem { + inherit system modules; + specialArgs = { + inherit inputs outputs; + lib = + (import nixpkgs { + inherit system overlays; + }).lib; + }; + }; + in + { + packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + + overlays = import ./overlays { inherit inputs; }; + + nixosModules = import ./modules/nixos; + + nixosConfigurations = { + HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; + }; + + formatter = forAllSystems ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + config = self.checks.${system}.pre-commit-check.config; + inherit (config) package configFile; + script = '' + ${pkgs.lib.getExe package} run --all-files --config ${configFile} + ''; + in + pkgs.writeShellScriptBin "pre-commit-run" script + ); + + checks = forAllSystems ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + flakePkgs = self.packages.${system}; + overlaidPkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.modifications ]; + }; + in + { + pre-commit-check = inputs.git-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixfmt.enable = true; + }; + }; + build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; + build-overlays = pkgs.linkFarm "flake-overlays-${system}" { + # package = overlaidPkgs.package; + }; + } + ); + }; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/boot.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/boot.nix new file mode 100644 index 0000000..53a9686 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/boot.nix @@ -0,0 +1,7 @@ +{ + boot.loader.systemd-boot = { + enable = true; + configurationLimit = 10; + }; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/default.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/default.nix new file mode 100644 index 0000000..5fbf9d6 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/default.nix @@ -0,0 +1,22 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + ./boot.nix + ./hardware.nix + ./networking.nix + ./packages.nix + ./services + ./users.nix + + inputs.synix.nixosModules.common + + outputs.nixosModules.common + ]; + + system.stateVersion = "25.11"; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/disks.sh b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/disks.sh new file mode 100644 index 0000000..3fca099 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/disks.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +SSD='/dev/sda' +MNT='/mnt' +SWAP_GB=4 + +# Helper function to wait for devices +wait_for_device() { + local device=$1 + echo "Waiting for device: $device ..." + while [[ ! -e $device ]]; do + sleep 1 + done + echo "Device $device is ready." +} + +# Function to install a package if it's not already installed +install_if_missing() { + local cmd="$1" + local package="$2" + if ! command -v "$cmd" &> /dev/null; then + echo "$cmd not found, installing $package..." + nix-env -iA "nixos.$package" + fi +} + +install_if_missing "sgdisk" "gptfdisk" +install_if_missing "partprobe" "parted" + +wait_for_device $SSD + +echo "Wiping filesystem on $SSD..." +wipefs -a $SSD + +echo "Clearing partition table on $SSD..." +sgdisk --zap-all $SSD + +echo "Partitioning $SSD..." +parted -s "$SSD" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 513MiB \ + set 1 esp on \ + mkpart primary linux-swap 513MiB "$((513 + SWAP_GB*1024))"MiB \ + mkpart primary ext4 "$((513 + SWAP_GB*1024))"MiB 100% +partprobe -s $SSD +udevadm settle + +wait_for_device ${SSD}-part1 +wait_for_device ${SSD}-part2 +wait_for_device ${SSD}-part3 + +echo "Formatting partitions..." +mkfs.vfat -n BOOT "${SSD}1" +mkswap -L SWAP "${SSD}2" +mkfs.ext4 -L ROOT "${SSD}3" + +echo "Mounting partitions..." +mount "${SSD}3" "$MNT" +mkdir -p "$MNT/boot" +mount "${SSD}1" "$MNT/boot" + +echo "Enabling swap..." +swapon "${SSD}2" + +echo "Partitioning and setup complete:" +lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/hardware.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/hardware.nix new file mode 100644 index 0000000..aa13477 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/hardware.nix @@ -0,0 +1,41 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/ROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/SWAP"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/networking.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/networking.nix new file mode 100644 index 0000000..f96e974 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/networking.nix @@ -0,0 +1,4 @@ +{ + networking.hostName = "HOSTNAME"; + networking.domain = "HOSTNAME.local"; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/packages.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/packages.nix new file mode 100644 index 0000000..96cc691 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/packages.