diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index e276cbf..89e36da 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -8,11 +8,13 @@ jobs: strategy: matrix: machine: - - chunk - - ytnix - - titan + # - chunk + # - ytnix + # - titan + - pancake os: - - ubuntu-latest + # - ubuntu-latest + - ubuntu-24.04-arm runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -65,7 +67,14 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + # - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + # - run: nix run -L github:nix-community/nixos-generators -- --flake .#pancake -f sd-aarch64 --system aarch64-linux + - run: nix build -L .#nixosConfigurations.pancake.config.formats.sd-aarch64 + - name: upload artifacts + uses: actions/upload-artifact@v4 + with: + name: image + path: result/ build-homes: strategy: matrix: diff --git a/flake.lock b/flake.lock index 0c81455..bba3cfd 100644 --- a/flake.lock +++ b/flake.lock @@ -899,6 +899,55 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1737590910, + "narHash": "sha256-qM/y6Dtpu9Wmf5HqeZajQdn+cS0aljdYQQQnrvx+LJE=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "9368027715d8dde4b84c79c374948b5306fdd2db", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1726042813, @@ -947,6 +996,22 @@ "type": "github" } }, + "nixpkgs-rpi": { + "locked": { + "lastModified": 1737645144, + "narHash": "sha256-QPTPf1ccrGTIgKA+/a3MIqrKiUbxhUSRUCQll86kUl8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d4e529a24b66b0341f2b866c5abe3ad8a96be2d7", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d4e529a24b66b0341f2b866c5abe3ad8a96be2d7", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1724316499, @@ -1045,16 +1110,32 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737642748, - "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=", + "lastModified": 1736657626, + "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1737569578, + "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0", + "rev": "47addd76727f42d351590c905d9d1905ca895b82", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -1207,8 +1288,11 @@ "lix": "lix", "lix-module": "lix-module", "niri": "niri", - "nixpkgs": "nixpkgs_5", + "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_6", "nixpkgs-garage": "nixpkgs-garage", + "nixpkgs-rpi": "nixpkgs-rpi", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "rust-overlay": "rust-overlay", diff --git a/flake.nix b/flake.nix index 77099f8..920cc27 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -68,6 +68,9 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-compat.follows = "flake-compat"; }; + nixos-hardware.url = "github:nixos/nixos-hardware"; + nixpkgs-rpi.url = "github:nixos/nixpkgs/d4e529a24b66b0341f2b866c5abe3ad8a96be2d7"; + nixos-generators.url = "github:nix-community/nixos-generators"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -145,9 +148,9 @@ flake = let - pkgs = import nixpkgs { + pkgsFor = system: import nixpkgs { config.allowUnfree = true; - system = "x86_64-linux"; + system = system; overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default @@ -164,7 +167,7 @@ specialArgs = { inherit inputs; }; modules = [ { - nixpkgs = { inherit pkgs; }; + nixpkgs.pkgs = pkgsFor "x86_64-linux"; } ./hosts/ytnix inputs.sops-nix.nixosModules.sops @@ -178,7 +181,7 @@ specialArgs = { inherit inputs; }; modules = [ { - nixpkgs = { inherit pkgs; }; + nixpkgs.pkgs = pkgsFor "x86_64-linux"; disabledModules = [ "services/web-servers/garage.nix" ]; @@ -194,7 +197,7 @@ specialArgs = { inherit inputs; }; modules = [ { - nixpkgs = { inherit pkgs; }; + nixpkgs.pkgs = pkgsFor "x86_64-linux"; } ./hosts/titan disko.nixosModules.disko @@ -202,6 +205,19 @@ ./modules ]; }; + + pancake = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs.pkgs = pkgsFor "aarch64-linux"; + } + inputs.nixos-hardware.nixosModules.raspberry-pi-3 + inputs.nixos-generators.nixosModules.all-formats + ./hosts/pancake + ./modules + ]; + }; }; homeConfigurations = let @@ -209,7 +225,7 @@ in { "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; + pkgs = pkgsFor "x86_64-linux"; extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/ytnix.nix @@ -219,7 +235,7 @@ }; "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; + pkgs = pkgsFor "x86_64-linux"; extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/chunk.nix @@ -228,7 +244,7 @@ }; "codespace@codespace" = lib.homeManagerConfiguration { - inherit pkgs; + pkgs = pkgsFor "x86_64-linux"; extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/codespace.nix diff --git a/hosts/common.nix b/hosts/common.nix index 2e8b31a..5303739 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -9,8 +9,6 @@ "root" "@wheel" ]; - trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; - substituters = [ "https://cache.cything.io/central" ]; }; channel.enable = false; optimise = { diff --git a/hosts/pancake/default.nix b/hosts/pancake/default.nix new file mode 100644 index 0000000..561d7f0 --- /dev/null +++ b/hosts/pancake/default.nix @@ -0,0 +1,70 @@ +{ + modulesPath, + pkgs, + lib, + inputs, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ../common.nix + # ./hardware-configuration.nix + ../zsh.nix + ]; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + ]; + + system.stateVersion = "24.05"; + + environment.systemPackages = with pkgs; [ + curl + git + ]; + + # network stuff + networking.hostName = "pancake"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + ]; + }; + + networking.wireless.enable = true; + networking.wireless.networks = { + "36 Halsey" = { + psk = "Canada2022"; + }; + "cy" = { + psk = "12345678"; + }; + }; + + hardware.enableRedistributableFirmware = true; + + users.users.yt.extraGroups = [ + "wheel" + ]; + security.sudo.enable = true; + security.sudo.wheelNeedsPassword = false; + users.users.root.initialHashedPassword = ""; + users.users.yt.initialHashedPassword = ""; + + # remove this after https://github.com/NixOS/nixpkgs/pull/375165 lands on unstable + # boot.kernelPackages = lib.mkForce inputs.nixpkgs-rpi.legacyPackages.aarch64-linux.linuxKernel.packages.linux_rpi3; +} diff --git a/hosts/pancake/hardware-configuration.nix b/hosts/pancake/hardware-configuration.nix new file mode 100644 index 0000000..e4ee4f4 --- /dev/null +++ b/hosts/pancake/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/cb6f0e18-5add-4177-ab98-e9f0235e06b3"; + fsType = "ext4"; + }; + + fileSystems."/boot/firmware" = + { device = "/dev/disk/by-uuid/D3E6-3F09"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +}