aynish/helm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

holy moly we're almost there

Browse Source
This commit is contained in:
Anish Lakhwara
2022-09-19 08:13:50 +10:00
commit 3693732aac
203 changed files with 17247 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
doc/start/bootstrapping.md
+102
View File
@@ -0,0 +1,102 @@
# Bootstrapping
This will help you boostrap a bare host with the help of the
[bespoke iso](./iso.md) live installer.
_Note: nothing prevents you from remotely executing the boostrapping
process. See below._
Once your target host has booted into the live iso, you need to partion
and format your disk according to the [official manual][manual].
## Mount partitions
Then properly mount the formatted partitions at `/mnt`, so that you can
install your system to those new partitions.
Mount `nixos` partition to `/mnt` and — for UEFI — `boot`
partition to `/mnt/boot`:
```console
$ mount /dev/disk/by-label/nixos /mnt
$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
$ swapon /dev/disk/by-label/swap
```
Add some extra space to the store. In the iso, it's running on a tmpfs
off your RAM:
```console
$ mkdir -p /mnt/tmpstore/{work,store}
$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store
```
## Install
Install off of a copy of devos from the time the iso was built:
```console
$ cd /iso/devos
$ nixos-install --flake .#NixOS
```
## Notes of interest
### Remote access to the live installer
The iso live installer comes preconfigured with a network configuration
which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`,
that is `bootstrap.local` in the [iso example](./iso).
In the rare case that [MulticastDNS][mDNS] is not availabe or turned off
in your network, there is a static link-local IPv6 address configured to
`fe80::47`(mnemonic from the letter's position in the english alphabet:
`n=14 i=9 x=24; 47 = n+i+x`).
Provided that you have added your public key to the authorized keys of the
`root` user _(hint: [`deploy-rs`](../integrations/deploy.md) needs passwordless
sudo access)_:
```nix
{ ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
../secrets/path/to/key.pub
];
}
```
You can then ssh into the live installer through one of the
following options:
```console
ssh root@bootstrap.local
ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target
```
_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only
configured on the live installer. If you wish to enable [MulticastDNS][mDNS]
for your environment, you ought to configure that in a regular [profile](../concepts/profiles.md)._
### EUI-64 LLA & Host Identity
The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended
Unique Identifiers (EUI-64) that is derived from the host interface's Message
Authentication Code (MAC) address.
After a little while (a few seconds), you can remotely discover this unique and host
specific address over [NDP][NDP] for example with:
```console
ip -6 neigh show # also shows fe80::47
```
***This LLA is stable for the host, unless you need to swap that particular network card.***
Under this reservation, though, you may use this EUI-64 to wire up a specific
(cryptographic) host identity.
[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning
[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS
[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
[staticLLA]: https://tools.ietf.org/html/rfc7404
doc/start/from-nixos.md
+54
View File
@@ -0,0 +1,54 @@
# From NixOS
## Generate Configuration
Assuming you're happy with your existing partition layout, you can generate a
basic NixOS configuration for your system using:
```sh
flk up
```
This will make a new file `hosts/up-$(hostname).nix`, which you can edit to
your liking.
You must then add a host to `nixos.hosts` in flake.nix:
```nix
{
nixos.hosts = {
modules = hosts/NixOS.nix;
};
}
```
Make sure your `i18n.defaultLocale` and `time.timeZone` are set properly for
your region. Keep in mind that `networking.hostName` will be automatically
set to the name of your host;
Now might be a good time to read the docs on [suites](../concepts/suites.md) and
[profiles](../concepts/profiles.md) and add or create any that you need.
> ##### _Note:_
> While the `up` sub-command is provided as a convenience to quickly set up and
> install a "fresh" NixOS system on current hardware, committing these files is
> discouraged.
>
> They are placed in the git staging area automatically because they would be
> invisible to the flake otherwise, but it is best to move what you need from
> them directly into a host module of your own making, and commit that instead.
# Installation
Once you're ready to deploy `hosts/my-host.nix`:
```sh
flk my-host switch
```
This calls `nixos-rebuild` with sudo to build and install your configuration.
> ##### _Notes:_
> - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with
> `nixos-rebuild`.
>
> - It is convenient to have the template living at `/etc/nixos` so you can
> simply `sudo nixos-rebuild switch` from anywhere on the system, but it is
> not required.
doc/start/index.md
+41
View File
@@ -0,0 +1,41 @@
# Quick Start
The only dependency is nix, so make sure you have it [installed][install-nix].
## Get the Template
Here is a snippet that will get you the template without the git history:
```sh
nix-shell -p cachix --run "cachix use nrdxp"
nix-shell https://github.com/divnix/devos/archive/core.tar.gz -A shell \
--run "flk get core"
cd flk
nix-shell
git init
git add .
git commit -m init
```
This will place you in a new folder named `flk` with git initialized, and a
nix-shell that provides all the dependencies, including the unstable nix
version required.
In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment.
> ##### _Notes:_
> - Flakes ignore files that have not been added to git, so be sure to stage new
> files before building the system.
> - You can choose to simply clone the repo with git if you want to follow
> upstream changes.
> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work
> you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
## Next Steps:
- [Make installable ISO](./iso.md)
- [Bootstrap Host](./bootstrapping.md)
- [Already on NixOS](./from-nixos.md)
[install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation
doc/start/iso.md
+22
View File
@@ -0,0 +1,22 @@
# ISO
Making and writing an installable iso for `hosts/bootstrap.nix` is as simple as:
```sh
bud build bootstrap bootstrapIso
sudo -E $(which bud) burn
```
This works for any host.
## ISO image nix store & cache
The iso image holds the store to the live environment and _also_ acts as a binary cache
to the installer. To considerably speed up things, the image already includes all flake
`inputs` as well as the `devshell` closures.
While you _could_ provision any machine with a single stick, a custom-made iso for
the host you want to install DevOS to, maximises those local cache hits.
For hosts that don't differ too much, a single usb stick might be ok, whereas when
there are bigger differences, a custom-made usb stick will be considerably faster.