commit 80acbe079c70784d1d3f9b5b967528b0350752b7 Author: awkawb Date: Sun Dec 29 15:42:43 2024 -0500 Initial commit diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1c3e3f1 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,16 @@ +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true + +# 2 space indentation +[*.nix] +indent_style = space +indent_size = 2 + +[Makefile] +indent_style = tab + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..57f055a --- /dev/null +++ b/Makefile @@ -0,0 +1,19 @@ +# Special variables +.DEFAULT_GOAL := help # Set default target to run +.SILENT: # Disable printing recipes at runtime +.ONESHELL: # Run target recipes in one shell invocation +.PHONY: build-image \ # Phony targets + clean \ + help + +help: ## Shows this help prompt. + egrep -h '\s##\s' $(MAKEFILE_LIST) \ + | sort \ + | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' + +clean: + rm -f result + +build-image: clean ## Builds Linode campatible NixOS disk image. + nix build ".#nixosConfigurations.linode-image.config.system.build.raw" + diff --git a/README.md b/README.md new file mode 100644 index 0000000..63ef45c --- /dev/null +++ b/README.md @@ -0,0 +1,25 @@ +# base-nixos-linode + +A repository that builds a base NixOS Linode image. The make build +tool is used to build the image and also to manage a Linode instance. +A dotenv file is provided and used to define values to a specific +Linode instance, such as the IP address and admin account name. + +## Basics + +All repository commands can be found simply by running the make command, +like this: ```make``` + +Help text should be displayed on the screen with available commands and +what they do. + +## Build Instructions + +Run the following command: ```make build-image``` + +## Managing a Linode Instance + +Two make targets are defined to manage a Linode instance: nixos-switch +and ssh. Run nixos-switch to build a Linode compatible NixOS image +from the configuration in /nixos-config. + diff --git a/build-image.nix b/build-image.nix new file mode 100644 index 0000000..683f864 --- /dev/null +++ b/build-image.nix @@ -0,0 +1,20 @@ +{ config, lib, modulesPath, pkgs, ... }: + +{ + imports = [ + ./nixos-config + ]; + + system.build.raw = import "${modulesPath}/../lib/make-disk-image.nix" { + inherit config lib pkgs; + name = "linode-image"; + format = "raw"; + partitionTableType = "none"; + postVM = + '' + ${pkgs.gzip}/bin/gzip -6 -c -- $diskImage > \ + $out/linode-image.img.gz + rm $diskImage + ''; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..603f783 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1735264675, + "narHash": "sha256-MgdXpeX2GuJbtlBrH9EdsUeWl/yXEubyvxM1G+yO4Ak=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d49da4c08359e3c39c4e27c74ac7ac9b70085966", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..6715c2d --- /dev/null +++ b/flake.nix @@ -0,0 +1,18 @@ +{ + description = "A base Linode NixOS image"; + + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + + outputs = { self, nixpkgs }: { + nixosConfigurations.linode-image = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./build-image.nix ]; + specialArgs = { + domain = "linode-domain"; + hostname = "linode-hostname"; + }; + }; + + nixosModules.default = ./nixos-config; + }; +} diff --git a/nixos-config/default.nix b/nixos-config/default.nix new file mode 100644 index 0000000..73483c8 --- /dev/null +++ b/nixos-config/default.nix @@ -0,0 +1,16 @@ +{ modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + + ./hardware + ./services + + ./nix.nix + ./state-version.nix + ./system-packages.nix + ./timezone.nix + ]; +} + diff --git a/nixos-config/hardware/boot.nix b/nixos-config/hardware/boot.nix new file mode 100644 index 0000000..f1401ab --- /dev/null +++ b/nixos-config/hardware/boot.nix @@ -0,0 +1,39 @@ +{ lib, ... }: + +{ + boot = { + # Enable LISH and Linode Booting w/ GRUB + loader = { + # Increase Timeout to Allow LISH Connection + # NOTE: The image generator tries to set a timeout of 0, so we must force + timeout = lib.mkDefault 10; + + grub = { + enable = true; + forceInstall = true; + device = "nodev"; + fsIdentifier = "label"; + + # Allow serial connection for GRUB to be able to