update: nixos 23.05 setup

lucernae · lucernae · commit 467a8b3672a0 · 2024-03-31T02:06:05.000+07:00
diff --git a/.github/workflows/nix-build-using-debian.yaml b/.github/workflows/nix-build-using-debian.yaml
@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v4.1.1
     - uses: cachix/install-nix-action@v26
       with:
-        nix_path: nixpkgs=channel:nixos-20.09
+        nix_path: nixos=channel:nixos-23.05
         extra_nix_config: |
           extra-platforms = aarch64-linux
     - name: Check nix.conf
@@ -78,7 +78,7 @@ jobs:
         EOF
     - name: Build SD Image
       run: |
-        nix-build '<nixpkgs/nixos>'  \
+        nix-build '<nixos/nixos>'  \
           -A config.system.build.sdImage \
           -I nixos-config=./configuration.custom.sdImage.nix \
           --argstr system aarch64-linux \
diff --git a/.github/workflows/nix-build-using-docker.yaml b/.github/workflows/nix-build-using-docker.yaml
@@ -16,7 +16,7 @@ jobs:
     - uses: actions/checkout@v4.1.1
     - uses: cachix/install-nix-action@v26
       with:
-        nix_path: nixpkgs=channel:nixos-20.09
+        nix_path: nixos=channel:nixos-23.05
         extra_nix_config: |
           extra-platforms = aarch64-linux
     - name: Check nix.conf
@@ -29,7 +29,7 @@ jobs:
         cat /proc/sys/fs/binfmt_misc/qemu-aarch64
     - name: Build SD Image
       run: |
-        nix-build '<nixpkgs/nixos>'  \
+        nix-build '<nixos/nixos>'  \
           -A config.system.build.sdImage \
           -I nixos-config=./configuration.default.sdImage.nix \
           --argstr system aarch64-linux \
@@ -49,7 +49,7 @@ jobs:
     - uses: actions/checkout@v4.1.1
     - uses: cachix/install-nix-action@v26
       with:
-        nix_path: nixpkgs=channel:nixos-20.09
+        nix_path: nixos=channel:nixos-23.05
         extra_nix_config: |
           extra-platforms = aarch64-linux
     - name: Check nix.conf
@@ -67,7 +67,7 @@ jobs:
         EOF
     - name: Build SD Image
       run: |
-        nix-build '<nixpkgs/nixos>'  \
+        nix-build '<nixos/nixos>'  \
           -A config.system.build.sdImage \
           -I nixos-config=./configuration.custom.sdImage.nix \
           --argstr system aarch64-linux \
diff --git a/.gitignore b/.gitignore
@@ -6,4 +6,9 @@ etc-pihole
 .env
 docker-compose.override.yml
 result
-sd-image.*
+output
+.direnv
+.DS_Store
+sd-image.*
+
+.idea
diff --git a/README.md b/README.md
@@ -99,7 +99,7 @@ The nix file must import the SD Image packages
 {
 
   imports = [
-    <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
+    <nixos/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
   ];
   
   # Do not compress the image as we want to use it straight away
@@ -114,7 +114,7 @@ See example in: [configuration.sdImage.nix](configuration.sdImage.nix)
 Then build the image:
 
 ```
-nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./configuration.sdImage.nix \
+nix-build '<nixos/nixos>' -A config.system.build.sdImage -I nixos-config=./configuration.sdImage.nix \
   --argstr system aarch64-linux \
   --option sandbox false
 ```
@@ -147,7 +147,7 @@ The build command:
 
 ```
 # notice that we don't need to specify --argstr system aarch64-linux
-nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./configuration.sdImage.nix \
+nix-build '<nixos/nixos>' -A config.system.build.sdImage -I nixos-config=./configuration.sdImage.nix \
   --option sandbox false
 ```
 
diff --git a/configuration.default.sdImage.nix b/configuration.default.sdImage.nix
@@ -2,10 +2,10 @@
 {
 
   imports = [
-    <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
+    <nixos/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix>
 
     # For nixpkgs cache
-    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+    <nixos/nixos/modules/installer/cd-dvd/channel.nix>
   ];
 
   sdImage.compressImage = true;
@@ -17,24 +17,52 @@
   boot.loader.generic-extlinux-compatible.enable = true;
  
   # !!! Set to specific linux kernel version
-  boot.kernelPackages = pkgs.linuxPackages_5_4;
+  boot.kernelPackages = pkgs.linuxPackages;
+
+  # Disable ZFS on kernel 6
+  boot.supportedFilesystems = lib.mkForce [
+    "vfat"
+    "xfs"
+    "cifs"
+    "ntfs"
+  ];
 
   # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
   # If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M.
   # On a Raspberry Pi 4 with 4 GB, you should either disable this parameter or increase to at least 64M if you want the USB ports to work.
   boot.kernelParams = ["cma=256M"];
 
