hetzner_benchmark: init (#21)

Reviewed-on: https://codeberg.org/leana8959/.files/pulls/21
Co-authored-by: Léana 江 <leana.jiang+git@icloud.com>
Co-committed-by: Léana 江 <leana.jiang+git@icloud.com>

README.md

@@ -53,6 +53,30 @@ The `(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")` allows this.
 
 - profit
 
+## Hetzner, nixos-anywhere
+References:
+- <https://github.com/nix-community/nixos-anywhere/blob/main/docs/quickstart.md>
+- <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
+
+I haven't figured out how to use raid on this machine, as it failed half-way
+through the installer when I used the raid configuration.
+
+### Pitfalls
+- nixos-anywhere will wipe the disk, even if you use the flag `--generate-hardware-config`.
+
+- The command is quite long and isn't non-flake friendly.
+  Note that the diskoScript has to come before toplevel derivation.
+  Read more on the order <https://github.com/nix-community/nixos-anywhere/issues/597>.
+  ```fish
+  nixos-anywhere \
+      --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
+      -i <ssh_identity> \
+      --store-paths $(nix-build --no-out-link \
+          -A nixosConfigurations.hetzner_benchmark.config.system.build.diskoScript \
+          -A nixosConfigurations.hetzner_benchmark.config.system.build.toplevel) \
+      <user>@<host>
+  ```
+
 # Pitfalls
 ## `users.mutableUsers`
 NEVER set this to true without declaratively setting the passwords.

default.nix

@@ -21,6 +21,12 @@
           system = "x86_64-linux";
           modules = [ ./nix/configurations/installer.nix ];
         };
+
+        # Not mine, rented on hetzner
+        hetzner_benchmark = {
+          system = "x86_64-linux";
+          modules = [ ./nix/configurations/hetzner_benchmark.nix ];
+        };
       };
 
   packages = import ./nix/packages { inherit sources; };

nix/configurations/hetzner_benchmark.nix

@@ -0,0 +1,111 @@
+# The hetzner machine rented to benchmark the cabal comment parser
+let
+  sources = import ../../npins;
+
+  hostname = "hetzner_benchmark";
+  username = "leana";
+in
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib.modules) mkAliasOptionModule;
+in
+{
+  imports = [
+    #
+    # Shorthands
+    #
+    (mkAliasOptionModule [ "me" ] [ "users" "users" username ])
+    (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ])
+
+    #
+    # hostname
+    #
+    { _module.args = { inherit hostname; }; }
+
+    #
+    # nixpkgs
+    #
+    {
+      nixpkgs = {
+        overlays = map import [
+          ../packages/overlay.nix
+
+          # use lix everywhere and wrap it with nom
+          ../overlays/lix.nix
+          ../overlays/nix-monitored.nix
+        ];
+
+        # Set NIX_PATH and flake registry at the same time
+        # https://github.com/NixOS/nixpkgs/pull/254405
+        flake.source = sources.nixpkgs;
+      };
+
+      nix.package = pkgs.nix-monitored;
+
+      system.nixos.version = lib.substring 0 8 sources.nixpkgs.revision;
+    }
+
+    ./hetzner_benchmark/nixos/hardware-configuration.nix
+    ./hetzner_benchmark/nixos/misc.nix
+
+    ../nixosModules/common/fish.nix
+    ../nixosModules/common/disable-command-not-found.nix
+    ../nixosModules/common/network.nix
+    ../nixosModules/common/sudo-conf.nix
+    ../nixosModules/common/system-nixconf.nix
+
+    ../nixosModules/extra/leana.nix
+
+    #
+    # Extern modules
+    #
+    (sources.disko + "/module.nix")
+    ../disko/hetzner_benchmark/ext4.nix
+
+    #
+    # home-manager
+    #
+    (sources.home-manager + "/nixos")
+    {
+      home-manager = {
+        useGlobalPkgs = true;
+        useUserPackages = true;
+        sharedModules = [ { home.stateVersion = lib.mkDefault config.system.stateVersion; } ];
+      };
+
+      hm.imports = [
+        #
+        # hostname
+        #
+        { _module.args = { inherit hostname; }; }
+
+        #
+        # home modules
+        #
+        ./hetzner_benchmark/home/programs.nix
+        ./hetzner_benchmark/home/dev.nix
+
+        ../homeModules/common/btop
+        ../homeModules/common/fish
+        ../homeModules/common/starship
+        ../homeModules/common/fzf.nix
+        ../homeModules/common/tmux
+        ../homeModules/common/vim
+        ../homeModules/common/direnv.nix
+        ../homeModules/common/git.nix
+        ../homeModules/common/gpg.nix
+        ../homeModules/common/leana.nix
+        ../homeModules/common/locale.nix
+        ../homeModules/common/packages.nix
+        ../homeModules/common/tealdeer.nix
+
+        ../homeModules/extra/tmux-fish-integration.nix
+      ];
+    }
+  ];
+}

