colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

complete servo image & port to impermanence

Browse Source 
there might still be some bugs to work out here.
this produces a workable image, but with some uncertainty
around that swapfile (the first attempt had /swapfile living on a
tmpfs).
This commit is contained in:
colin 2022-06-29 01:17:53 -07:00
parent ba69812720
commit 92488dd890
10 changed files with 78 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
machines/moby/firmware.nix
View File

@ -3,6 +3,7 @@
# we need space in the GPT header to place tow-boot.
# only actually need 1 MB, but better to over-allocate than under-allocate
colinsane.image.extraGPTPadding = 16 * 1024 * 1024;
colinsane.image.firstPartGap = 0;
system.build.img = pkgs.runCommandNoCC "nixos_full-disk-image.img" {} ''
cp -v ${config.system.build.img-without-firmware}/nixos.img $out
chmod +w $out

7
machines/servo/default.nix
View File

@ -24,9 +24,14 @@
colinsane.home-manager.extraPackages = [
pkgs.matrix-synapse
];
colinsane.impermanence.enable = true;
colinsane.services.duplicity.enable = true;
# TODO: validate this
colinsane.image.extraBootFiles = [ pkgs.bootpart-tow-boot-rpi-aarch64 ];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
colinsane.image.extraBootFiles = [ pkgs.bootpart-u-boot-rpi-aarch64 ];
sops.secrets.duplicity_passphrase = {
sopsFile = ../../secrets/servo.yaml;

42
machines/servo/fs.nix
View File

@ -1,27 +1,49 @@
{ ... }:
{
# root is a tmpfs so that we have an ephemeral system ("impermanence" handles the state)
fileSystems."/" = {
device = "/dev/disk/by-uuid/2be70d38-79f4-41b6-bee2-bce5a25f8f7b";
fsType = "ext4";
device = "none";
fsType = "tmpfs";
options = [
"mode=755"
"size=1G"
"defaults"
];
};
# we need a /tmp of default size (half RAM) for building large nix things
fileSystems."/tmp" = {
device = "none";
fsType = "tmpfs";
options = [
"mode=777"
"defaults"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/aa272cff-0fcc-498e-a4cb-0d95fb60631b";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B318-A67E";
device = "/dev/disk/by-uuid/31D3-40CB";
fsType = "vfat";
};
fileSystems."/var/lib/pleroma" = {
device = "/opt/pleroma";
options = [ "bind" ];
};
# fileSystems."/var/lib/pleroma" = {
# device = "/opt/pleroma";
# options = [ "bind" ];
# };
# TODO: does transmission handle symlinks?
fileSystems."/var/lib/transmission/Downloads" = {
device = "/opt/uninsane/media";
device = "/var/lib/uninsane/media";
options = [ "bind" ];
};
fileSystems."/var/lib/transmission/.incomplete" = {
device = "/opt/uninsane/media/incomplete";
device = "/var/lib/uninsane/media/incomplete";
options = [ "bind" ];
};
@ -31,7 +53,7 @@
};
swapDevices = [
{ device = "/swapfile"; size = 4096; }
{ device = "/nix/persist/swapfile"; size = 4096; }
];
}

6
machines/servo/hardware.nix
View File

@ -12,15 +12,9 @@
# see: https://github.com/raspberrypi/linux
boot.kernelPackages = pkgs.linuxPackages_rpi4;
# NixOS defaults to grub: we don't want that.
boot.loader.grub.enable = false;
# raspberryPi boot loader creates extlinux.conf.
# otherwise, enable the generic-extlinux-compatible loader below.
# note: THESE ARE MUTUALLY EXCLUSIVE. generic-extlinux-compatible causes uboot to not be built
# boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.version = 4;
boot.initrd.availableKernelModules = [
"bcm2711_thermal"

2
machines/servo/services/nginx.nix
View File

@ -6,7 +6,7 @@
# web blog/personal site
services.nginx.virtualHosts."uninsane.org" = {
root = "/opt/uninsane/root";
root = "/var/lib/uninsane/root";
# a lot of places hardcode https://uninsane.org,
# and then when we mix http + non-https, we get CORS violations
# and things don't look right. so force SSL.