use LISH + extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + }; + }; + + # Add Required Kernel Modules + # NOTE: These are not documented in the install guide + initrd.availableKernelModules = [ + "virtio_pci" + "virtio_scsi" + "ahci" + "sd_mod" + ]; + + # Set Up LISH Serial Connection + kernelParams = [ "console=ttyS0,19200n8" ]; + kernelModules = [ "virtio_net" ]; + }; +} diff --git a/nixos-config/hardware/cpu.nix b/nixos-config/hardware/cpu.nix new file mode 100644 index 0000000..4c7ac0f --- /dev/null +++ b/nixos-config/hardware/cpu.nix @@ -0,0 +1,3 @@ +{ + hardware.cpu.amd.updateMicrocode = true; +} diff --git a/nixos-config/hardware/default.nix b/nixos-config/hardware/default.nix new file mode 100644 index 0000000..2a8e09a --- /dev/null +++ b/nixos-config/hardware/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./boot.nix + ./cpu.nix + ./file-systems.nix + ./networking.nix + ./swap-devices.nix + ]; +} + diff --git a/nixos-config/hardware/file-systems.nix b/nixos-config/hardware/file-systems.nix new file mode 100644 index 0000000..7c3962b --- /dev/null +++ b/nixos-config/hardware/file-systems.nix @@ -0,0 +1,9 @@ +{ + fileSystems = { + "/" = { + device = "/dev/sda"; + fsType = "ext4"; + autoResize = true; + }; + }; +} diff --git a/nixos-config/hardware/networking.nix b/nixos-config/hardware/networking.nix new file mode 100644 index 0000000..c79461a --- /dev/null +++ b/nixos-config/hardware/networking.nix @@ -0,0 +1,26 @@ +{ lib +, domain ? "linode-domain" +, hostname ? "linode-hostname" +, ... }: + +{ + networking = { + useDHCP = lib.mkForce false; + usePredictableInterfaceNames = false; + + interfaces.eth0 = { + useDHCP = true; + + # Linode expects IPv6 privacy extensions to be disabled, so disable them + # See: https://www.linode.com/docs/guides/manual-network-configuration/#static-vs-dynamic-addressing + tempAddress = "disabled"; + }; + + domain = domain; + hostName = hostname; + + firewall = { + enable = true; + }; + }; +} diff --git a/nixos-config/hardware/swap-devices.nix b/nixos-config/hardware/swap-devices.nix new file mode 100644 index 0000000..380c631 --- /dev/null +++ b/nixos-config/hardware/swap-devices.nix @@ -0,0 +1,3 @@ +{ + swapDevices = [ { device = "/dev/sdb"; } ]; +} diff --git a/nixos-config/nix.nix b/nixos-config/nix.nix new file mode 100644 index 0000000..f029b84 --- /dev/null +++ b/nixos-config/nix.nix @@ -0,0 +1,15 @@ +{ + nix = { + optimise = { + automatic = true; + dates = [ "weekly" ]; + }; + + + gc = { + automatic = true; + options = "--delete-older-than 7d"; + dates = "weekly"; + }; + }; +} diff --git a/nixos-config/services/default.nix b/nixos-config/services/default.nix new file mode 100644 index 0000000..4619942 --- /dev/null +++ b/nixos-config/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./openssh.nix + ]; +} diff --git a/nixos-config/services/openssh.nix b/nixos-config/services/openssh.nix new file mode 100644 index 0000000..38274e5 --- /dev/null +++ b/nixos-config/services/openssh.nix @@ -0,0 +1,12 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + + settings = { + PermitRootLogin = "prohibit-password"; + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; + }; +} diff --git a/nixos-config/state-version.nix b/nixos-config/state-version.nix new file mode 100644 index 0000000..8d06deb --- /dev/null +++ b/nixos-config/state-version.nix @@ -0,0 +1,3 @@ +{ + system.stateVersion = "24.11"; +} diff --git a/nixos-config/system-packages.nix b/nixos-config/system-packages.nix new file mode 100644 index 0000000..d9f2003 --- /dev/null +++ b/nixos-config/system-packages.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; + [ + # Install diagnostic tools for Linode support + inetutils + mtr + sysstat + + # Base image packages + busybox + gnumake + neovim + wget + ]; + + + programs.zsh = + { + enable = true; + + vteIntegration = true; + + autosuggestions.enable = true; + enableCompletion = true; + ohMyZsh.enable = true; + syntaxHighlighting.enable = true; + }; +} diff --git a/nixos-config/timezone.nix b/nixos-config/timezone.nix new file mode 100644 index 0000000..778a93d --- /dev/null +++ b/nixos-config/timezone.nix @@ -0,0 +1,3 @@ +{ + time.timeZone = "America/New_York"; +}