centra
5c6eb04a46
- netboot-base.nix with SSH key auth - Launch scripts for node01/02/03 - Node configuration.nix and disko.nix - Nix modules for first-boot automation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
184 lines
5.4 KiB
Nix
184 lines
5.4 KiB
Nix
{ config, pkgs, lib, modulesPath, ... }:
|
|
|
|
{
|
|
imports = [
|
|
"${modulesPath}/installer/netboot/netboot-minimal.nix"
|
|
];
|
|
|
|
# Allow broken packages (ZFS is currently marked as broken)
|
|
nixpkgs.config.allowBroken = true;
|
|
|
|
# ============================================================================
|
|
# NETWORKING CONFIGURATION
|
|
# ============================================================================
|
|
networking = {
|
|
# Use predictable interface names (eth0 instead of enpXsY)
|
|
usePredictableInterfaceNames = false;
|
|
|
|
# Enable DHCP for automatic network configuration
|
|
useDHCP = lib.mkDefault true;
|
|
|
|
# Disable firewall during installation phase
|
|
firewall.enable = false;
|
|
|
|
# Enable IPv6
|
|
enableIPv6 = true;
|
|
};
|
|
|
|
# ============================================================================
|
|
# SSH CONFIGURATION FOR REMOTE PROVISIONING
|
|
# ============================================================================
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
# Allow root login for nixos-anywhere
|
|
PermitRootLogin = "yes";
|
|
|
|
# Disable password authentication (key-based only)
|
|
PasswordAuthentication = false;
|
|
|
|
# Enable public key authentication
|
|
PubkeyAuthentication = true;
|
|
};
|
|
};
|
|
|
|
# Provisioning SSH keys (replace with your actual keys in deployment)
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
# Real provisioning key for T036 VM cluster deployment
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaSw8CP4Si0Cn0WpYMhgdYNvsR3qFO0ZFiRjpGZXd6S centra@cn-nixos-think"
|
|
];
|
|
|
|
# ============================================================================
|
|
# KERNEL CONFIGURATION
|
|
# ============================================================================
|
|
boot = {
|
|
# Use latest kernel for broad hardware support
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
# Kernel parameters for serial console and logging
|
|
kernelParams = [
|
|
"console=ttyS0,115200" # Serial console (ttyS0)
|
|
"console=tty0" # VGA console (tty0)
|
|
"loglevel=4" # Standard log level
|
|
];
|
|
|
|
# Enable common filesystems (ZFS excluded - not needed for installer)
|
|
supportedFilesystems = lib.mkForce [ "ext4" "xfs" "btrfs" ];
|
|
|
|
# Load common storage modules
|
|
initrd.availableKernelModules = [
|
|
# SATA/AHCI
|
|
"ahci"
|
|
"ata_piix"
|
|
|
|
# NVMe
|
|
"nvme"
|
|
|
|
# USB storage
|
|
"usb_storage"
|
|
"usbhid"
|
|
|
|
# SCSI
|
|
"sd_mod"
|
|
"sr_mod"
|
|
|
|
# RAID
|
|
"dm_mod"
|
|
"raid0"
|
|
"raid1"
|
|
"raid10"
|
|
"raid456"
|
|
|
|
# Network cards (for iSCSI/PXE)
|
|
"e1000e"
|
|
"igb"
|
|
"ixgbe"
|
|
"r8169"
|
|
];
|
|
};
|
|
|
|
# ============================================================================
|
|
# SYSTEM PACKAGES FOR PROVISIONING
|
|
# ============================================================================
|
|
environment.systemPackages = with pkgs; [
|
|
# Disk management tools
|
|
disko # Declarative disk partitioning
|
|
parted # Partition editor
|
|
gptfdisk # GPT partition tools (gdisk, sgdisk)
|
|
|
|
# Encryption and volume management
|
|
cryptsetup # LUKS disk encryption
|
|
lvm2 # Logical Volume Manager
|
|
|
|
# Filesystem tools
|
|
e2fsprogs # ext4 utilities
|
|
xfsprogs # XFS utilities
|
|
btrfs-progs # Btrfs utilities
|
|
dosfstools # FAT/VFAT utilities (for EFI)
|
|
|
|
# Network tools
|
|
iproute2 # ip command
|
|
ethtool # Network interface configuration
|
|
tcpdump # Network debugging
|
|
curl # HTTP client
|
|
wget # HTTP client
|
|
|
|
# System tools
|
|
pciutils # lspci for hardware detection
|
|
usbutils # lsusb for USB devices
|
|
smartmontools # Disk SMART monitoring
|
|
hdparm # Disk parameter tool
|
|
|
|
# Debugging tools
|
|
tmux # Terminal multiplexer
|
|
htop # Process monitor
|
|
iotop # I/O monitor
|
|
vim # Text editor
|
|
];
|
|
|
|
# ============================================================================
|
|
# SYSTEM CONFIGURATION
|
|
# ============================================================================
|
|
# Disable documentation to reduce image size
|
|
documentation.enable = false;
|
|
documentation.nixos.enable = false;
|
|
documentation.man.enable = false;
|
|
documentation.info.enable = false;
|
|
documentation.doc.enable = false;
|
|
|
|
# Minimal locale support (en_US only)
|
|
i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
# Set timezone to UTC
|
|
time.timeZone = "UTC";
|
|
|
|
# Enable serial console
|
|
systemd.services."serial-getty@ttyS0" = {
|
|
enable = true;
|
|
wantedBy = [ "getty.target" ];
|
|
};
|
|
|
|
# ============================================================================
|
|
# NIX CONFIGURATION
|
|
# ============================================================================
|
|
nix.settings = {
|
|
# Enable flakes and nix-command
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Configure substituters (add local cache in production)
|
|
substituters = [
|
|
"https://cache.nixos.org"
|
|
];
|
|
|
|
# Trusted public keys
|
|
trusted-public-keys = [
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
];
|
|
};
|
|
|
|
# ============================================================================
|
|
# SYSTEM STATE VERSION
|
|
# ============================================================================
|
|
system.stateVersion = "24.11";
|
|
}
|