2
machines/servo/services/postgres.nix
View File

@ -2,7 +2,7 @@
{
services.postgresql.enable = true;
services.postgresql.dataDir = "/opt/postgresql/13";
# services.postgresql.dataDir = "/opt/postgresql/13";
# XXX colin: for a proper deploy, we'd want to include something for Pleroma here too.
# services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
# CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '<password goes here>';

13
modules/image.nix
View File

@ -12,8 +12,20 @@ in
};
colinsane.image.extraGPTPadding = mkOption {
default = 0;
# NB: rpi doesn't like non-zero values for this.
# at the same time, spinning disks REALLY need partitions to be aligned to 4KiB boundaries.
# maybe there's some imageBuilder.fileSystem type which represents empty space?
# default = 2014 * 512; # standard is to start part0 at sector 2048 (versus 34 if no padding)
type = types.int;
};
colinsane.image.firstPartGap = mkOption {
# align the first part to 16 MiB.
# do this by inserting a gap of 16 MiB - gptHeaderSize
# and then multiply by 1MiB and subtract 1 because mobile-nixos
# has a bug which will divide this by 1 MiB (and round up)
default = (16 * 1024 * 1024 - 34 * 512) * 1024 * 1024 - 1;
type = types.nullOr types.int;
};
colinsane.image.bootPartSize = mkOption {
default = 512 * 1024 * 1024;
type = types.int;
@ -62,6 +74,7 @@ in
# Tow-Boot manages to do that; not sure how.
headerHole = cfg.extraGPTPadding;
partitions = [
(pkgs.imageBuilder.gap cfg.firstPartGap)
(fsBuilderMapBoot."${bootFs.fsType}" {
# fs properties
name = "ESP";

18
modules/impermanence.nix
View File

@ -69,6 +69,24 @@ in
# "/var/lib/systemd" # nothing obviously necessary
# "/var/lib/udisks2" # empty on lappy
# "/var/lib/upower" # historic charge data. unnecessary, but maybe used somewhere?
#
# servo additions:
"/var/lib/acme"
# "/var/lib/dhparams" # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix
# "/var/lib/dovecot"
# "/var/lib/duplicity"
"/var/lib/gitea" # TODO: could be more granular
"/var/lib/ipfs" # TODO: could be more granular
"/var/lib/jackett" # TODO: we only need this to save Indexer creds ==> migrate to config?
"/var/lib/jellyfin" # TODO: could be more granular
"/var/lib/matrix-appservice-irc"
"/var/lib/matrix-synapse"
"/var/lib/opendkim" # TODO: move this to the nix config (SOPS)
"/var/lib/pleroma" # TODO: could be more granular
"/var/lib/postgresql"
"/var/lib/postfix" # TODO: could be more granular
"/var/lib/transmission" # we need this specifically for the stats tracking in .config/
"/var/lib/uninsane"
"/var/log"
# TODO: what even GOES in /srv?
"/srv"

10
modules/services/duplicity.nix
View File

@ -37,17 +37,15 @@ in
"/sys"
"/tmp"
# bind mounted (dupes):
"/var/lib/pleroma"
"/var/lib/transmission/Downloads"
"/var/lib/transmission/.incomplete"
"/var/lib"
# other mounts
"/mnt"
# data that's not worth the cost to backup:
"/opt/uninsane/media"
"/nix/persist/var/lib/uninsane/media"
"/nix/persist/home/colin/tmp"
"/nix/persist/home/colin/Videos"
"/home/colin/tmp"
"/home/colin/Videos"
# TODO: transitional
"/home/colin/internal"
];
services.duplicity.extraFlags = [

4
modules/universal/fs.nix
View File

@ -18,11 +18,11 @@ let sshOpts = {
in
{
fileSystems."/mnt/servo-media-wan" = {
device = "colin@uninsane.org:/opt/uninsane/media";
device = "colin@uninsane.org:/var/lib/uninsane/media";
inherit (sshOpts) fsType options;
};
fileSystems."/mnt/servo-media-lan" = {
device = "colin@servo:/opt/uninsane/media";
device = "colin@servo:/var/lib/uninsane/media";
inherit (sshOpts) fsType options;
};
fileSystems."/mnt/desko-home" = {