Add ansible configuration of odroid nix files (#56)

iancleary · Feb 18, 2024 · 9c4ec76 · 9c4ec76
1 parent 42393ad
commit 9c4ec76
Show file tree

Hide file tree

Showing 16 changed files with 391 additions and 311 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,10 +1,11 @@
 ---
 repos:
-- repo: "https://github.com/pre-commit/pre-commit-hooks"
-  rev: "v4.5.0"
-  hooks:
-  - id: "check-merge-conflict"
-  - id: "check-yaml"
-  - id: "end-of-file-fixer"
-  - id: "mixed-line-ending"
-  - id: "trailing-whitespace"
+  - repo: "https://github.com/pre-commit/pre-commit-hooks"
+    rev: "v4.5.0"
+    hooks:
+      - id: "check-merge-conflict"
+      - id: "check-yaml"
+      - id: "end-of-file-fixer"
+        exclude: "flake.nix"
+      - id: "mixed-line-ending"
+      - id: "trailing-whitespace"
diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
@@ -1,4 +1,7 @@
 ---
+iancleary_odroid_user_password: "{{ vault_iancleary_odroid_user_password }}"
+odroid_nextcloud_pgsql_password: "{{ vault_odroid_nextcloud_pgsql_password }}"
+
 iancleary_dns_user_password: "{{ vault_iancleary_dns_user_password }}"
 iancleary_raspberrypi_user_password: "{{ vault_iancleary_raspberrypi_user_password }}"
 pi_user_password: "{{ vault_pi_user_password }}"

diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml
@@ -1,38 +1,45 @@
 $ANSIBLE_VAULT;1.1;AES256
-31383139376630393739393237326539386663373432616461373761333134643231643162356532
-3037616632323233333863383464303863396438316364360a653636396234383433333037323230
-35396163626266363662333330313536313565666436353862636233333061353936343666316665
-3163346263396336340a666563646238316631326539313639656136653435613130333634346333
-34386133653238373764303333653133306461626533663662323135623037383130396162663365
-61316462366334663863316162376633306164326665353831623237613366616532356234323431
-61336332346536623538643663303339643236656462346465353965626537653033306634613764
-37653965346135666434316563653663613532393262643232313134376238636663356431366363
-38646265303435626131623566383337386461646134363536643231646638343235623430336539
-36633933613137653730313737633933636232633136656236306361643161353864613166623137
-36303665333763653562313338383232323034373138616162333133633865366664613330376364
-66393933393037613634343931303835666461306232373234333739316231346635636634323832
-65663635633664343530383436643339303736613761303862393836643261626463343134663234
-35643464363637343161623666363366373366663135633061373037666665326266623039623936
-30343565363430393130386134663137373430656333613465376234366439343766316664303132
-65373531336664653132393465326432396462313465636337613864663065376137306163383932
-38313462356637653738323666323538373366366637306231353036326265613230366534306137
-35633362663636303564306661613834656237666237653739643238393565306366356562363434
-36346138363338393665653634633965653732333766363333613465343833626336663237306433
-61326334306334653534343536323437316464313135646666663966366361376164313663396263
-31646634623834656530336432356434363630373764323365633963306633613963626238383332
-61653039663139616566313262616662363361366632626235323864306331373464333039343833
-38626335356631633739643532623934333463636234653736346436636537623365396434376536
-66323463353034366162653830323736303832356161363534656564313936646364663661616232
-66653930663162333766303635326337333638336661343062346239623266633765656364633435
-62363262376261333866356239393435323637393030636365363962386165383363636532633537
-33313731316231363535303639393630653234643162376639626630616537333639376564353861
-30306364643138343830313438643038343636366335656632623133663838653137386364303261
-39333636323032376166373235666365656563626536313431636138323262643533363361623938
-30376162643139636232623564366230636631623766663266306339376433376461643436653435
-61373162383565386533303964326161343364386365343132666633616533373365636636363835
-37316137363134373034323233313635313265613763393733373761663130623264656637613264
-65613834343833363737653064313062663335616532633837333039323237636637653261313033
-65646530363234633362626233303533363530396262616561396136356336636235326334333263
-62376637306431613639306338653435363362653765346633386239626162373038616362613761
-36336662393837656161623363656630613232623163613962616632366431633036363037323531
-38643030366264376665356539613266633966393831356162326631613964363430
+66643736323264663038396534623866396663363837646332356430343933346338346138646637
+3364393636613033313934363064613431353632376638610a323762313630323661613130616665
+36326361373962396263363232303964333339616462653561353966613066386365333163306665
+3931346662653931340a323536316462303365636165663534613831383263373964366166353737
+63346539333665393930623061356162393264386162313634633233323037313333373737633164
+63623061613637376435666330633738313964366333663236356266333937323061633837353161
+33666133306662343937343937383335346237633338373637613463653138663839383437666635
+39613161363761306262346134616662306363653862366565386635396165353530393535613332
+65643162653337363365613033653136663837623465316330633536613037396436393336663238
+64343431353463336637336530653735373334343036623037663666386438613062306266343463
+65303665353338646462663135613236643064393933333131313636356530623434633235653136
+64303432343063643939353336663239666361636163623833323131623666616439303764613562
+30346233643234663532646139653934383339623165363565363734376535366532623236393165
+31663438623834323339373330336165333831626434646532666661383437363939613534353739
+61646239323130356136653963353333633763646531333066303235666664343139323664333732
+39633638653932373161386537363238616230623838353030373934383035653333336530323030
+61316665633162613062653265333732613134366133313135623535613431626635333130306130
+32303064316138616539393766353261396131353166623938386365653330663261303231386638
+64363166356532333430616264323766386466613262303033616664623638376366396333643639
+39363434303935393631316134356635623864613062623663346464303466343839613362323333
+37643864643737333066613139343439386634636562346362303764376535653234336364306338
+66653635353735333462363038306562373534383264663933633261396332313132646264323964
+66386439356237633066373636646666376437656534353630383932653332386236666263313735
+31626263623638356137613339303536656563323065613439353966653331336337613532653834
+32383234386664383462643866653461343865663432326565626562646136363335363238633133
+64663262326531653062373035356562343636343032303431373364643530323338386234376566
+32323362613432323862353163383730313166396266386561613764376561336239303837306135
+38366230663963623734303561333665323134643030323066333366353464653062396532366632
+33653265653136326136653633616263373230636435356663663066653663343864633965383433
+64663662656130333932666566386261653232393534346534353631383562396364643834326331
+36353663663136643337376330626332313762373735666662666334663463393862356138383335
+39336236396430363232623463623864336233313366316638373765666561366232643261313832
+33353963353834356463376434653065646162633664643338653461636539346331626431396564
+66623363393063373166363165613763323561373530646264656636373564316634333532303331
+34316466663331653338343866653832346438313830643961656239656536303730343330663733
+63656231653433326332323361303661623734313836396532353133303138626465376636653463
+33366566653535656436363964303139656265653964316666633735323063356634353061366436
+37333238313438363537383865353537336665336235353931363538303536326631326532373437
+66333935626362623834366364303562393235343430626336306530313463643730663266373765
+35613731666434306562343536616438343536356164616139363764373839633438303330326137
+34626236326634393166366331646238653134363036326432623839616630663261636536636637
+63326537363538316165313735326633653131653564656235333135376466623130356135313132
+34346232643633353433376166333038613138336362393631333634313137396334643666626335
+36656637356332613631
diff --git a/ansible/inventory b/ansible/inventory
@@ -6,3 +6,6 @@
 
 [raspberrypi]
 192.168.1.187
+
+[odroid1]
+odroid1.tail2500d.ts.net
diff --git a/ansible/justfile b/ansible/justfile
@@ -6,6 +6,10 @@ now := `date +"%Y-%m-%d_%H.%M.%S"`
 hostname := `uname -n`
 
