Switch from coreos to nixos

1-nixos-node/.terraform.lock.hcl

@@ -0,0 +1,40 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/null" {
+  version     = "3.2.1"
+  constraints = "3.2.1"
+  hashes = [
+    "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
+    "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
+    "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
+    "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
+    "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
+    "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
+    "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
+    "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
+    "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
+    "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
+    "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version     = "2.2.0"
+  constraints = "2.2.0"
+  hashes = [
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}

1-nixos-node/0-install-nixos.md

@@ -0,0 +1,8 @@
+Follow steps at https://nixos.org/manual/nixos/stable/#sec-installation-manual-summary
+
+Ensure that ssh is enabled and the hostname is set
+```
+services.openssh.enable = true;
+services.openssh.settings.PermitRootLogin = "yes";
+networking.hostName = "jaglan-beta-m01";
+```

1-nixos-node/configuration.nix

@@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "jaglan-beta-m01"; # Define your hostname.
+
+  time.timeZone = "Australia/Melbourne";
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  # environment.systemPackages = with pkgs; [
+  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #   wget
+  # ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+  services = {
+    tailscale.enable = true;
+    nomad = {
+      enable = true;
+      enableDocker = true;
+      dropPrivileges = false;
+      settings = {
+        server = {
+          enabled = true;
+          bootstrap_expect = 1;
+        };
+        client = {
+          enabled = true;
+        };
+      };
+    };
+    openssh = {
+      enable = true;
+      settings.PermitRootLogin = "yes";
+    };
+  };
+
+  # Fix issue where nomad needs alloc_mounts to be writable
+  systemd.tmpfiles.rules = [
+    "d /var/lib/alloc_mounts 0755 root root -"
+  ];
+
+  # Open ports in the firewall. 464X are the default ports for Nomad.
+  networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  system.copySystemConfiguration = true;
+
+  # Defines the initial NixOS version for compatibility with older application data.
+  # Do NOT change this value after installation without careful consideration.
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

1-nixos-node/node.tf

@@ -0,0 +1,44 @@
+terraform {
+  required_providers {
+    null = {
+      source = "hashicorp/null"
+      version = "3.2.1"
+    }
+    template = {
+      source = "hashicorp/template"
+      version = "2.2.0"
+    }
+  }
+}
+
+provider "template" {}
+
+variable "ssh_password" {
+  description = "Password for SSH connection"
+  type        = string
+}
+
+resource "null_resource" "deploy_nixos" {
+  connection {
+    type        = "ssh"
+    host        = "jaglan-beta-m01"
+    user        = "root"
+    password    = var.ssh_password
+  }
+
+  provisioner "file" {
+    source      = "configuration.nix"
+    destination = "/tmp/configuration.nix"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "mv /tmp/configuration.nix /etc/nixos/configuration.nix",
+      "nixos-rebuild switch --use-remote-sudo"
+    ]
+  }
+
+  triggers = {
+    configuration_content = file("configuration.nix")
+  }
+}

