machine-config/bert/configuration.nix

{ config, pkgs, lib, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ./services/factorio.nix
      ./services/http/index.nix
      ./services/monitoring.nix
    ];

  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Set up SSH unlocking
  boot.kernelParams = [ "ip=dhcp" ];
  boot.initrd = {
    availableKernelModules = [ "e1000e" ];
    network = {
      enable = true;
      ssh = {
        enable = true;
        port = 22;
        authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com" ];
        hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
        shell = "/bin/cryptsetup-askpass";
      };
    };
  };

  boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1";
  networking.hostName = "bert";

  # Enable networking
  networking.networkmanager.enable = true;

  time.timeZone = "America/Chicago";
  i18n.defaultLocale = "en_US.UTF-8";
  services.xserver.xkb = {
    layout = "us";
    variant = "";
  };

  environment.systemPackages = with pkgs; [
    rsync
  ];

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ];

  networking.firewall.allowedTCPPorts = [
    80 # Caddy
    443 # Caddy
  ];

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?

}
-												Start setting up bert

											
										
										
											2024-10-31 00:55:10 -05:00
+								{ config, pkgs, lib, ... }:
 								{
 								  imports =
 								    [
 								      ./hardware-configuration.nix
-												Add Factorio Server

											
										
										
											2024-10-31 02:04:15 -05:00
+								      ./services/factorio.nix
-												Start setting up bert

											
										
										
											2024-10-31 00:55:10 -05:00
+								      ./services/http/index.nix
-												Add basic prometheus/grafana setup

											
										
										
											2024-10-31 01:50:48 -05:00
+								      ./services/monitoring.nix
-												Start setting up bert

											
										
										
											2024-10-31 00:55:10 -05:00
+								    ];
 								  # Bootloader
 								  boot.loader.systemd-boot.enable = true;
 								  boot.loader.efi.canTouchEfiVariables = true;
 								  # Set up SSH unlocking
-												Use DHCP for first stage boot

This approach was recommended by nixos.wiki, and formerly by
wiki.nixos.org, which has since switched to instead mentioning
`boot.initrd.network.udhcpc.enable = true;`. It's not entirely clear to
me which has an advantage over the other.

This kernel parameter means that the kernel itself does the DHCP
request, which is pretty neat! That seems to get set up in this file,
though I haven't tracked down the exact details:

https://github.com/torvalds/linux/blob/master/net/ipv4/ipconfig.c

It seems like udhcpc may _also_ be enabled (since networking.useDHCP is
set for the main system?), so maybe that could be disabled, but this
appears to work so I'm rolling with it for the time being!

Without the kernel param set, udhcpc tries and fails with errors like
this:

```
<<< NixOS Stage 1 >>>

loading module dm_mod...
loading module af_packet...
running udev...
Starting systemd-udevd version 255.9
bringing up network interface eno1...
acquiring IP address via DHCP on eno1...
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: broadcasting discover
udhcpc: broadcasting discover
udhcpc: no lease, failing
Passphrase for /dev/disk/by-uuid/00000000-0000-0000-0000-000000000000: _
```

Compare with a working output:

```
<<< NixOS Stage 1 >>>

loading module dm_mod...
loading module af_packet...
running udev...
Starting systemd-udevd version 255.9
bringing up network interface eno1...
acquiring IP address via DHCP on eno1...
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: broadcasting discover
udhcpc: broadcasting discover
udhcpc: broadcasting select for 192.168.1.20, server 192.168.1.1
udhcpc: lease of 192.168.1.20 obtained from 192.168.1.1, lease time 43200
Passphrase for /dev/disk/by-uuid/00000000-0000-0000-0000-000000000000: _
```

											
										
										
											2024-11-01 01:36:31 -05:00
+								  boot.kernelParams = [ "ip=dhcp" ];
-												Start setting up bert

											
										
										
											2024-10-31 00:55:10 -05:00
+								  boot.initrd = {
 								    availableKernelModules = [ "e1000e" ];
 								    network = {
 								      enable = true;
 								      ssh = {
 								        enable = true;
 								        port = 22;
 								        authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com" ];
 								        hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
 								        shell = "/bin/cryptsetup-askpass";
 								      };
 								    };
 								  };
 								  boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1";
 								  networking.hostName = "bert";
 								  # Enable networking
 								  networking.networkmanager.enable = true;
 								  time.timeZone = "America/Chicago";
 								  i18n.defaultLocale = "en_US.UTF-8";
 								  services.xserver.xkb = {
 								    layout = "us";
 								    variant = "";
 								  };
 								  environment.systemPackages = with pkgs; [
 								    rsync
 								  ];
 								  # Enable the OpenSSH daemon.
 								  services.openssh.enable = true;
 								  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ];
 								  networking.firewall.allowedTCPPorts = [
 # Caddy
 # Caddy
 								  ];
 								  # This value determines the NixOS release from which the default
 								  # settings for stateful data, like file locations and database versions
 								  # on your system were taken. It‘s perfectly fine and recommended to leave
 								  # this value at the release version of the first install of this system.
 								  # Before changing this value read the documentation for this option
 								  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
 								  system.stateVersion = "24.05"; # Did you read the comment?
 								}