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ ]; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/default.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/default.nix new file mode 100644 index 0000000..c8695e0 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./nginx.nix + ./openssh.nix + ]; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/nginx.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/nginx.nix new file mode 100644 index 0000000..04a2482 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/nginx.nix @@ -0,0 +1,14 @@ +{ + inputs, + ... +}: + +{ + imports = [ inputs.synix.nixosModules.nginx ]; + + services.nginx = { + enable = true; + forceSSL = true; + openFirewall = true; + }; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/openssh.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/openssh.nix new file mode 100644 index 0000000..b851d18 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/openssh.nix @@ -0,0 +1,12 @@ +{ + inputs, + ... +}: + +{ + imports = [ + inputs.synix.nixosModules.openssh + ]; + + services.openssh.enable = true; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/users.nix b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/users.nix new file mode 100644 index 0000000..253394d --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/users.nix @@ -0,0 +1,9 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.synix.nixosModules.normalUsers + + ../../users/USERNAME + ]; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/default.nix b/templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/default.nix new file mode 100644 index 0000000..aa96a5f --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./overlays.nix + ]; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/overlays.nix b/templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/overlays.nix new file mode 100644 index 0000000..348ae08 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/overlays.nix @@ -0,0 +1,11 @@ +{ outputs, ... }: + +{ + nixpkgs.overlays = [ + outputs.overlays.synix-packages + outputs.overlays.local-packages + outputs.overlays.modifications + outputs.overlays.old-stable-packages + outputs.overlays.unstable-packages + ]; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/modules/nixos/default.nix b/templates/nix-configs/hetzner-amd/pi4/modules/nixos/default.nix new file mode 100644 index 0000000..28a636c --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/modules/nixos/default.nix @@ -0,0 +1,3 @@ +{ + common = import ./common; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/overlays/default.nix b/templates/nix-configs/hetzner-amd/pi4/overlays/default.nix new file mode 100644 index 0000000..23332b5 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/overlays/default.nix @@ -0,0 +1,35 @@ +{ inputs, ... }: + +{ + # synix packages accessible through 'pkgs.synix' + synix-packages = final: prev: { synix = inputs.synix.packages."${final.system}"; }; + + # packages in `pkgs/` accessible through 'pkgs.local' + local-packages = final: prev: { local = import ../pkgs { pkgs = final; }; }; + + # https://nixos.wiki/wiki/Overlays + modifications = + final: prev: + let + files = [ + ]; + imports = builtins.map (f: import f final prev) files; + in + builtins.foldl' (a: b: a // b) { } imports // inputs.synix.overlays.modifications final prev; + + # old-stable nixpkgs accessible through 'pkgs.old-stable' + old-stable-packages = final: prev: { + old-stable = import inputs.nixpkgs-old-stable { + inherit (final) system; + inherit (prev) config; + }; + }; + + # unstable nixpkgs accessible through 'pkgs.unstable' + unstable-packages = final: prev: { + unstable = import inputs.nixpkgs-unstable { + inherit (final) system; + inherit (prev) config; + }; + }; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/pkgs/default.nix b/templates/nix-configs/hetzner-amd/pi4/pkgs/default.nix new file mode 100644 index 0000000..2dadf8a --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/pkgs/default.nix @@ -0,0 +1,8 @@ +{ + pkgs ? import , + ... +}: + +{ + # example = pkgs.callPackage ./example { }; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/users/USERNAME/default.nix b/templates/nix-configs/hetzner-amd/pi4/users/USERNAME/default.nix new file mode 100644 index 0000000..9885271 --- /dev/null +++ b/templates/nix-configs/hetzner-amd/pi4/users/USERNAME/default.nix @@ -0,0 +1,8 @@ +{ + normalUsers.USERNAME = { + extraGroups = [ + "wheel" + ]; + # sshKeyFiles = [ ./pubkeys/YOUR_PUBKEY.pub ]; # FIXME + }; +} diff --git a/templates/nix-configs/hetzner-amd/pi4/users/USERNAME/pubkeys/YOUR_PUBKEY.pub b/templates/nix-configs/hetzner-amd/pi4/users/USERNAME/pubkeys/YOUR_PUBKEY.pub new file mode 100644 index 0000000..e69de29