+  # File systems configuration for using the installer's partition layout
+  fileSystems = {
+    # Prior to 19.09, the boot partition was hosted on the smaller first partition
+    # Starting with 19.09, the /boot folder is on the main bigger partition.
+    # The following is to be used only with older images.
+    /*
+    "/boot" = {
+      device = "/dev/disk/by-label/NIXOS_BOOT";
+      fsType = "vfat";
+    };
+    */
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  };
+
+  # !!! Adding a swap file is optional, but strongly recommended!
+  swapDevices = [ { device = "/swapfile"; size = 1024; } ];
+
   # Settings above are the bare minimum
   # All settings below are customized depending on your needs
 
   # systemPackages
   environment.systemPackages = with pkgs; [ 
-    vim curl wget nano bind kubectl helm iptables openvpn
-    python3 nodejs-12_x docker-compose ];
+    vim curl wget nano bind kubectl kubernetes-helm iptables openvpn
+    python3 nodejs docker-compose ];
 
   services.openssh = {
       enable = true;
-      permitRootLogin = "yes";
+      settings.PermitRootLogin = "yes";
   };
 
   programs.zsh = {
@@ -75,8 +103,9 @@
       extraGroups = [ "wheel" "docker" ];
     };
   };
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
+  users.users.root.openssh.authorizedKeys.keys = [
       # Your ssh key
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqlXJv/noNPmZMIfjJguRX3O+Z39xeoKhjoIBEyfeqgKGh9JOv7IDBWlNnd3rHVnVPzB9emiiEoAJpkJUnWNBidL6vPYn13r6Zrt/2WLT6TiUFU026ANdqMjIMEZrmlTsfzFT+OzpBqtByYOGGe19qD3x/29nbszPODVF2giwbZNIMo2x7Ww96U4agb2aSAwo/oQa4jQsnOpYRMyJQqCUhvX8LzvE9vFquLlrSyd8khUsEVV/CytmdKwUUSqmlo/Mn7ge/S12rqMwmLvWFMd08Rg9NHvRCeOjgKB4EI6bVwF8D6tNFnbsGVzTHl7Cosnn75U11CXfQ6+8MPq3cekYr lucernae@lombardia-N43SM"
   ];
+  system.stateVersion = "23.05";
 }
diff --git a/configuration.nix b/configuration.nix
@@ -6,7 +6,15 @@
   boot.loader.generic-extlinux-compatible.enable = true;
  
   # !!! Set to specific linux kernel version
-  boot.kernelPackages = pkgs.linuxPackages_5_4;
+  boot.kernelPackages = pkgs.linuxPackages;
+
+  # Disable ZFS on kernel 6
+  boot.supportedFilesystems = lib.mkForce [
+    "vfat"
+    "xfs"
+    "cifs"
+    "ntfs"
+  ];
 
   # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
   # If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M.
@@ -35,20 +43,20 @@
 
   # systemPackages
   environment.systemPackages = with pkgs; [ 
-    vim curl wget nano bind kubectl helm iptables openvpn
-    python3 nodejs-12_x docker-compose ];
+    vim curl wget nano bind kubectl kubernetes-helm iptables openvpn
+    python3 nodejs docker-compose ];
 
   services.openssh = {
       enable = true;
-      permitRootLogin = "yes";
+      settings.PermitRootLogin = "yes";
   };
 
   # Some sample service.
   # Use dnsmasq as internal LAN DNS resolver.
   services.dnsmasq = {
       enable = false;
-      servers = [ "8.8.8.8" "8.8.4.4" "1.1.1.1" ];
-      extraConfig = ''
+      settings.servers = [ "8.8.8.8" "8.8.4.4" "1.1.1.1" ];
+      settings.extraConfig = ''
         address=/fenrir.test/192.168.100.6
         address=/recalune.test/192.168.100.7
         address=/eth.nixpi.test/192.168.100.3
@@ -91,7 +99,7 @@
       useDHCP = false;
       ipv4.addresses = [{
         # I used static IP over WLAN because I want to use it as local DNS resolver
-        address = "192.168.100.4";
+        address = "192.168.1.4";
         prefixLength = 24;
       }];
     };
@@ -108,14 +116,21 @@
     wireless.enable = true;
     wireless.interfaces = [ "wlan0" ];
     # If you want to connect also via WIFI to your router
-    wireless.networks."WIFI-SSID".psk = "wifipass";
+    # wireless.networks."SATRIA".psk = "wifipassword";
     # You can set default nameservers
-    nameservers = [ "192.168.100.3" "192.168.100.4" "192.168.100.1" ];
+    # nameservers = [ "192.168.100.3" "192.168.100.4" "192.168.100.1" ];
     # You can set default gateway
-    defaultGateway = {
-      address = "192.168.100.1";
-      interface = "wlan0";
-    };
+    # defaultGateway = {
+    #  address = "192.168.1.1";
+    #  interface = "eth0";
+    # };
+  };
+
+  # forwarding
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv6.conf.all.forwarding" = true;
+    "net.ipv4.tcp_ecn" = true;
   };
 
   # put your own configuration here, for example ssh keys:
@@ -137,8 +152,9 @@
       extraGroups = [ "wheel" "docker" ];
     };
   };
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
+  users.users.root.openssh.authorizedKeys.keys = [
     # This is my public key
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqlXJv/noNPmZMIfjJguRX3O+Z39xeoKhjoIBEyfeqgKGh9JOv7IDBWlNnd3rHVnVPzB9emiiEoAJpkJUnWNBidL6vPYn13r6Zrt/2WLT6TiUFU026ANdqMjIMEZrmlTsfzFT+OzpBqtByYOGGe19qD3x/29nbszPODVF2giwbZNIMo2x7Ww96U4agb2aSAwo/oQa4jQsnOpYRMyJQqCUhvX8LzvE9vFquLlrSyd8khUsEVV/CytmdKwUUSqmlo/Mn7ge/S12rqMwmLvWFMd08Rg9NHvRCeOjgKB4EI6bVwF8D6tNFnbsGVzTHl7Cosnn75U11CXfQ6+8MPq3cekYr lucernae@lombardia-N43SM"
   ];
+  system.stateVersion = "23.05";
 }
diff --git a/configuration.sdImage.nix b/configuration.sdImage.nix
@@ -2,114 +2,16 @@
 {
 
   imports = [
-    <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
+    <nixos/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix>
 
     # For nixpkgs cache
-    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+    <nixos/nixos/modules/installer/cd-dvd/channel.nix>
+
+    # main configuration
+    ./configuration.nix
   ];
 
   sdImage.compressImage = false;
-  
-
-  # NixOS wants to enable GRUB by default
-  boot.loader.grub.enable = false;
-  # Enables the generation of /boot/extlinux/extlinux.conf
-  boot.loader.generic-extlinux-compatible.enable = true;
- 
-  # !!! Set to specific linux kernel version
-  boot.kernelPackages = pkgs.linuxPackages_5_4;
-
-  # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
-  # If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M.
-  # On a Raspberry Pi 4 with 4 GB, you should either disable this parameter or increase to at least 64M if you want the USB ports to work.
-  boot.kernelParams = ["cma=256M"];
-
-  # Settings above are the bare minimum
-  # All settings below are customized depending on your needs
-
-  # systemPackages
-  environment.systemPackages = with pkgs; [ 
-    vim curl wget nano bind kubectl helm iptables openvpn
-    python3 nodejs-12_x docker-compose ];
-
-  services.openssh = {
-      enable = true;
-      permitRootLogin = "yes";
-  };
-
-  programs.zsh = {
-      enable = true;
-      ohMyZsh = {
-          enable = true;
-          theme = "bira";
-      };
-  };
 
-
-  virtualisation.docker.enable = true;
-
-  networking.firewall.enable = false;
-
-  # WiFi
-  hardware = {
-    enableRedistributableFirmware = true;
-    firmware = [ pkgs.wireless-regdb ];
-  };
-
-  # Networking
-  networking = {
-    # useDHCP = true;
-    interfaces.wlan0 = {
-      useDHCP = false;
-      ipv4.addresses = [{
-        # I used static IP over WLAN because I want to use it as local DNS resolver
-        address = "192.168.100.4";
-        prefixLength = 24;
-      }];
-    };
-    interfaces.eth0 = {
-      useDHCP = true;
-      # I used DHCP because sometimes I disconnect the LAN cable
-      #ipv4.addresses = [{
-      #  address = "192.168.100.3";
-      #  prefixLength = 24;
-      #}];
-    };
-
-    # Enabling WIFI
-    wireless.enable = true;
-    wireless.interfaces = [ "wlan0" ];
-    # If you want to connect also via WIFI to your router
-    wireless.networks."WIFI-SSID".psk = "wifipass";
-    # You can set default nameservers
-    nameservers = [ "192.168.100.3" "192.168.100.4" "192.168.100.1" ];
-    # You can set default gateway
-    defaultGateway = {
-      address = "192.168.100.1";
-      interface = "wlan0";
-    };
-  };
-
-  # put your own configuration here, for example ssh keys:
-  users.defaultUserShell = pkgs.zsh;
-  users.mutableUsers = true;
-  users.groups = {
-    nixos = {
-      gid = 1000;
-      name = "nixos";
-    };
-  };
-  users.users = {
-    nixos = {
-      uid = 1000;
-      home = "/home/nixos";
-      name = "nixos";
-      group = "nixos";
-      shell = pkgs.zsh;
-      extraGroups = [ "wheel" "docker" ];
-    };
-  };
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqlXJv/noNPmZMIfjJguRX3O+Z39xeoKhjoIBEyfeqgKGh9JOv7IDBWlNnd3rHVnVPzB9emiiEoAJpkJUnWNBidL6vPYn13r6Zrt/2WLT6TiUFU026ANdqMjIMEZrmlTsfzFT+OzpBqtByYOGGe19qD3x/29nbszPODVF2giwbZNIMo2x7Ww96U4agb2aSAwo/oQa4jQsnOpYRMyJQqCUhvX8LzvE9vFquLlrSyd8khUsEVV/CytmdKwUUSqmlo/Mn7ge/S12rqMwmLvWFMd08Rg9NHvRCeOjgKB4EI6bVwF8D6tNFnbsGVzTHl7Cosnn75U11CXfQ6+8MPq3cekYr lucernae@lombardia-N43SM"
-  ];
+  system.copySystemConfiguration = true;
 }
