Add server template for Thinkcentre

Author: diamondburned

.gitignore

@@ -1,10 +1,11 @@
-.terraform
-*.tfvars
-*.qcow2
-output
-result
-results
-/servers/exp*
+.terraform
+*.tfvars
+*.qcow2
+*.raw
+output
+result
+results
+/servers/exp*
 .envrc
 .venv
 .nixos-test-history

flake.lock

@@ -11,6 +11,15 @@
 
     nix-npm-buildpackage.url = "github:serokell/nix-npm-buildpackage";
     nix-npm-buildpackage.inputs.nixpkgs.follows = "nixpkgs";
+
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+
+    nixos-hardware.url = "github:nixos/nixos-hardware";
+    nixos-hardware.inputs.nixpkgs.follows = "nixpkgs";
+
+    nixos-generators.url = "github:nix-community/nixos-generators";
+    nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs =
@@ -27,6 +36,13 @@
       nixosConfigurations = {
         # TODO: rename cirno to 'front-ec2' or something
         cirno = self.lib.nixosSystem ./servers/cirno/configuration.nix;
+        cs306-thinkcentre-1 = self.lib.nixosSystem ./servers/cs306-thinkcentre-1/configuration.nix;
+
+        # Machine templates. Use this to bootstrap new servers.
+        #
+        # These templates never rely on any secrets, so a fresh git clone and a
+        # rebuild with .#templates.NAME is enough to get them running.
+        template-thinkcentre = self.lib.nixosSystem ./templates/thinkcentre.nix;
       };
 
       nixosModules = import ./modules/_all.nix;
@@ -110,6 +126,8 @@
             gomod2nix
             waypipe
             expect
+            disko
+            nixos-generate
 
             # editor tools.
             yamllint

flake.nix

@@ -5,6 +5,7 @@ nixpkgs.lib.composeManyExtensions [
   (inputs.nix-npm-buildpackage.overlays.default)
   (self: super: {
     poetry2nix = import inputs.poetry2nix { pkgs = super; };
+    nixos-generate = inputs.nixos-generators.packages.${super.system}.nixos-generate;
   })
   (self: super: {
     buildDenoPackage = self.callPackage ./packaging/deno.nix { };

nix/overlays.nix

@@ -16,7 +16,9 @@
   ];
 
   services.journald = {
-    enableHttpGateway = false;
+    gateway = {
+      enable = false;
+    };
     extraConfig = ''
       Compress=true
       SystemMaxUse=50M

servers/base.nix

@@ -0,0 +1,137 @@
+# Usage:
+#
+#   $ nix build .#nixosConfigurations.template-thinkcentre.config.system.build.diskoImagesScript
+#   $ sudo ./result --build-memory 2048
+#
+# Reference:
+#
+#   - https://github.com/nix-community/disko/blob/master/lib/make-disk-image.nix
+#
+{ inputs, ... }:
+
+let
+  # Change me if needed.
+  diskPath = "/dev/sda";
+in
+
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+    inputs.nixos-hardware.nixosModules.common-cpu-intel-cpu-only
+  ];
+
+  nixpkgs.system = "x86_64-linux";
+
+  system.stateVersion = "24.11";
+
+  networking = {
+    hostName = "thinkcentre-newly-provisioned";
+    networkmanager.enable = true;
+  };
+
+  services.openssh = {
+    # Allow SSH access to freshly provisioned machines.
+    enable = true;
+    # Completely disable password authentication.
+    # To SSH, use the shared SSH key in secrets.
+    settings.PasswordAuthentication = false;
+  };
+
+  boot = {
+    kernelParams = [
+      "console=tty0"
+    ];
+    kernelModules = [
+      "kvm-intel"
+    ];
+    supportedFilesystems = [
+      "btrfs"
+    ];
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "uas"
+      ];
+      kernelModules = [
+        "dm-snapshot"
+      ];
+      systemd = {
+        enable = true;
+        # Enable repart, which allows the system to grow the root partition
+        # before it finishes booting. This lets us flash the image onto a real
+        # disk and have it automatically resize!
+        repart.enable = true;
+      };
+    };
+    loader.grub = {
+      device = diskPath;
+      efiSupport = false;
+      timeoutStyle = "hidden";
+    };
+  };
+
+  disko.devices.disk = {
+    main = {
+      type = "disk";
+      device = diskPath;
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            size = "1M";
+            type = "EF02"; # for GRUB MBR (hybrid EFI/BIOS boot)
+          };
+          # boot = {
+          #   size = "512M";
+          #   type = "EF00"; # for EFI boot
+          #   content = {
+          #     type = "filesystem";
+          #     format = "vfat";
+          #     mountpoint = "/boot";
+          #     mountOptions = [
+          #       "defaults"
+          #     ];
+          #   };
+          # };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+              subvolumes = {
+                "/rootfs" = {
+                  mountpoint = "/";
+                };
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/swap" = {
+                  mountpoint = "/swap";
+                  # Sane default but can be changed
+                  # later per-system if needed.
+                  swap.swapfile.size = "8G";
+                };
+              };
+            };
+          };
+        };
+      };
+      # This is specifically for building disko images, which are used just for
+      # provisioning a new drive directly. See:
+      # https://github.com/nix-community/disko/blob/master/docs/disko-images.md
+      imageName = "servertemplate-thinkcentre";
+      imageSize = "25G";
+    };
+  };
+}