diff --git a/flake.lock b/flake.lock index 7593fcd..f2eef87 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "argononed": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -181,6 +197,21 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -476,13 +507,61 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-raspberrypi", + "nixpkgs" + ], + "nixos-unstable": [ + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747747741, + "narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=", + "owner": "nvmd", + "repo": "nixos-images", + "rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "sdimage-installer", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-raspberrypi": { + "inputs": { + "argononed": "argononed", + "flake-compat": "flake-compat_2", + "nixos-images": "nixos-images", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1775857096, + "narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "main", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1776734388, - "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "lastModified": 1775595990, + "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", "type": "github" }, "original": { @@ -524,6 +603,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1757545623, "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", @@ -548,11 +643,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1777222693, - "narHash": "sha256-5AQpEtjSaWfcWfuO8Z4nRgYqJegCa/0lUO2HUVJR4AI=", + "lastModified": 1777295064, + "narHash": "sha256-A+Ooli4ckGyiT+zh10Ybj3nY2ql4QX1p6q6HrKCDvpA=", "ref": "refs/heads/main", - "rev": "dc8344d0af83ba9de5f74a68bee82cdf6364c9a2", - "revCount": 573, + "rev": "adb6c21135c93e0c57517ba90a32dd8f6bf2704d", + "revCount": 578, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, @@ -641,7 +736,8 @@ "nix-filter": "nix-filter", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", + "nixos-raspberrypi": "nixos-raspberrypi", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "nova-shell": "nova-shell", "nur": "nur", @@ -728,7 +824,7 @@ "nix-filter": [ "nix-filter" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1757763091, diff --git a/flake.nix b/flake.nix index 04acd07..5a0fe15 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ }; #keep-sorted start block=yes + flake-parts = { url = "github:hercules-ci/flake-parts"; #inputs.nixpkgs.follows = "nixpkgs"; @@ -37,6 +38,9 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-raspberrypi = { + url = "github:nvmd/nixos-raspberrypi/main"; + }; nova-shell = { url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -99,6 +103,7 @@ niri, nix-vscode-extensions, nixos-generators, + nixos-raspberrypi, nixpkgs-unstable, servicepoint-cli, servicepoint-simulator, @@ -111,6 +116,28 @@ }: let devices = { + # keep-sorted start block=yes + aur0ra = { + system = "aarch64-linux"; + nixosSystem = nixos-raspberrypi.lib.nixosSystem; + }; + aur0ra-installer = { + # build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage + system = "aarch64-linux"; + nixosSystem = nixos-raspberrypi.lib.nixosInstaller; + }; + damocles = { + system = "x86_64-linux"; + }; + epimetheus = { + system = "aarch64-linux"; + }; + forgejo-runner-1 = { + system = "aarch64-linux"; + }; + hetzner-vpn2 = { + system = "aarch64-linux"; + }; muede-lpt2 = { system = "x86_64-linux"; home-manager-users = { @@ -129,18 +156,7 @@ inherit (self.homeConfigurations) ronja; }; }; - hetzner-vpn2 = { - system = "aarch64-linux"; - }; - forgejo-runner-1 = { - system = "aarch64-linux"; - }; - epimetheus = { - system = "aarch64-linux"; - }; - damocles = { - system = "x86_64-linux"; - }; + # keep-sorted end }; inherit (nixpkgs) lib; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; @@ -216,18 +232,19 @@ device, system, home-manager-users ? { }, + nixosSystem ? nixpkgs.lib.nixosSystem }: let specialArgs = inputs // { inherit device home-manager-users; }; in - nixpkgs.lib.nixosSystem { + nixosSystem { inherit specialArgs; modules = [ { imports = [ - ./nixosConfigurations/${device} + ./nixosConfigurations/${device} self.nixosModules.global-settings ] ++ (lib.optionals (home-manager-users != { }) [ @@ -250,22 +267,5 @@ formatting = treefmt-eval.config.build.check self; } ); - - packages = forAllSystems ( - { ... }: - { - nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate { - system = "aarch64-linux"; - format = "proxmox-lxc"; - specialArgs = inputs // { - device = "nixos-aarch64-pxvirt-lxc-template"; - }; - modules = [ - self.nixosModules.global-settings - self.nixosModules.pxvirt-guest - ]; - }; - } - ); }; } diff --git a/nixosConfigurations/aur0ra-installer/default.nix b/nixosConfigurations/aur0ra-installer/default.nix new file mode 100644 index 0000000..5557fae --- /dev/null +++ b/nixosConfigurations/aur0ra-installer/default.nix @@ -0,0 +1,17 @@ +{ + nixos-images, + config, + lib, + modulesPath, + ... +}: +{ + imports = [ + ../aur0ra + # nixos-images.nixosModules.sdimage-installer + ]; + disabledModules = [ + # disable the sd-image