From 03c221993ca0e290b12ada75d474588c1be48816 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 11 Dec 2024 03:28:52 +0100 Subject: [PATCH] build: drop rhea --- build/flake.nix | 9 - build/pluto/prometheus/default.nix | 1 - build/pluto/prometheus/exporters/nixos.nix | 1 - build/pluto/prometheus/exporters/node.nix | 1 - build/pluto/prometheus/exporters/zfs.nix | 1 - build/rhea/.terraform.lock.hcl | 95 ------- build/rhea/configuration.nix | 28 -- build/rhea/hardware-configuration.nix | 49 ---- build/rhea/hetzner.nix | 4 - build/rhea/install.md | 311 --------------------- build/rhea/network.nix | 23 -- build/rhea/terraform.tf | 26 -- 12 files changed, 549 deletions(-) delete mode 100644 build/rhea/.terraform.lock.hcl delete mode 100644 build/rhea/configuration.nix delete mode 100644 build/rhea/hardware-configuration.nix delete mode 100644 build/rhea/hetzner.nix delete mode 100644 build/rhea/install.md delete mode 100644 build/rhea/network.nix delete mode 100644 build/rhea/terraform.tf diff --git a/build/flake.nix b/build/flake.nix index f92421d4..a47c0b66 100644 --- a/build/flake.nix +++ b/build/flake.nix @@ -79,15 +79,6 @@ ]; }; - nixosConfigurations.rhea = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - flakesModule - ./rhea/configuration.nix - ]; - }; - nixosConfigurations.mimas = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/build/pluto/prometheus/default.nix b/build/pluto/prometheus/default.nix index e3ddac3d..6e69c70f 100644 --- a/build/pluto/prometheus/default.nix +++ b/build/pluto/prometheus/default.nix @@ -23,7 +23,6 @@ ]; networking.extraHosts = '' - 10.254.1.5 rhea 10.254.1.6 pluto 10.254.1.9 haumea diff --git a/build/pluto/prometheus/exporters/nixos.nix b/build/pluto/prometheus/exporters/nixos.nix index 9ff18b6a..2b8c9aff 100644 --- a/build/pluto/prometheus/exporters/nixos.nix +++ b/build/pluto/prometheus/exporters/nixos.nix @@ -6,7 +6,6 @@ { labels.role = "hydra"; targets = [ - "rhea:9300" "mimas.nixos.org:9300" ]; } diff --git a/build/pluto/prometheus/exporters/node.nix b/build/pluto/prometheus/exporters/node.nix index a3f812ba..bd2b6294 100644 --- a/build/pluto/prometheus/exporters/node.nix +++ b/build/pluto/prometheus/exporters/node.nix @@ -9,7 +9,6 @@ { labels.role = "hydra"; targets = [ - "rhea:9100" "mimas.nixos.org:9100" ]; } diff --git a/build/pluto/prometheus/exporters/zfs.nix b/build/pluto/prometheus/exporters/zfs.nix index 35fc4cff..9acfb171 100644 --- a/build/pluto/prometheus/exporters/zfs.nix +++ b/build/pluto/prometheus/exporters/zfs.nix @@ -6,7 +6,6 @@ static_configs = [ { targets = [ - "rhea:9134" "haumea:9134" "pluto:9134" "mimas.nixos.org:9134" diff --git a/build/rhea/.terraform.lock.hcl b/build/rhea/.terraform.lock.hcl deleted file mode 100644 index 1ad47c5a..00000000 --- a/build/rhea/.terraform.lock.hcl +++ /dev/null @@ -1,95 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.78.0" - hashes = [ - "h1:/EKXECKi3XzLR0SwaEyQucvsQx2TdyIF2DYabr9DVqM=", - "h1:15pt02WPsTWUsLi37o791kSplIqEf2Ihl+zFdBOpKnY=", - "h1:3TLJUm+6523EtS8W8G4f22e0bp2MpZ72f9qptc31WD8=", - "h1:EGEcXHT4WdxUTRSPzjevCNXStQ+u2eeQB4EmOSp2nPc=", - "h1:GwVGbd+IHAq+qwGs2QKuxazKzrJhSWVicYyGBPftuG0=", - "h1:OUmta/bL/0S6g4K/Mn1LBkEnMWNCq4dLsfYrdrllcEo=", - "h1:cxjNJTMeoxw0csix1iWp4m2esNUOuFfVbIAacUGjYSQ=", - "h1:kB3dnSsazjI63RZdz2gldCkDFw8KI0IJd6RbhqxrE6I=", - "h1:o7jz+dFixEcwjfdubken5ldmDJm1tkvM2adPtNDei3g=", - "h1:vIzenE93tNUfA/hFcwB6wouenp59n9g2J6FNPfJAOpg=", - "h1:zA5P+U4hv2P52fwfLNjAIA2jS9xOn4xCmrXrOMKH8gs=", - "h1:zKNuYrqjerfmrU0bgKQtubN/NiMLRXP4HTThTm1WfJE=", - "h1:zYvhhpw56OF8ClJezKBdKV0+6elVM3FYEAjaNWAinjk=", - "h1:zel31ZX4jCQoeQXydOfcm4ncD9aj+437F9Cr1eoCumM=", - "zh:0ae7d41b96441d0cf7ce2e1337657bdb2e1e5c9f1c2227b0642e1dcec2f9dfba", - "zh:21f8f1edf477681ea3b095c02cad6b8e85262e45015de58e84e0c7b2bfe9a1f6", - "zh:2bdc335e341bf98445255549ae93d66cfb9bca706e62b949da98fe467c182cad", - "zh:2fe4096e260367a225a9faf4a424d62b87e5498f12cb43bdb6f4e713d11b82c3", - "zh:3c63bb7a7925d65118d17461f4691a22dbb55ea39a7404e4d71f6ccca8765f8b", - "zh:6609a28a1c638a1901d8007b5386868ccfd313b4df2e98b35d9fdef436974e3b", - "zh:7ae3aef43bc4b365824cca4659cf92459d766800656e354bdbf83feabab835e8", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:c314efe454adc6ca483261c6906e64315aeb9db0c0332818714e9b81e07df0f0", - "zh:cd3e30396b554bbc1d260252db8a0f344065d619038fe60ea870689cd32c6aa9", - "zh:d1ba48fd9d8a1cb1daa927fb9e8bb708b857f2792d796e110460c6fdcd896a47", - "zh:d31c8abe75cb9cdc1c59ad9d356a1c3ae1ba8cd29ac15eb7e01b6cd01221ab04", - "zh:dc27c5c2116b4d9b404753f73bccaa635bce21f3bfb4bb7bc8e63225c36c98fe", - "zh:de491f0d05408378413187475c815d8cb2ac6bfa63d0b42a30ad5ee492e51c07", - "zh:eb44b45a40f80a309dd5b0eb7d7fcb2cbfe588fe2f18b173ef5851346898a662", - ] -} - -provider "registry.terraform.io/hashicorp/external" { - version = "2.3.4" - hashes = [ - "h1:+vGNrgIvJPzMpvFu83JJinMdkhIuvhEZ19GXZhbrnZ8=", - "h1:6GqYfx2rlvNWemfIrN9FywbRCsCdyS95GWP1qX9BUZw=", - "h1:8mByRL3zDm50yiEXMrKtWC2FaLwuvvyjKI+eWuD1dn0=", - "h1:8wUm19ayDX5J9uPOWKfp92DDnAyQ8wjCq+k0ra67R6E=", - "h1:Dp/bAH/npXxNkkhLzU09Oj5oLneVU6W0o6oqBp3Akq8=", - "h1:GOSuOGp/zly9gp/2iTqL99pfMXM1SB7+RjTEORlMqTs=", - "h1:U6W8rgrdmR2pZ2cicFoGOSQ4GXuIf/4EK7s0vTJN7is=", - "h1:XWkRZOLKMjci9/JAtE8X8fWOt7A4u+9mgXSUjc4Wuyo=", - "h1:cCabxnWQ5fX1lS7ZqgUzsvWmKZw9FA7NRxAZ94vcTcc=", - "h1:fjJwsIgh+BJEy8FsSt6HD0rKgA9iDCC+Rkv7IGNdNxc=", - "h1:mDbSNa5y81vhKRLypnhOokr2JpKg9pZsWG5EwJiK3qI=", - "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", - "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", - "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", - "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", - "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", - "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", - "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", - "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", - "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", - "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" - hashes = [ - "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", - "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", - "h1:KN+takGblkyoaNFclDjQavXC/FNz/CkF1UY0nqNCUHY=", - "h1:et7UFgRi/FtALhVrItMeSWc/HPuMnnnkDw7fk18dkDQ=", - "h1:i3HVDAY1s3/9EuPwV5QTBQSr/E/LOxUN3px1sUZGbkA=", - "h1:lIvitiHbzf+j9amFhEXljXncNo3O/8SoVQYQ6O29CSI=", - "h1:nKUqWEza6Lcv3xRlzeiRQrHtqvzX1BhIzjaOVXRYQXQ=", - "h1:obXguGZUWtNAO09f1f9Cb7hsPCOGXuGdN8bn/ohKRBQ=", - "h1:v4DuXoLvBGe0xRT5St53bNICRVbHRUO+m/TreMBCw/U=", - "h1:xtNWHxcFgrYF1TwPSdVloQPPfzsva9lIy+D2avuvelw=", - "h1:zxoDtu918XPWJ/Y6s4aFrZydn6SfqkRc5Ax1ZLnC6Ew=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", - ] -} diff --git a/build/rhea/configuration.nix b/build/rhea/configuration.nix deleted file mode 100644 index e0767241..00000000 --- a/build/rhea/configuration.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - imports = [ - ./hardware-configuration.nix - ./hetzner.nix - ./network.nix - ../common.nix - ]; - - networking = { - hostName = "rhea"; - firewall.allowPing = true; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIY0EGPGfXD1L+YdSJIKUzeFyuUfVW58kMh+mSflEFx1 root@mimas" - ]; - - system.stateVersion = "21.11"; - - systemd.services.hydra-init = { - after = [ "wireguard-wg0.service" ]; - requires = [ "wireguard-wg0.service" ]; - }; - - # hydra-evaluator causes very sharp spikes in RAM usage on trunk-combined - zramSwap.enable = true; - zramSwap.memoryPercent = 150; -} diff --git a/build/rhea/hardware-configuration.nix b/build/rhea/hardware-configuration.nix deleted file mode 100644 index 053076df..00000000 --- a/build/rhea/hardware-configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ - "ahci" - "nvme" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "rpool/safe/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = { - device = "rpool/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/nix/var/nix/db" = { - device = "rpool/local/nix/db"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/var" = { - device = "rpool/local/var"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/073C-DDED"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/build/rhea/hetzner.nix b/build/rhea/hetzner.nix deleted file mode 100644 index d39e4ca6..00000000 --- a/build/rhea/hetzner.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; -} diff --git a/build/rhea/install.md b/build/rhea/install.md deleted file mode 100644 index dfa47400..00000000 --- a/build/rhea/install.md +++ /dev/null @@ -1,311 +0,0 @@ -# Setup - -## Switch to UEFI - -First submit a support ticket asking them to enable UEFI. See: -https://docs.hetzner.com/robot/dedicated-server/operating-systems/uefi/ - -# Correct the NVMe namespace's block size - -Verify the NVMe disks are formatted at the namespace level with 4096 blocks. See -https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Hardware.html#nvme-low-level-formatting - -This disk's LBA is 512: - -```console -root@rescue ~ # smartctl -a /dev/nvme1n1 -smartctl 7.2 2020-12-30 r5155 [x86_64-linux-5.16.5] (local build) -Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org - -=== START