nix/configurations/hetzner_benchmark/home/dev.nix

@@ -0,0 +1,23 @@
+{
+  programs.git = {
+    enable = true;
+    signing.signByDefault = false; # no need to setup the key
+  };
+
+  programs.gpg.enable = true;
+
+  nix = {
+    settings = {
+      extra-substituters = [
+        "https://ghc-nix.cachix.org"
+        "https://haskell-language-server.cachix.org"
+        "https://cache.iog.io"
+      ];
+      extra-trusted-public-keys = [
+        "ghc-nix.cachix.org-1:ziC/I4BPqeA4VbtOFpFpu6D1t6ymFvRWke/lc2+qjcg="
+        "haskell-language-server.cachix.org-1:juFfHrwkOxqIOZShtC4YC1uT1bBcq2RSvC7OMKx0Nz8="
+        "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
+      ];
+    };
+  };
+}

nix/configurations/hetzner_benchmark/home/programs.nix

@@ -0,0 +1,54 @@
+# TODO: remove some packages for this machine
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  home.sessionVariables =
+    let
+      fishCfg = config.programs.fish;
+    in
+    {
+      "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package);
+    };
+
+  home.packages = [
+    pkgs.stow
+    pkgs.zip
+    pkgs.unzip
+    pkgs.gnutar
+    pkgs.p7zip
+    pkgs.bc
+    pkgs.dig
+    pkgs.hutils
+
+    # pretty tui tools
+    pkgs.du-dust
+    pkgs.tokei
+    pkgs.hyperfine
+    pkgs.watchexec
+    pkgs.onefetch
+    pkgs.just
+  ];
+
+  programs = {
+    neovim = {
+      enable = true;
+      defaultEditor = true;
+    };
+    lazygit.enable = true;
+    fish.enable = true;
+    starship.enable = true;
+    tmux.enable = true;
+    direnv.enable = true;
+    ripgrep.enable = true;
+
+    btop.enable = true;
+  };
+
+  services = {
+    gpg-agent.enable = true;
+  };
+}

nix/configurations/hetzner_benchmark/nixos/hardware-configuration.nix

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nix/configurations/hetzner_benchmark/nixos/misc.nix

@@ -0,0 +1,13 @@
+{
+  boot.loader.grub.enable = true;
+
+  services.openssh.enable = true;
+
+  users.users = {
+    "root".openssh.authorizedKeys.keys = import ../../../identities.nix ++ [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFza3UN1gWQqh//FkJBzmssQ4lxHdllQGfqPHzG4LQI8 benchmark-machine"
+    ];
+  };
+
+  system.stateVersion = "25.05";
+}

nix/disko/hetzner_benchmark/ext4.nix

@@ -0,0 +1,37 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme1n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+              priority = 1;
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

nix/disko/hetzner_benchmark/raid.nix

@@ -0,0 +1,93 @@
+# I can't get this working for now :(
+# Only nvme1n1 is detected in the installer environment
+{
+  disko.devices = {
+    disk = {
+      one = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            BOOT = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "mdraid";
+                name = "boot";
+              };
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid1";
+              };
+            };
+          };
+        };
+      };
+      two = {
+        type = "disk";
+        device = "/dev/nvme1n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "mdraid";
+                name = "boot";
+              };
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid1";
+              };
+            };
+          };
+        };
+      };
+    };
+
+    mdadm = {
+      boot = {
+        type = "mdadm";
+        level = 1;
+        metadata = "1.0";
+        content = {
+          type = "filesystem";
+          format = "vfat";
+          mountpoint = "/boot";
+          mountOptions = [ "umask=0077" ];
+        };
+      };
+      raid1 = {
+        type = "mdadm";
+        level = 1;
+        content = {
+          type = "gpt";
+          partitions.primary = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}

shell.nix

@@ -17,7 +17,8 @@ pkgs.mkShell {
       just
       jq
       npins
-      disko
+      nixos-anywhere # comes from nixpkgs
+      disko # comes from disko flake
     ]
     ++ lib.optionals withGHC [
       (haskellPackages.ghcWithPackages (self: [