From dd15bcb9abc231cc43cccda3bdf0342dec497d17 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 20:24:26 -0500 Subject: [PATCH 01/10] flake update --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 8f55b02..0c81455 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737575492, - "narHash": "sha256-qa/D3NC1JoApnUuLrq1gseBmIxeg6icm/ojPgggMDVQ=", + "lastModified": 1737669579, + "narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=", "owner": "nix-community", "repo": "home-manager", - "rev": "cefb1889b96ddd1dac3dd4734e894f4cadab7802", + "rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9", "type": "github" }, "original": { @@ -623,11 +623,11 @@ ] }, "locked": { - "lastModified": 1737299073, - "narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=", + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737579991, - "narHash": "sha256-5IKNJQP+3XWLd/s7SXGvL6ZzFwk8wDDm0QGBTQ6fw9M=", + "lastModified": 1737655283, + "narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=", "ref": "refs/heads/main", - "rev": "1fe6064ceded2a9a81ab1725d545a670d14add28", - "revCount": 16661, + "rev": "963b687443b44df6c5cbdf3426454d92830d9100", + "revCount": 16671, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -710,11 +710,11 @@ ] }, "locked": { - "lastModified": 1737241037, - "narHash": "sha256-6LIpS3rK1Ch6OXis4tvBTgGBTRb+NptDAfhPNzmgZSE=", + "lastModified": 1737675503, + "narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=", "ref": "refs/heads/main", - "rev": "690f7c0fa2935bf591cccf4d7312b3e0f470298b", - "revCount": 129, + "rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09", + "revCount": 131, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737545000, - "narHash": "sha256-Drl0xZR/N2w3dQtZ3hpx4LA3M34Lev7OKv9qrglncfY=", + "lastModified": 1737627930, + "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "04e476cb17be7c29c18a6dbcf451321f7c9b1d98", + "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737449786, - "narHash": "sha256-G/AK0T41PpxU9hjkK/tnjODigzKcpRayo1o4pi9glqI=", + "lastModified": 1737623252, + "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=", "owner": "YaLTeR", "repo": "niri", - "rev": "b01b8afa8c8f9070300243050d9790e38fd19145", + "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737556089, - "narHash": "sha256-hToO01UT2ENoQKWVopBuGV78ZprcxjqsPVFdddcynj4=", + "lastModified": 1737642748, + "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fc5aeb049f44ed4f9e877cda8a1c334612e1d7a", + "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737578990, - "narHash": "sha256-49M9B1nni54cuOH6qPM90U106VSWhAVqpy6f3sz0q4Q=", + "lastModified": 1737667561, + "narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=", "owner": "nix-community", "repo": "nixvim", - "rev": "a2a4befdaf825d36a50e2fda4a004682ea6b1a22", + "rev": "aab2b81792567237c104b90c3936e073d28a9ac6", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737512878, - "narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=", + "lastModified": 1737599167, + "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c", + "rev": "38374302ae9edf819eac666d1f276d62c712dd06", "type": "github" }, "original": { From caa3b8d0816c00c78cc7d5d4cc1b0172182451a3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 21:18:36 -0500 Subject: [PATCH 02/10] lix broke --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 87eae13..77099f8 100644 --- a/flake.nix +++ b/flake.nix @@ -171,7 +171,7 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri - inputs.lix-module.nixosModules.default + # inputs.lix-module.nixosModules.default # broken ]; }; chunk = lib.nixosSystem { From 76b0dd1a4e6b853cbec84e6bf9c1e95fc7e5e95f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 22:16:34 -0500 Subject: [PATCH 03/10] init none-ls and justfile --- home/nixvim/default.nix | 23 +++++++++++++++++++++++ justfile | 14 ++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 justfile diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 77586b6..21cd5a6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -192,6 +192,28 @@ enable = true; settings.current_line_blame = true; }; + + plugins.none-ls = { + enable = true; + enableLspFormat = true; + sources = { + code_actions.gitsigns.enable = true; + completion = { + luasnip.enable = true; + spell.enable = true; + }; + diagnostics = { + codespell.enable = true; + commitlint.enable = true; + deadnix.enable = true; + markdownlint.enable = true; + pylint.enable = true; + }; + formatting = { + just.enable = true; + }; + }; + }; plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; @@ -205,5 +227,6 @@ plugins.auto-save.enable = true; plugins.indent-blankline.enable = true; plugins.undotree.enable = true; + plugins.lsp-format.enable = true; }; } diff --git a/justfile b/justfile new file mode 100644 index 0000000..e15ec8b --- /dev/null +++ b/justfile @@ -0,0 +1,14 @@ +update: + git switch -c update + git push + git switch main + +upgrade: + git switch update + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes + home-manager -L switch --flake . + git switch main + git merge update + git branch -d update From 947249cc7913929fff772b53f206bfe29fb8c3bc Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 24 Jan 2025 01:10:53 -0500 Subject: [PATCH 04/10] configure tailscale and stuff --- .sops.yaml | 5 +++++ home/nixvim/default.nix | 23 ----------------------- hosts/chunk/default.nix | 5 ++++- hosts/chunk/tailscale.nix | 9 +++++++++ hosts/ytnix/default.nix | 10 ++++++++++ hosts/ytnix/tailscale.nix | 11 +++++++++++ secrets/services/tailscale.yaml | 31 +++++++++++++++++++++++++++++++ 7 files changed, 70 insertions(+), 24 deletions(-) create mode 100644 hosts/chunk/tailscale.nix create mode 100644 hosts/ytnix/tailscale.nix create mode 100644 secrets/services/tailscale.yaml diff --git a/.sops.yaml b/.sops.yaml index 3cfb014..810c6cb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -103,3 +103,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/tailscale.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 21cd5a6..77586b6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -192,28 +192,6 @@ enable = true; settings.current_line_blame = true; }; - - plugins.none-ls = { - enable = true; - enableLspFormat = true; - sources = { - code_actions.gitsigns.enable = true; - completion = { - luasnip.enable = true; - spell.enable = true; - }; - diagnostics = { - codespell.enable = true; - commitlint.enable = true; - deadnix.enable = true; - markdownlint.enable = true; - pylint.enable = true; - }; - formatting = { - just.enable = true; - }; - }; - }; plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; @@ -227,6 +205,5 @@ plugins.auto-save.enable = true; plugins.indent-blankline.enable = true; plugins.undotree.enable = true; - plugins.lsp-format.enable = true; }; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 7c2b8c6..0343084 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -26,6 +26,7 @@ ./attic.nix ./forgejo.nix ./garage.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -66,10 +67,12 @@ "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; - "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; boot.loader.grub.enable = true; diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix new file mode 100644 index 0000000..b33da9c --- /dev/null +++ b/hosts/chunk/tailscale.nix @@ -0,0 +1,9 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + extraUpFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + openFirewall = true; + }; +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c2a670a..54f13da 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -9,6 +9,7 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -32,6 +33,9 @@ sopsFile = ../../secrets/newsboat.yaml; owner = "yt"; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; boot = { @@ -58,6 +62,7 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -128,6 +133,7 @@ "wheel" "libvirtd" "docker" + "disk" ]; environment.systemPackages = with pkgs; [ @@ -314,4 +320,8 @@ programs.niri.enable = true; programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; + + services.udev.extraHwdb = '' + SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" + ''; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix new file mode 100644 index 0000000..71d47c8 --- /dev/null +++ b/hosts/ytnix/tailscale.nix @@ -0,0 +1,11 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + openFirewall = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + "--exit-node=100.122.132.30" + ]; + }; +} diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml new file mode 100644 index 0000000..27997b8 --- /dev/null +++ b/secrets/services/tailscale.yaml @@ -0,0 +1,31 @@ +tailscale: + auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr + c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly + V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx + UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW + 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP + R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r + TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 + em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 + kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-24T05:26:20Z" + mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.3 From 83b8a9d7656cadadf138ef13bf376186d9613f85 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 16:39:20 -0500 Subject: [PATCH 05/10] pancake: init --- .../workflows/build-machines-and-homes.yml | 1 + flake.lock | 16 +++++ flake.nix | 30 +++++--- hosts/pancake/default.nix | 69 +++++++++++++++++++ hosts/pancake/disk-config.nix | 33 +++++++++ 5 files changed, 141 insertions(+), 8 deletions(-) create mode 100644 hosts/pancake/default.nix create mode 100644 hosts/pancake/disk-config.nix diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index e276cbf..f34d785 