OF INFORMATION SECTION === -Model Number: SAMSUNG MZQL23T8HCLS-00A07 -Serial Number: S64HNE0T226681 -Firmware Version: GDC5602Q -PCI Vendor/Subsystem ID: 0x144d -IEEE OUI Identifier: 0x002538 -Total NVM Capacity: 3,840,755,982,336 [3.84 TB] -Unallocated NVM Capacity: 0 -Controller ID: 6 -NVMe Version: 1.4 -Number of Namespaces: 32 -Namespace 1 Size/Capacity: 3,840,755,982,336 [3.84 TB] -Namespace 1 Utilization: 4,309,307,392 [4.30 GB] -Namespace 1 Formatted LBA Size: 512 -Local Time is: Wed Mar 30 03:28:16 2022 CEST -Firmware Updates (0x17): 3 Slots, Slot 1 R/O, no Reset required -Optional Admin Commands (0x005f): Security Format Frmw_DL NS_Mngmt Self_Test MI_Snd/Rec -Optional NVM Commands (0x005f): Comp Wr_Unc DS_Mngmt Wr_Zero Sav/Sel_Feat Timestmp -Log Page Attributes (0x0e): Cmd_Eff_Lg Ext_Get_Lg Telmtry_Lg -Maximum Data Transfer Size: 512 Pages -Warning Comp. Temp. Threshold: 80 Celsius -Critical Comp. Temp. Threshold: 83 Celsius -Namespace 1 Features (0x1a): NA_Fields No_ID_Reuse NP_Fields - -Supported Power States -St Op Max Active Idle RL RT WL WT Ent_Lat Ex_Lat - 0 + 25.00W 14.00W - 0 0 0 0 70 70 - 1 + 8.00W 8.00W - 1 1 1 1 70 70 - -Supported LBA Sizes (NSID 0x1) -Id Fmt Data Metadt Rel_Perf - 0 + 512 0 0 - 1 - 4096 0 0 - -=== START OF SMART DATA SECTION === -SMART overall-health self-assessment test result: PASSED - -SMART/Health Information (NVMe Log 0x02) -Critical Warning: 0x00 -Temperature: 43 Celsius -Available Spare: 100% -Available Spare Threshold: 10% -Percentage Used: 0% -Data Units Read: 187 [95.7 MB] -Data Units Written: 8,423 [4.31 GB] -Host Read Commands: 2,591 -Host Write Commands: 3,438 -Controller Busy Time: 0 -Power Cycles: 5 -Power On Hours: 203 -Unsafe Shutdowns: 0 -Media and Data Integrity Errors: 0 -Error Information Log Entries: 0 -Warning Comp. Temperature Time: 0 -Critical Comp. Temperature Time: 0 -Temperature Sensor 1: 43 Celsius -Temperature Sensor 2: 53 Celsius - -Error Information (NVMe Log 0x01, 16 of 64 entries) -No Errors Logged -``` - -and correctable with: - -```sh -nvme format /dev/nvme0n1 -l 1 -``` - -which yields a corrected formatting: - -```console -root@rescue ~ # smartctl -a /dev/nvme1n1 -smartctl 7.2 2020-12-30 r5155 [x86_64-linux-5.16.5] (local build) -Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org - -=== START OF INFORMATION SECTION === -Model Number: SAMSUNG MZQL23T8HCLS-00A07 -Serial Number: S64HNE0T226681 -Firmware Version: GDC5602Q -PCI Vendor/Subsystem ID: 0x144d -IEEE OUI Identifier: 0x002538 -Total NVM Capacity: 3,840,755,982,336 [3.84 TB] -Unallocated NVM Capacity: 0 -Controller ID: 6 -NVMe Version: 1.4 -Number of Namespaces: 32 -Namespace 1 Size/Capacity: 3,840,755,982,336 [3.84 TB] -Namespace 1 Utilization: 4,309,307,392 [4.30 GB] -Namespace 1 Formatted LBA Size: 512 -Local Time is: Wed Mar 30 03:29:46 2022 CEST -Firmware Updates (0x17): 3 Slots, Slot 1 R/O, no Reset required -Optional Admin Commands (0x005f): Security Format Frmw_DL NS_Mngmt Self_Test MI_Snd/Rec -Optional NVM Commands (0x005f): Comp