From 39733853c8bd229daf1ef7e838d1efd5c23b21db Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Wed, 3 Dec 2025 09:17:48 -0500 Subject: [PATCH] initial commit --- README.md | 9 +++++ flake.lock | 48 ++++++++++++++++++++++++++ flake.nix | 47 ++++++++++++++++++++++++++ hosts/larry/configuration.nix | 16 +++++++++ hosts/larry/disk-config.nix | 33 ++++++++++++++++++ hosts/patrick/configuration.nix | 19 +++++++++++ hosts/patrick/disk-config.nix | 33 ++++++++++++++++++ hosts/spongebob/configuration.nix | 15 +++++++++ hosts/spongebob/disk-config.nix | 33 ++++++++++++++++++ modules/base.nix | 56 +++++++++++++++++++++++++++++++ modules/k3s.nix | 49 +++++++++++++++++++++++++++ modules/longhorn.nix | 15 +++++++++ modules/nfs.nix | 4 +++ modules/nvidia.nix | 33 ++++++++++++++++++ 14 files changed, 410 insertions(+) create mode 100644 README.md create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/larry/configuration.nix create mode 100644 hosts/larry/disk-config.nix create mode 100644 hosts/patrick/configuration.nix create mode 100644 hosts/patrick/disk-config.nix create mode 100644 hosts/spongebob/configuration.nix create mode 100644 hosts/spongebob/disk-config.nix create mode 100644 modules/base.nix create mode 100644 modules/k3s.nix create mode 100644 modules/longhorn.nix create mode 100644 modules/nfs.nix create mode 100644 modules/nvidia.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..bab4214 --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# Nixos Server +- This is my nix config to initialize the nodes on my home k3s server. + +``` + +nix run github:nix-community/nixos-anywhere -- --build-on-remote --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --flake .#patrick root@192.168.2.100 + +nix run github:nix-community/nixos-anywhere -- --build-on-remote --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --flake .#spongebob root@192.168.2.101 +``` diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..e7f45fc --- /dev/null +++ b/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749147380, + "narHash": "sha256-UvCI5f1qD9l1fCQkoG/kJI0yNjDQIiJaN7gkve8fmII=", + "owner": "nix-community", + "repo": "disko", + "rev": "d74db625a5cf3f46cf8fa545d6ef10bd3463ea07", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1748856973, + "narHash": "sha256-RlTsJUvvr8ErjPBsiwrGbbHYW8XbB/oek0Gi78XdWKg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e4b09e47ace7d87de083786b404bf232eb6c89d8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c2120a2 --- /dev/null +++ b/flake.nix @@ -0,0 +1,47 @@ +{ + description = "Michael's NixOS Homelab Flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs @ { + nixpkgs, + disko, + ... + }: let + nodes = [ + "patrick" + "spongebob" + "larry" + ]; + k3sToken = "FILL THIS IN"; + publicKey = "FILL THIS IN"; + serverAddr = "https://192.168.2.100:6443"; + in { + nixosConfigurations = builtins.listToAttrs (map (name: { + name = name; + value = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + meta = { + hostname = name; + k3sToken = k3sToken; + publicKey = publicKey; + serverAddr = serverAddr; + }; + }; + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./hosts/${name}/configuration.nix + ]; + }; + }) + nodes); + }; +} diff --git a/hosts/larry/configuration.nix b/hosts/larry/configuration.nix new file mode 100644 index 0000000..3c8f1dc --- /dev/null +++ b/hosts/larry/configuration.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + meta, + ... +}: { + imports = [ + ./disk-config.nix + ../../modules/base.nix + ../../modules/k3s.nix + ../../modules/nfs.nix + ../../modules/longhorn.nix + ../../modules/nvidia.nix + ]; +} diff --git a/hosts/larry/disk-config.nix b/hosts/larry/disk-config.nix new file mode 100644 index 0000000..f120cae --- /dev/null +++ b/hosts/larry/disk-config.nix @@ -0,0 +1,33 @@ +{...}: { + disko.devices = { + disk = { + main = { + device = "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/patrick/configuration.nix b/hosts/patrick/configuration.nix new file mode 100644 index 0000000..3aba7d4 --- /dev/null +++ b/hosts/patrick/configuration.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + meta, + ... +}: { + imports = [ + ./disk-config.nix + ../../modules/base.nix + ../../modules/k3s.nix + ../../modules/nfs.nix + ../../modules/longhorn.nix + ]; + + k3s = { + init = true; + }; +} diff --git a/hosts/patrick/disk-config.nix b/hosts/patrick/disk-config.nix new file mode 100644 index 0000000..2554d88 --- /dev/null +++ b/hosts/patrick/disk-config.nix @@ -0,0 +1,33 @@ +{...}: { + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/spongebob/configuration.nix b/hosts/spongebob/configuration.nix new file mode 100644 index 0000000..bc422ad --- /dev/null +++ b/hosts/spongebob/configuration.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + pkgs, + meta, + ... +}: { + imports = [ + ./disk-config.nix + ../../modules/base.nix + ../../modules/k3s.nix + ../../modules/nfs.nix + ../../modules/longhorn.nix + ]; +} diff --git a/hosts/spongebob/disk-config.nix b/hosts/spongebob/disk-config.nix new file mode 100644 index 0000000..2554d88 --- /dev/null +++ b/hosts/spongebob/disk-config.nix @@ -0,0 +1,33 @@ +{...}: { + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/base.nix b/modules/base.nix new file mode 100644 index 0000000..105e892 --- /dev/null +++ b/modules/base.nix @@ -0,0 +1,56 @@ +{ + pkgs, + meta, + ... +}: { + nix.settings.experimental-features = ["nix-command" "flakes"]; + + nixpkgs.config.allowUnfree = true; + + time.timeZone = "America/Toronto"; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + networking = { + hostName = meta.hostname; + networkmanager.enable = true; + firewall.enable = false; + }; + + environment.systemPackages = with pkgs; [ + curl + vim + git + ]; + + users = { + mutableUsers = false; + users = { + mthomson = { + isNormalUser = true; + extraGroups = ["wheel"]; + password = "pw123"; + openssh.authorizedKeys.keys = [meta.publicKey]; + }; + root = { + openssh.authorizedKeys.keys = [meta.publicKey]; + }; + }; + }; + + services = { + openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + }; + }; + }; + + system.stateVersion = "25.05"; +} diff --git a/modules/k3s.nix b/modules/k3s.nix new file mode 100644 index 0000000..532310a --- /dev/null +++ b/modules/k3s.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + meta, + ... +}: +with lib; let + cfg = config.k3s; +in { + options.k3s = { + init = mkOption { + type = types.bool; + default = false; + description = "Initialize cluster when set to true"; + }; + }; + + config = { + services = { + k3s = { + enable = true; + role = "server"; + clusterInit = cfg.init; + serverAddr = + if cfg.init + then "" + else meta.serverAddr; + token = + if cfg.init + then "" + else meta.k3sToken; + extraFlags = + [ + "--kubelet-arg=allowed-unsafe-sysctls=net.ipv4.*" + ] + ++ ( + if cfg.init + then [ + "--disable servicelb" + "--disable traefik" + "--disable local-storage" + "--write-kubeconfig-mode \"0644\"" + ] + else [] + ); + }; + }; + }; +} diff --git a/modules/longhorn.nix b/modules/longhorn.nix new file mode 100644 index 0000000..eabe504 --- /dev/null +++ b/modules/longhorn.nix @@ -0,0 +1,15 @@ +{ + config, + pkgs, + ... +}: { + environment.systemPackages = [pkgs.nfs-utils]; + services.openiscsi = { + enable = true; + name = "${config.networking.hostName}-initiatorhost"; + }; + # Fixes for longhorn path mapping + systemd.tmpfiles.rules = [ + "L+ /usr/local/bin - - - - /run/current-system/sw/bin/" + ]; +} diff --git a/modules/nfs.nix b/modules/nfs.nix new file mode 100644 index 0000000..9b271c7 --- /dev/null +++ b/modules/nfs.nix @@ -0,0 +1,4 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + services.rpcbind.enable = true; +} diff --git a/modules/nvidia.nix b/modules/nvidia.nix new file mode 100644 index 0000000..9d6dda7 --- /dev/null +++ b/modules/nvidia.nix @@ -0,0 +1,33 @@ +{ + config, + pkgs, + ... +}: { + hardware.nvidia = { + open = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + nvidiaSettings = true; + }; + + services.xserver = { + enable = false; + videoDrivers = ["nvidia"]; + }; + + hardware.nvidia-container-toolkit.enable = true; + hardware.nvidia-container-toolkit.mount-nvidia-executables = true; + + environment.systemPackages = with pkgs; [ + nvidia-container-toolkit + ]; + + services.k3s.containerdConfigTemplate = '' + {{ template "base" . }} + + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] + privileged_without_host_devices = false + runtime_engine = "" + runtime_root = "" + runtime_type = "io.containerd.runc.v2" + ''; +}