 
+# Run ansible playbook_odroid.yml
+odroid:
+    ansible-playbook playbook_odroid.yml --ask-vault-pass
+
 # Run ansible playbook_github_users.yml
 keyrotate:
     ansible-playbook playbook_github_users.yml --ask-vault-pass

diff --git a/ansible/playbook_odroid.yml b/ansible/playbook_odroid.yml
@@ -0,0 +1,11 @@
+---
+- name: Update Odroid Server
+  hosts: odroid1
+  remote_user: iancleary
+  roles:
+    - {
+        role: setup-odroid,
+        become: true,
+        tags: ["setup"],
+        ansible_become_password: "{{ iancleary_odroid_user_password }}",
+      }
diff --git a/ansible/playbook_upgrade.yml b/ansible/playbook_upgrade.yml
diff --git a/ansible/roles/setup-odroid/tasks/main.yml b/ansible/roles/setup-odroid/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+- name: Create directories, if it does not exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  become: true
+  with_items:
+    - "/etc/nixos/modules"
+    - "/etc/nixos/secrets"
+
+- name: Template nix configuration files
+  become: true
+  ansible.builtin.template:
+    src: "{{ item.src}}"
+    dest: "{{ item.dest }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - src: "configuration.nix"
+      dest: "/etc/nixos/configuration.nix"
+    - src: "hardware-configuration.nix"
+      dest: "/etc/nixos/hardware-configuration.nix"
+  register: configuration
+
+- name: Template nix modules
+  become: true
+  ansible.builtin.template:
+    src: "modules/{{ item.src }}"
+    dest: "/etc/nixos/modules/{{ item.dest }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - src: "nextcloud.nix"
+      dest: "nextcloud.nix"
+    - src: "podman.nix"
+      dest: "podman.nix"
+  register: modules
+
+- name: Template nix secrets
+  become: true
+  ansible.builtin.template:
+    src: "secrets/{{ item.src }}"
+    dest: "/etc/nixos/secrets/{{ item.dest }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - src: "nextcloud-pgsql.secret.j2"
+      dest: "nextcloud-pgsql.secret"
+  register: secrets
+
+- name: Run nixos-rebuild
+  become: true
+  ansible.builtin.command: nixos-rebuild switch
+  when: configuration.changed or modules.changed or secrets.changed
+  register: rebuild
diff --git a/ansible/roles/setup-odroid/templates/configuration.nix b/ansible/roles/setup-odroid/templates/configuration.nix
@@ -0,0 +1,134 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./modules/nextcloud.nix
+      ./modules/podman.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Latest kernel for ZFS
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+  networking.hostName = "odroid1"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  networking.hostId = "8425e349";
+
+  # Set your time zone.
+  # time.timeZone = "Europe/Amsterdam";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkb.options in tty.
+  # };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+
+  # Enable the GNOME Desktop Environment.
+  # services.xserver.displayManager.gdm.enable = true;
+  # services.xserver.desktopManager.gnome.enable = true;
+
+
+  # Configure keymap in X11
+  # services.xserver.xkb.layout = "us";
+  # services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # don't allow mutation of users outside of config
+  users.mutableUsers = false;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.iancleary = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager"]; # Enable ‘sudo’ for the user.
+    # initialPassword = "password";
+    initialHashedPassword = "$y$j9T$Ov2T/rXjvlEr48/5akCcx0$xOvKr97FRq9TLPLVKhEC7rtF7sfvOwpeL2/DC4a2vO1";
+  };
+
+  # HELLO FROM ANSIBLE
+
+  # packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #   wget
+  # firefox
+    python310 # for ansible configuration
+  ];
+
+  services.tailscale.enable = true;
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}
diff --git a/ansible/roles/setup-odroid/templates/hardware-configuration.nix b/ansible/roles/setup-odroid/templates/hardware-configuration.nix
@@ -0,0 +1,53 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/safe/system/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/979B-0F62";
+      fsType = "vfat";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "rpool/safe/system/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home/iancleary" =
+    { device = "rpool/safe/home/iancleary";
+      fsType = "zfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}