Wr_Unc DS_Mngmt Wr_Zero Sav/Sel_Feat Timestmp -Log Page Attributes (0x0e): Cmd_Eff_Lg Ext_Get_Lg Telmtry_Lg -Maximum Data Transfer Size: 512 Pages -Warning Comp. Temp. Threshold: 80 Celsius -Critical Comp. Temp. Threshold: 83 Celsius -Namespace 1 Features (0x1a): NA_Fields No_ID_Reuse NP_Fields - -Supported Power States -St Op Max Active Idle RL RT WL WT Ent_Lat Ex_Lat - 0 + 25.00W 14.00W - 0 0 0 0 70 70 - 1 + 8.00W 8.00W - 1 1 1 1 70 70 - -Supported LBA Sizes (NSID 0x1) -Id Fmt Data Metadt Rel_Perf - 0 + 512 0 0 - 1 - 4096 0 0 - -=== START OF SMART DATA SECTION === -SMART overall-health self-assessment test result: PASSED - -SMART/Health Information (NVMe Log 0x02) -Critical Warning: 0x00 -Temperature: 43 Celsius -Available Spare: 100% -Available Spare Threshold: 10% -Percentage Used: 0% -Data Units Read: 187 [95.7 MB] -Data Units Written: 8,423 [4.31 GB] -Host Read Commands: 2,591 -Host Write Commands: 3,438 -Controller Busy Time: 0 -Power Cycles: 5 -Power On Hours: 203 -Unsafe Shutdowns: 0 -Media and Data Integrity Errors: 0 -Error Information Log Entries: 0 -Warning Comp. Temperature Time: 0 -Critical Comp. Temperature Time: 0 -Temperature Sensor 1: 43 Celsius -Temperature Sensor 2: 53 Celsius - -Error Information (NVMe Log 0x01, 16 of 64 entries) -No Errors Logged -``` - -We can now use an ashift of 12 (2^12 = 4096) without a performance penalty. - -## Partitioning - -The following script can be, and was run fully automatically: - -```sh -set -eux - -if ! [ -e /usr/local/sbin/zfs ]; then -echo "installing zfs..." -bash -i -c 'echo y | zfsonlinux_install' -fi - -umount -R /mnt || true - -zpool destroy rpool || true - - -for disk in /dev/nvme0n1 /dev/nvme1n1; do -echo "partitioning $disk..." -index="${disk: -3:1}" -parted -s $disk "mklabel gpt" -parted -a optimal -s $disk "mkpart primary fat32 1m 512m" -parted -a optimal -s $disk "mkpart primary zfs 512m 100%" -parted -s $disk "set 1 esp on" -udevadm settle -mkfs.vfat -n BOOT$index ''${disk}p1 -done - -zpool create -f -o ashift=12 -o autotrim=on \ --O mountpoint=legacy -O atime=off -O compression=on \ -rpool mirror /dev/nvme0n1p2 /dev/nvme1n1p2 - -zfs create rpool/local -zfs create rpool/local/nix -zfs create -o recordsize=4k rpool/local/nix/db -zfs create -o xattr=sa -o acltype=posix rpool/local/var -zfs create rpool/safe -zfs create rpool/safe/root - -mkdir -p /mnt -mount -t zfs rpool/safe/root /mnt - -mkdir -p /mnt/nix -mount -t zfs rpool/local/nix /mnt/nix - -mkdir -p /mnt/nix/var/nix/db -mount -t zfs rpool/local/nix/db /mnt/nix/var/nix/db - -mkdir -p /mnt/var -mount -t zfs rpool/local/var /mnt/var - -mkdir -p /mnt/boot -mount /dev/disk/by-label/BOOT0 /mnt/boot -``` - -## Installing Nix - -Install Nix into the rescue system as root: - -```sh -groupadd -g 30000 nixbld -useradd --system --groups nixbld nixbld1 -useradd --system --groups nixbld nixbld2 -useradd --system --groups nixbld nixbld3 -useradd --system --groups nixbld nixbld4 -useradd --system --groups nixbld nixbld5 -mkdir -m 0755 /nix && chown root /nix -sh <(curl -L https://nixos.org/nix/install) --no-daemon -``` - -## Configure NixOS - -```sh -nix-shell -p nixos-install-tools -I nixpkgs=channel:nixos-21.11 - -nixos-generate-config --root /mnt -``` - -In the `configuration.nix`: - -1. Add `hetzner.nix` to the list of `imports` at the top. -2. Add an authorized key and enable SSH. This will be removed later when it is - imported into NixOps, so it is just for bootstrapping: - -``` -services.openssh.enable = true; -users.users.root.openssh.authorizedKeys.keys = [ "ssh-..." ]; -``` - -### Hardware Configuration Changes - -Edit `hardware-configuration.nix` and change the fileSystems value for -`/nix/var/nix` to make it required for boot: - -```nix -fileSystems."/nix/var/nix/db" = - { device = "rpool/local/nix/db"; - fsType = "zfs"; - neededForBoot = true; - }; -``` - -### Hetzner.nix - -Then create a file, `hetzner.nix`. - -- The all-zeros hostId is fine, though I generated one with - `head -c4 /dev/urandom | od -A none -t x4` -- The `enp7s0` and `MACAddress` value I got from `ip addr` -- The IP addresses and gateways I got from the Robot webpage under the IPs tab, - hovering over the IPv4 and IPv6 addresses. -- Thee DNS resolvers I got from - https://docs.hetzner.com/dns-console/dns/general/recursive-name-servers/ - -```nix -{ - networking.hostId = "00000000"; - networking.useNetworkd = true; - systemd.network.networks."40-enp7s0" = { - matchConfig.MACAddress = "50:eb:f6:22:f0:3a"; - - addresses = [ - { - addressConfig.Address = "5.9.122.43/27"; - } - { - addressConfig.Address = "2a01:4f8:162:71eb::/64"; - } - ]; - routes = [ - { - Gateway = "5.9.122.33"; - } - { - Gateway = "fe80::1"; - } - ]; - - dns = [ - "185.12.64.1" - "185.12.64.2" - "2a01:4ff:ff00::add:1" - "2a01:4ff:ff00::add:2" - ]; - }; -} -``` - -Then run: - -``` -nixos-install -I nixpkgs=channel:nixos-21.11 -``` diff --git a/build/rhea/network.nix b/build/rhea/network.nix deleted file mode 100644 index c9294497..00000000 --- a/build/rhea/network.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - networking.hostId = "9cd372da"; - - systemd.network = { - enable = true; - networks."40-enp7s0" = { - matchConfig = { - MACAddress = "50:eb:f6:22:f0:3a"; - Type = "ether"; - }; - linkConfig.RequiredForOnline = "routable"; - networkConfig.Description = "WAN"; - address = [ - "5.9.122.43/27" - "2a01:4f8:162:71eb::/64" - ]; - routes = [ - { Gateway = "5.9.122.33"; } - { Gateway = "fe80::1"; } - ]; - }; - }; -} diff --git a/build/rhea/terraform.tf b/build/rhea/terraform.tf deleted file mode 100644 index 279cdc7f..00000000 --- a/build/rhea/terraform.tf +++ /dev/null @@ -1,26 +0,0 @@ -terraform { - backend "s3" { - bucket = "nixos-terraform-state" - encrypt = true - key = "targets/rhea" - region = "eu-west-1" - } - - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} - -module "rhea_deploy" { - source = "github.com/numtide/terraform-deploy-nixos-flakes" - - target_host = "5.9.122.43" - target_user = "root" - - flake = path.module - flake_host = "rhea" - - ssh_agent = true -}