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -11,6 +11,7 @@ jobs: - chunk - ytnix - titan + - pancake os: - ubuntu-latest runs-on: ${{ matrix.os }} diff --git a/flake.lock b/flake.lock index 0c81455..e71572c 100644 --- a/flake.lock +++ b/flake.lock @@ -899,6 +899,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1737590910, + "narHash": "sha256-qM/y6Dtpu9Wmf5HqeZajQdn+cS0aljdYQQQnrvx+LJE=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "9368027715d8dde4b84c79c374948b5306fdd2db", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1726042813, @@ -1207,6 +1222,7 @@ "lix": "lix", "lix-module": "lix-module", "niri": "niri", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_5", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index 77099f8..e76442f 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,7 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-compat.follows = "flake-compat"; }; + nixos-hardware.url = "github:nixos/nixos-hardware"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -145,9 +146,9 @@ flake = let - pkgs = import nixpkgs { + pkgsFor = system: import nixpkgs { config.allowUnfree = true; - system = "x86_64-linux"; + system = system; overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default @@ -164,7 +165,7 @@ specialArgs = { inherit inputs; }; modules = [ { - nixpkgs = { inherit pkgs; }; + nixpkgs.pkgs = pkgsFor "x86_64-linux"; } ./hosts/ytnix inputs.sops-nix.nixosModules.sops @@ -178,7 +179,7 @@ specialArgs = { inherit inputs; }; modules = [ { - nixpkgs = { inherit pkgs; }; + nixpkgs.pkgs = pkgsFor "x86_64-linux"; disabledModules = [ "services/web-servers/garage.nix" ]; @@ -194,7 +195,7 @@ specialArgs = { inherit inputs; }; modules = [ { - nixpkgs = { inherit pkgs; }; + nixpkgs.pkgs = pkgsFor "x86_64-linux"; } ./hosts/titan disko.nixosModules.disko @@ -202,6 +203,19 @@ ./modules ]; }; + + pancake = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs.pkgs = pkgsFor "aarch64-linux"; + } + disko.nixosModules.disko + inputs.nixos-hardware.nixosModules.raspberry-pi-3 + ./hosts/pancake + ./modules + ]; + }; }; homeConfigurations = let @@ -209,7 +223,7 @@ in { "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; + pkgs = pkgsFor "x86_64-linux"; extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/ytnix.nix @@ -219,7 +233,7 @@ }; "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; + pkgs = pkgsFor "x86_64-linux"; extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/chunk.nix @@ -228,7 +242,7 @@ }; "codespace@codespace" = lib.homeManagerConfiguration { - inherit pkgs; + pkgs = pkgsFor "x86_64-linux"; extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/codespace.nix diff --git a/hosts/pancake/default.nix b/hosts/pancake/default.nix new file mode 100644 index 0000000..9fd7f4f --- /dev/null +++ b/hosts/pancake/default.nix @@ -0,0 +1,69 @@ +{ + modulesPath, + pkgs, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ../common.nix + ./disk-config.nix + ./hardware-configuration.nix + ]; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + ]; + + system.stateVersion = "24.05"; + + environment.systemPackages = with pkgs; [ + curl + git + ]; + + # network stuff + networking.hostName = "pancake"; + networking.networkmanager.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + ]; + }; + + networkings.wireless.enable = true; + networkings.wireless.networks = { + "36 Halsey" = { + psk = "Canada2022"; + }; + "cy" = { + psk = "12345678"; + }; + }; + + hardware.enableRedistributableFirmware = true; + + services.desktopManager.plasma6.enable = true; + services.displayManager = { + enable = true; + autoLogin.user = "yt"; + }; + users.users.yt.extraGroups = [ + "wheel" + ]; + security.sudo.enable = true; + security.sudo.wheelNeedsPassword = false; +} diff --git a/hosts/pancake/disk-config.nix b/hosts/pancake/disk-config.nix new file mode 100644 index 0000000..1d3855b --- /dev/null +++ b/hosts/pancake/disk-config.nix @@ -0,0 +1,33 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/mmcblk0"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} From d866d9c0e345a147fe55f661bcf72e9c6fd059f5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 17:27:12 -0500 Subject: [PATCH 06/10] add hardware-config for pancake --- hosts/pancake/hardware-configuration.nix | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 hosts/pancake/hardware-configuration.nix diff --git a/hosts/pancake/hardware-configuration.nix b/hosts/pancake/hardware-configuration.nix new file mode 100644 index 0000000..e4ee4f4 --- /dev/null +++ b/hosts/pancake/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/cb6f0e18-5add-4177-ab98-e9f0235e06b3"; + fsType = "ext4"; + }; + + fileSystems."