module that nixos-images uses + # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") + ]; +} diff --git a/nixosConfigurations/aur0ra/default.nix b/nixosConfigurations/aur0ra/default.nix new file mode 100644 index 0000000..20aa8c3 --- /dev/null +++ b/nixosConfigurations/aur0ra/default.nix @@ -0,0 +1,56 @@ +{ lib, ... }: +{ + imports = [ + ./hardware.nix + ./nice-looking-console.nix + ]; + + users.users.ruth = { + # initialPassword = "setup"; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + ]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" + ]; + }; + nix.settings.trusted-users = [ "ruth" ]; + + # Don't require sudo/root to `reboot` or `poweroff`. + security.polkit.enable = true; + + # Allow passwordless sudo from nixos user + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + services.openssh.enable = true; + + # https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix + + networking.firewall.logRefusedConnections = lib.mkDefault false; + + # Use networkd instead of the pile of shell scripts + # NOTE: SK: is it safe to combine with NetworkManager on desktops? + networking.useNetworkd = lib.mkDefault true; + + # The notion of "online" is a broken concept + # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 + # https://github.com/NixOS/nixpkgs/issues/247608 + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; + + # Do not take down the network for too long when upgrading, + # This also prevents failures of services that are restarted instead of stopped. + # It will use `systemctl restart` rather than stopping it with `systemctl stop` + # followed by a delayed `systemctl start`. + systemd.services.systemd-networkd.stopIfChanged = false; + # Services that are only restarted might be not able to resolve when resolved is stopped before + systemd.services.systemd-resolved.stopIfChanged = false; +} diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix new file mode 100644 index 0000000..8014f41 --- /dev/null +++ b/nixosConfigurations/aur0ra/hardware.nix @@ -0,0 +1,64 @@ +{ nixos-raspberrypi, lib, ... }: +{ + imports = with nixos-raspberrypi.nixosModules; [ + raspberry-pi-5.base + raspberry-pi-5.bluetooth + raspberry-pi-5.page-size-16k + raspberry-pi-5.display-vc4 + ]; + + # No one got time for xz compression. + #isoImage.squashfsCompression = "zstd"; + + boot.loader = { + raspberry-pi.bootloader = "kernel"; + systemd-boot.enable = lib.mkForce false; + #generic-extlinux-compatible.enable = lib.mkForce false; + }; + + /* + fileSystems = { + "/boot/firmware" = { + # TODO + device = "/dev/disk/by-uuid/2175-794E"; + fsType = "vfat"; + options = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + "/" = { + # TODO + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + */ + + hardware.raspberry-pi.config = { + all = { + # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + # Base DTB parameters + # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 + base-dt-params = { + + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie + pciex1 = { + enable = true; + value = "on"; + }; + # PCIe Gen 3.0 + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 + pciex1_gen = { + enable = true; + value = "3"; + }; + + }; + + }; + }; +} diff --git a/nixosConfigurations/aur0ra/nice-looking-console.nix b/nixosConfigurations/aur0ra/nice-looking-console.nix new file mode 100644 index 0000000..847bfc2 --- /dev/null +++ b/nixosConfigurations/aur0ra/nice-looking-console.nix @@ -0,0 +1,32 @@ +# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix +{ lib, pkgs, ... }: +{ + # The following have been borrowed from: + # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84 + + console.earlySetup = true; + # ter-u22n is probably too big + console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz"; + + # Make colored console output more readable + # for example, `ip addr`s (blues are too dark by default) + # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ + console.colors = lib.mkDefault [ + "000000" + "CC0000" + "4E9A06" + "C4A000" + "3465A4" + "75507B" + "06989A" + "D3D7CF" + "555753" + "EF2929" + "8AE234" + "FCE94F" + "739FCF" + "AD7FA8" + "34E2E2" + "EEEEEC" + ]; +} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index 4cdd6f7..75c5439 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, self, ... }: +{ + pkgs, + lib, + self, + ... +}: { imports = [ ./android-dev.nix ]; diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix index 6af372f..8b5431c 100644 --- a/nixosModules/extra-caches.nix +++ b/nixosModules/extra-caches.nix @@ -1,16 +1,22 @@ { nix.settings = { substituters = [ - "https://cache.nixos.org/" - "https://nix-community.cachix.org" + # keep-sorted start "https://cache.lix.systems" + "https://cache.nixos.org/" "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://nixos-raspberrypi.cachix.org" + # keep-sorted end ]; trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + # keep-sorted start "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + # keep-sorted end ]; }; }