Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Macs on Linux #84

Merged
merged 18 commits into from Apr 26, 2019
Merged

Macs on Linux #84

merged 18 commits into from Apr 26, 2019

Conversation

grahamc
Copy link
Member

@grahamc grahamc commented Apr 26, 2019

Upstreaming a too-long separated out part of the infrastructure definition: the macOS VMs on NixOS, on Apple Mac Mini hardware.

A few things to note here:

  • I checked in about 10mb of files which I'm not sure have a better place to go -- willing to move them and fetch them if you have suggestions.
  • "monitorama" is an nginx proxy to talk to all the backend macs, and is going to go away once Eris and Chef speak wireguard
  • Speaking of wireguard, modules/wireguard.nix is quite new in master -- it is imported with a hostname parameter, and generates a wireguard configuration with all the peers in the network configured. Wireguard is using 10.254.0.0/16 with 10.254.1.1 as the bastion and 10.254.2.0/24 reserved for macOS hardware.

Intake on a new wireguard module looks like adding a new entry to https://github.com/NixOS/nixos-org-configurations/compare/master...grahamc:macs-on-linux?expand=1#diff-734f5dc96ba41a65038635dcfa9c951aR6

First an entry is added with an IP but no public key, then that machine is deployed to. Then the public key is fetched from sudo wg on that machine, and it is added back to the configuration.

Take a look, and if you like it I'll deploy it to chef too.

zimbatm
zimbatm approved these changes Apr 26, 2019
View reviewed changes
bastion/network.nix Outdated Show resolved Hide resolved
delft/network.nix Show resolved Hide resolved
delft/network.nix Outdated Show resolved Hide resolved
macs/README.md Outdated
parted /dev/sda -- set 3 boot on
```

2. Create a zpool with `/dev/sda` and mount it:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Create a zpool with `/dev/sda` and mount it:
2. Create a zpool with `/dev/sda1` and mount it:

macs/README.md Show resolved Hide resolved
macs/guest/apply.sh
export HOME=~root
export ALLOW_PREEXISTING_INSTALLATION=1
env
curl https://nixos.org/releases/nix/nix-2.1.3/install > ~nixos/install-nix
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like the nix version should be configurable somewhere central so we can update all of the fleet easily

macs/guest/apply.sh

sudo -i -H -u nixos -- nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs
sudo -i -H -u nixos -- nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
sudo -i -H -u nixos -- nix-channel --update
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are all those channels being used? nixpkgs is quite big to download nowadays

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, I'm not sure if it is critical we have them for root and the user. This would be a good thing to figure out :)

@grahamc grahamc merged commit 87343f6 into NixOS:master Apr 26, 2019
@grahamc grahamc deleted the macs-on-linux branch April 26, 2019 12:41
@grahamc grahamc restored the macs-on-linux branch April 27, 2019 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimbatm zimbatm zimbatm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@grahamc @zimbatm @edolstra