/boot/firmware" = + { device = "/dev/disk/by-uuid/D3E6-3F09"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} From f3b7da291897e2c8c90beb0d9ab9f40a7aaf6c25 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 17:50:38 -0500 Subject: [PATCH 07/10] fix typo and bootloader path --- hosts/pancake/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/pancake/default.nix b/hosts/pancake/default.nix index 9fd7f4f..ae3145e 100644 --- a/hosts/pancake/default.nix +++ b/hosts/pancake/default.nix @@ -44,8 +44,8 @@ ]; }; - networkings.wireless.enable = true; - networkings.wireless.networks = { + networking.wireless.enable = true; + networking.wireless.networks = { "36 Halsey" = { psk = "Canada2022"; }; @@ -66,4 +66,10 @@ ]; security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; + users.users.root.initialHashedPassword = ""; + users.users.yt.initialHashedPassword = ""; + + boot.loader.generic-extlinux-compatible.mirroredBoots = [ + { path = "/boot/firmware"; } + ]; } From b5796b3c2383b55dae18786e319b5c53ce5e5e53 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 18:06:38 -0500 Subject: [PATCH 08/10] try to fix everything --- flake.nix | 1 - hosts/common.nix | 2 -- hosts/pancake/default.nix | 3 +-- hosts/pancake/disk-config.nix | 33 --------------------------------- 4 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 hosts/pancake/disk-config.nix diff --git a/flake.nix b/flake.nix index e76442f..d36eb5c 100644 --- a/flake.nix +++ b/flake.nix @@ -210,7 +210,6 @@ { nixpkgs.pkgs = pkgsFor "aarch64-linux"; } - disko.nixosModules.disko inputs.nixos-hardware.nixosModules.raspberry-pi-3 ./hosts/pancake ./modules diff --git a/hosts/common.nix b/hosts/common.nix index 2e8b31a..5303739 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -9,8 +9,6 @@ "root" "@wheel" ]; - trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; - substituters = [ "https://cache.cything.io/central" ]; }; channel.enable = false; optimise = { diff --git a/hosts/pancake/default.nix b/hosts/pancake/default.nix index ae3145e..628d171 100644 --- a/hosts/pancake/default.nix +++ b/hosts/pancake/default.nix @@ -8,8 +8,8 @@ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") ../common.nix - ./disk-config.nix ./hardware-configuration.nix + ../zsh.nix ]; services.openssh = { @@ -31,7 +31,6 @@ # network stuff networking.hostName = "pancake"; - networking.networkmanager.enable = true; networking.firewall = { enable = true; allowedTCPPorts = [ diff --git a/hosts/pancake/disk-config.nix b/hosts/pancake/disk-config.nix deleted file mode 100644 index 1d3855b..0000000 --- a/hosts/pancake/disk-config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/mmcblk0"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} From af950da1f59b227f045c7387064133ae15ca981f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 18:07:38 -0500 Subject: [PATCH 09/10] also build machines on arm cuz we have pi now --- .github/workflows/build-machines-and-homes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index f34d785..768a3c5 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -14,6 +14,7 @@ jobs: - pancake os: - ubuntu-latest + - ubuntu-24.04-arm runs-on: ${{ matrix.os }} continue-on-error: true steps: From 00e6f6267b7de4b1051d73e660145ac1db853264 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 18:30:37 -0500 Subject: [PATCH 10/10] apply rpi config error fix --- flake.lock | 17 +++++++++++++++++ flake.nix | 1 + hosts/pancake/default.nix | 5 +++++ 3 files changed, 23 insertions(+) diff --git a/flake.lock b/flake.lock index e71572c..2acaba0 100644 --- a/flake.lock +++ b/flake.lock @@ -962,6 +962,22 @@ "type": "github" } }, + "nixpkgs-rpi": { + "locked": { + "lastModified": 1737645144, + "narHash": "sha256-QPTPf1ccrGTIgKA+/a3MIqrKiUbxhUSRUCQll86kUl8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d4e529a24b66b0341f2b866c5abe3ad8a96be2d7", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d4e529a24b66b0341f2b866c5abe3ad8a96be2d7", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1724316499, @@ -1225,6 +1241,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_5", "nixpkgs-garage": "nixpkgs-garage", + "nixpkgs-rpi": "nixpkgs-rpi", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "rust-overlay": "rust-overlay", diff --git a/flake.nix b/flake.nix index d36eb5c..920750a 100644 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,7 @@ inputs.flake-compat.follows = "flake-compat"; }; nixos-hardware.url = "github:nixos/nixos-hardware"; + nixpkgs-rpi.url = "github:nixos/nixpkgs/d4e529a24b66b0341f2b866c5abe3ad8a96be2d7"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR diff --git a/hosts/pancake/default.nix b/hosts/pancake/default.nix index 628d171..221b3dc 100644 --- a/hosts/pancake/default.nix +++ b/hosts/pancake/default.nix @@ -1,6 +1,8 @@ { modulesPath, pkgs, + lib, + inputs, ... }: { @@ -71,4 +73,7 @@ boot.loader.generic-extlinux-compatible.mirroredBoots = [ { path = "/boot/firmware"; } ]; + + # remove this after https://github.com/NixOS/nixpkgs/pull/375165 lands on unstable + boot.kernelPackages = lib.mkForce inputs.nixpkgs-rpi.legacyPackages.aarch64-linux.linuxKernel.packages.linux_rpi3; }