vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip add aur0ra

Browse source
This commit is contained in:
müde 2026-04-26 19:07:12 +02:00
parent 96239eef49
commit 1366030c9b
8 changed files with 321 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

114
flake.lock generated
View file

@ -1,5 +1,21 @@
{ {
"nodes": { "nodes": {
"argononed": {
"flake": false,
"locked": {
"lastModified": 1729566243,
"narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=",
"owner": "nvmd",
"repo": "argononed",
"rev": "16dbee54d49b66d5654d228d1061246b440ef7cf",
"type": "github"
},
"original": {
"owner": "nvmd",
"repo": "argononed",
"type": "github"
}
},
"base16": { "base16": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
@ -181,6 +197,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
@ -476,13 +507,61 @@
"type": "github" "type": "github"
} }
}, },
"nixos-images": {
"inputs": {
"nixos-stable": [
"nixos-raspberrypi",
"nixpkgs"
],
"nixos-unstable": [
"nixos-raspberrypi",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747747741,
"narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=",
"owner": "nvmd",
"repo": "nixos-images",
"rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "sdimage-installer",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-raspberrypi": {
"inputs": {
"argononed": "argononed",
"flake-compat": "flake-compat_2",
"nixos-images": "nixos-images",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1775857096,
"narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=",
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "main",
"repo": "nixos-raspberrypi",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1776734388, "lastModified": 1775595990,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -524,6 +603,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1776734388,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1757545623, "lastModified": 1757545623,
"narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=",
@ -548,11 +643,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1777222693, "lastModified": 1777295064,
"narHash": "sha256-5AQpEtjSaWfcWfuO8Z4nRgYqJegCa/0lUO2HUVJR4AI=", "narHash": "sha256-A+Ooli4ckGyiT+zh10Ybj3nY2ql4QX1p6q6HrKCDvpA=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "dc8344d0af83ba9de5f74a68bee82cdf6364c9a2", "rev": "adb6c21135c93e0c57517ba90a32dd8f6bf2704d",
"revCount": 573, "revCount": 578,
"type": "git", "type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/nova-shell" "url": "https://git.berlin.ccc.de/vinzenz/nova-shell"
}, },
@ -641,7 +736,8 @@
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixos-raspberrypi": "nixos-raspberrypi",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nova-shell": "nova-shell", "nova-shell": "nova-shell",
"nur": "nur", "nur": "nur",
@ -728,7 +824,7 @@
"nix-filter": [ "nix-filter": [
"nix-filter" "nix-filter"
], ],
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1757763091, "lastModified": 1757763091,

60
flake.nix
View file

@ -9,6 +9,7 @@
}; };
#keep-sorted start block=yes #keep-sorted start block=yes
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs"; #inputs.nixpkgs.follows = "nixpkgs";
@ -37,6 +38,9 @@
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-raspberrypi = {
url = "github:nvmd/nixos-raspberrypi/main";
};
nova-shell = { nova-shell = {
url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -99,6 +103,7 @@
niri, niri,
nix-vscode-extensions, nix-vscode-extensions,
nixos-generators, nixos-generators,
nixos-raspberrypi,
nixpkgs-unstable, nixpkgs-unstable,
servicepoint-cli, servicepoint-cli,
servicepoint-simulator, servicepoint-simulator,
@ -111,6 +116,28 @@
}: }:
let let
devices = { devices = {
# keep-sorted start block=yes
aur0ra = {
system = "aarch64-linux";
nixosSystem = nixos-raspberrypi.lib.nixosSystem;
};
aur0ra-installer = {
# build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage
system = "aarch64-linux";
nixosSystem = nixos-raspberrypi.lib.nixosInstaller;
};
damocles = {
system = "x86_64-linux";
};
epimetheus = {
system = "aarch64-linux";
};
forgejo-runner-1 = {
system = "aarch64-linux";
};
hetzner-vpn2 = {
system = "aarch64-linux";
};
muede-lpt2 = { muede-lpt2 = {
system = "x86_64-linux"; system = "x86_64-linux";
home-manager-users = { home-manager-users = {
@ -129,18 +156,7 @@
inherit (self.homeConfigurations) ronja; inherit (self.homeConfigurations) ronja;
}; };
}; };
hetzner-vpn2 = { # keep-sorted end
system = "aarch64-linux";
};
forgejo-runner-1 = {
system = "aarch64-linux";
};
epimetheus = {
system = "aarch64-linux";
};
damocles = {
system = "x86_64-linux";
};
}; };
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
@ -216,13 +232,14 @@
device, device,
system, system,
home-manager-users ? { }, home-manager-users ? { },
nixosSystem ? nixpkgs.lib.nixosSystem
}: }:
let let
specialArgs = inputs // { specialArgs = inputs // {
inherit device home-manager-users; inherit device home-manager-users;
}; };
in in
nixpkgs.lib.nixosSystem { nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
{ {
@ -250,22 +267,5 @@
formatting = treefmt-eval.config.build.check self; formatting = treefmt-eval.config.build.check self;
} }
); );
packages = forAllSystems (
{ ... }:
{
nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "proxmox-lxc";
specialArgs = inputs // {
device = "nixos-aarch64-pxvirt-lxc-template";
};
modules = [
self.nixosModules.global-settings
self.nixosModules.pxvirt-guest
];
};
}
);
}; };
} }