1-nixos-node/terraform.tfstate

@@ -0,0 +1,28 @@
+{
+  "version": 4,
+  "terraform_version": "1.11.4",
+  "serial": 19,
+  "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
+  "outputs": {},
+  "resources": [
+    {
+      "mode": "managed",
+      "type": "null_resource",
+      "name": "deploy_nixos",
+      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "2789544025373353248",
+            "triggers": {
+              "configuration_content": "{ config, lib, pkgs, ... }:\n{\n  imports =\n    [ # Include the results of the hardware scan.\n      ./hardware-configuration.nix\n    ];\n\n  nixpkgs.config.allowUnfree = true;\n\n  # Use the systemd-boot EFI boot loader.\n  boot.loader.systemd-boot.enable = true;\n  boot.loader.efi.canTouchEfiVariables = true;\n\n  networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n  time.timeZone = \"Australia/Melbourne\";\n\n  # List packages installed in system profile. To search, run:\n  # $ nix search wget\n  # environment.systemPackages = with pkgs; [\n  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n  #   wget\n  # ];\n\n  # Some programs need SUID wrappers, can be configured further or are\n  # started in user sessions.\n  # programs.mtr.enable = true;\n  # programs.gnupg.agent = {\n  #   enable = true;\n  #   enableSSHSupport = true;\n  # };\n\n  # List services that you want to enable:\n  services = {\n    tailscale.enable = true;\n    nomad = {\n      enable = true;\n      enableDocker = true;\n      dropPrivileges = false;\n      settings = {\n        server = {\n          enabled = true;\n          bootstrap_expect = 1;\n        };\n        client = {\n          enabled = true;\n        };\n      };\n    };\n    openssh = {\n      enable = true;\n      settings.PermitRootLogin = \"yes\";\n    };\n  };\n\n  # Fix issue where nomad needs alloc_mounts to be writable\n  systemd.tmpfiles.rules = [\n    \"d /var/lib/alloc_mounts 0755 root root -\"\n  ];\n\n  # Open ports in the firewall. 464X are the default ports for Nomad.\n  networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n  # Copy the NixOS configuration file and link it from the resulting system\n  # (/run/current-system/configuration.nix). This is useful in case you\n  # accidentally delete configuration.nix.\n  system.copySystemConfiguration = true;\n\n  # Defines the initial NixOS version for compatibility with older application data.\n  # Do NOT change this value after installation without careful consideration.\n  system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+            }
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    }
+  ],
+  "check_results": null
+}

1-nixos-node/terraform.tfstate.backup

@@ -0,0 +1,28 @@
+{
+  "version": 4,
+  "terraform_version": "1.11.4",
+  "serial": 16,
+  "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
+  "outputs": {},
+  "resources": [
+    {
+      "mode": "managed",
+      "type": "null_resource",
+      "name": "deploy_nixos",
+      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "3103386327037898205",
+            "triggers": {
+              "configuration_content": "{ config, lib, pkgs, ... }:\n{\n  imports =\n    [ # Include the results of the hardware scan.\n      ./hardware-configuration.nix\n    ];\n\n  nixpkgs.config.allowUnfree = true;\n\n  # Use the systemd-boot EFI boot loader.\n  boot.loader.systemd-boot.enable = true;\n  boot.loader.efi.canTouchEfiVariables = true;\n\n  networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n  time.timeZone = \"Australia/Melbourne\";\n\n  # List packages installed in system profile. To search, run:\n  # $ nix search wget\n  # environment.systemPackages = with pkgs; [\n  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n  #   wget\n  # ];\n\n  # Some programs need SUID wrappers, can be configured further or are\n  # started in user sessions.\n  # programs.mtr.enable = true;\n  # programs.gnupg.agent = {\n  #   enable = true;\n  #   enableSSHSupport = true;\n  # };\n\n  # List services that you want to enable:\n\n  services.tailscale.enable = true;\n  services.nomad = {\n    enable = true;\n    enableDocker = true;\n    dropPrivileges = false;\n    settings = {\n      server = {\n        enabled = true;\n        bootstrap_expect = 1;\n      };\n      client = {\n        enabled = true;\n      };\n    };\n  };\n  # Fix issue where nomad needs alloc_mounts to be writable\n  systemd.tmpfiles.rules = [\n    \"d /var/lib/alloc_mounts 0755 root root -\"\n  ];\n\n  # Enable the OpenSSH daemon.\n  services.openssh.enable = true;\n  services.openssh.settings.PermitRootLogin = \"yes\";\n\n  # Open ports in the firewall. 464X are the default ports for Nomad.\n  networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n  # Copy the NixOS configuration file and link it from the resulting system\n  # (/run/current-system/configuration.nix). This is useful in case you\n  # accidentally delete configuration.nix.\n  system.copySystemConfiguration = true;\n\n  # Defines the initial NixOS version for compatibility with older application data.\n  # Do NOT change this value after installation without careful consideration.\n  system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+            }
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    }
+  ],
+  "check_results": null
+}