17
nixosConfigurations/aur0ra-installer/default.nix Normal file
View file

@ -0,0 +1,17 @@
{
nixos-images,
config,
lib,
modulesPath,
...
}:
{
imports = [
../aur0ra
# nixos-images.nixosModules.sdimage-installer
];
disabledModules = [
# disable the sd-image module that nixos-images uses
# (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix")
];
}

56
nixosConfigurations/aur0ra/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ lib, ... }:
{
imports = [
./hardware.nix
./nice-looking-console.nix
];
users.users.ruth = {
# initialPassword = "setup";
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
];
# Allow the graphical user to login without password
initialHashedPassword = "";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
];
};
nix.settings.trusted-users = [ "ruth" ];
# Don't require sudo/root to `reboot` or `poweroff`.
security.polkit.enable = true;
# Allow passwordless sudo from nixos user
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
services.openssh.enable = true;
# https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix
networking.firewall.logRefusedConnections = lib.mkDefault false;
# Use networkd instead of the pile of shell scripts
# NOTE: SK: is it safe to combine with NetworkManager on desktops?
networking.useNetworkd = lib.mkDefault true;
# The notion of "online" is a broken concept
# https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13
# https://github.com/NixOS/nixpkgs/issues/247608
systemd.services.NetworkManager-wait-online.enable = false;
systemd.network.wait-online.enable = false;
# Do not take down the network for too long when upgrading,
# This also prevents failures of services that are restarted instead of stopped.
# It will use `systemctl restart` rather than stopping it with `systemctl stop`
# followed by a delayed `systemctl start`.
systemd.services.systemd-networkd.stopIfChanged = false;
# Services that are only restarted might be not able to resolve when resolved is stopped before
systemd.services.systemd-resolved.stopIfChanged = false;
}

64
nixosConfigurations/aur0ra/hardware.nix Normal file
View file

@ -0,0 +1,64 @@
{ nixos-raspberrypi, lib, ... }:
{
imports = with nixos-raspberrypi.nixosModules; [
raspberry-pi-5.base
raspberry-pi-5.bluetooth
raspberry-pi-5.page-size-16k
raspberry-pi-5.display-vc4
];
# No one got time for xz compression.
#isoImage.squashfsCompression = "zstd";
boot.loader = {
raspberry-pi.bootloader = "kernel";
systemd-boot.enable = lib.mkForce false;
#generic-extlinux-compatible.enable = lib.mkForce false;
};
/*
fileSystems = {
"/boot/firmware" = {
# TODO
device = "/dev/disk/by-uuid/2175-794E";
fsType = "vfat";
options = [
"noatime"
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=1min"
];
};
"/" = {
# TODO
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
options = [ "noatime" ];
};
};
*/
hardware.raspberry-pi.config = {
all = {
# [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
# Base DTB parameters
# https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
base-dt-params = {
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
pciex1 = {
enable = true;
value = "on";
};
# PCIe Gen 3.0
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
pciex1_gen = {
enable = true;
value = "3";
};
};
};
};
}

32
nixosConfigurations/aur0ra/nice-looking-console.nix Normal file
View file

@ -0,0 +1,32 @@
# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix
{ lib, pkgs, ... }:
{
# The following have been borrowed from:
# https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84
console.earlySetup = true;
# ter-u22n is probably too big
console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz";
# Make colored console output more readable
# for example, `ip addr`s (blues are too dark by default)
# Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/
console.colors = lib.mkDefault [
"000000"
"CC0000"
"4E9A06"
"C4A000"
"3465A4"
"75507B"
"06989A"
"D3D7CF"
"555753"
"EF2929"
"8AE234"
"FCE94F"
"739FCF"
"AD7FA8"
"34E2E2"
"EEEEEC"
];
}

7
nixosConfigurations/damocles/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, self, ... }: {
pkgs,
lib,
self,
...
}:
{ {
imports = [ ./android-dev.nix ]; imports = [ ./android-dev.nix ];

14
nixosModules/extra-caches.nix
View file

@ -1,16 +1,22 @@
{ {
nix.settings = { nix.settings = {
substituters = [ substituters = [
"https://cache.nixos.org/" # keep-sorted start
"https://nix-community.cachix.org"
"https://cache.lix.systems" "https://cache.lix.systems"
"https://cache.nixos.org/"
"https://niri.cachix.org" "https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# keep-sorted end
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # keep-sorted start
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# keep-sorted end
]; ];
}; };
} }