Compare commits
9 Commits
bab2df5d7e
...
eb416ae409
| Author | SHA1 | Date | |
|---|---|---|---|
| eb416ae409 | |||
| ae2a62515a | |||
| 2810ba1412 | |||
| e42e30d3cc | |||
| 83b5d3b8c2 | |||
| 0b604fd99c | |||
| 51fbae98c5 | |||
| d8eff26864 | |||
| 5f7335c2a0 |
14
Makefile
14
Makefile
@@ -36,7 +36,17 @@ update-input:
|
||||
iso:
|
||||
nix build .#packages.x86_64-linux.iso
|
||||
|
||||
# Deploy a host by name (ex: 's0')
|
||||
# Build Custom kexec image
|
||||
.PHONY: kexec-img
|
||||
kexec-img:
|
||||
nix build .#packages.x86_64-linux.kexec
|
||||
|
||||
# Deploy a host by name (ex: 's0') but don't activate
|
||||
.PHONY: deploy
|
||||
deploy:
|
||||
deploy --remote-build --boot --debug-logs --skip-checks .#$(filter-out $@,$(MAKECMDGOALS))
|
||||
deploy --remote-build --boot --debug-logs --skip-checks .#$(filter-out $@,$(MAKECMDGOALS))
|
||||
|
||||
# Deploy a host by name (ex: 's0')
|
||||
.PHONY: deploy-activate
|
||||
deploy-activate:
|
||||
deploy --remote-build --debug-logs --skip-checks .#$(filter-out $@,$(MAKECMDGOALS))
|
||||
@@ -61,14 +61,22 @@ in
|
||||
|
||||
# Networking
|
||||
networking.networkmanager.enable = true;
|
||||
users.users.googlebot.extraGroups = [ "networkmanager" ];
|
||||
|
||||
# Printing
|
||||
services.printing.enable = true;
|
||||
services.printing.drivers = with pkgs; [
|
||||
gutenprint
|
||||
];
|
||||
# Printer discovery
|
||||
|
||||
# Scanning
|
||||
hardware.sane.enable = true;
|
||||
hardware.sane.extraBackends = with pkgs; [
|
||||
# Enable support for "driverless" scanners
|
||||
# Check for support here: https://mfi.apple.com/account/airprint-search
|
||||
sane-airscan
|
||||
];
|
||||
|
||||
# Printer/Scanner discovery
|
||||
services.avahi.enable = true;
|
||||
services.avahi.nssmdns4 = true;
|
||||
|
||||
@@ -94,5 +102,13 @@ in
|
||||
# SSH Ask pass
|
||||
programs.ssh.enableAskPassword = true;
|
||||
programs.ssh.askPassword = "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
|
||||
|
||||
users.users.googlebot.extraGroups = [
|
||||
# Networking
|
||||
"networkmanager"
|
||||
# Scanning
|
||||
"scanner"
|
||||
"lp"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ in
|
||||
# plasma5Packages.kmail-account-wizard
|
||||
kdePackages.kate
|
||||
kdePackages.kdeconnect-kde
|
||||
kdePackages.skanpage
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -110,10 +110,10 @@ in
|
||||
config.services.nextcloud.occ
|
||||
];
|
||||
script = ''
|
||||
nextcloud-occ -- config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
|
||||
nextcloud-occ -- config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
|
||||
nextcloud-occ -- config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
|
||||
nextcloud-occ -- richdocuments:setup
|
||||
nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
|
||||
nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
|
||||
nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
|
||||
nextcloud-occ richdocuments:setup
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
@@ -134,8 +134,8 @@ in
|
||||
config.services.nextcloud.occ
|
||||
];
|
||||
script = ''
|
||||
nextcloud-occ -- config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
|
||||
nextcloud-occ -- config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
|
||||
nextcloud-occ config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
|
||||
nextcloud-occ config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
||||
@@ -6,14 +6,11 @@
|
||||
# - add some handy shell commands
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
comma
|
||||
];
|
||||
|
||||
# nix-index
|
||||
programs.nix-index.enable = true;
|
||||
programs.nix-index.enableFishIntegration = true;
|
||||
programs.command-not-found.enable = false;
|
||||
programs.nix-index-database.comma.enable = true;
|
||||
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
@@ -35,21 +32,4 @@
|
||||
|
||||
llsblk = "lsblk -o +uuid,fsType";
|
||||
};
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
# comma uses the "nix-index" package built into nixpkgs by default.
|
||||
# That package doesn't use the prebuilt nix-index database so it needs to be changed.
|
||||
comma = prev.comma.overrideAttrs (old: {
|
||||
nativeBuildInputs = old.nativeBuildInputs ++ [
|
||||
prev.makeWrapper
|
||||
];
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/comma \
|
||||
--prefix PATH : ${lib.makeBinPath [ prev.fzy config.programs.nix-index.package ]}
|
||||
ln -s $out/bin/comma $out/bin/,
|
||||
'';
|
||||
});
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
43
flake.lock
generated
43
flake.lock
generated
@@ -239,6 +239,42 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1736643958,
|
||||
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764234087,
|
||||
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1767185284,
|
||||
@@ -257,11 +293,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1768105724,
|
||||
"narHash": "sha256-0edMCoDc1VpuqDjy0oz8cDa4kjRuhXE3040sac2iZW4=",
|
||||
"lastModified": 1768250893,
|
||||
"narHash": "sha256-fWNJYFx0QvnlGlcw54EoOYs/wv2icINHUz0FVdh9RIo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4c41b0361812441bf3b4427195e57ab271d5167f",
|
||||
"rev": "3971af1a8fc3646b1d554cb1269b26c84539c22e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -280,6 +316,7 @@
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||
|
||||
34
flake.nix
34
flake.nix
@@ -3,6 +3,11 @@
|
||||
# nixpkgs
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/master";
|
||||
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# Common Utils Among flake inputs
|
||||
systems.url = "github:nix-systems/default";
|
||||
flake-utils = {
|
||||
@@ -84,7 +89,7 @@
|
||||
simple-nixos-mailserver.nixosModule
|
||||
agenix.nixosModules.default
|
||||
dailybuild_modules.nixosModule
|
||||
nix-index-database.nixosModules.nix-index
|
||||
nix-index-database.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
self.nixosModules.kernel-modules
|
||||
({ lib, ... }: {
|
||||
@@ -140,23 +145,22 @@
|
||||
machineHosts;
|
||||
|
||||
packages =
|
||||
with inputs;
|
||||
let
|
||||
mkKexec = system:
|
||||
(nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [ ./machines/ephemeral/kexec.nix ];
|
||||
}).config.system.build.kexec_tarball;
|
||||
mkIso = system:
|
||||
(nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [ ./machines/ephemeral/iso.nix ];
|
||||
}).config.system.build.isoImage;
|
||||
mkEphemeral = system: format: nixos-generators.nixosGenerate {
|
||||
inherit system;
|
||||
inherit format;
|
||||
modules = [
|
||||
./machines/ephemeral/minimal.nix
|
||||
nix-index-database.nixosModules.default
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
"x86_64-linux"."kexec" = mkKexec "x86_64-linux";
|
||||
"x86_64-linux"."iso" = mkIso "x86_64-linux";
|
||||
"aarch64-linux"."kexec" = mkKexec "aarch64-linux";
|
||||
"aarch64-linux"."iso" = mkIso "aarch64-linux";
|
||||
"x86_64-linux".kexec = mkEphemeral "x86_64-linux" "kexec-bundle";
|
||||
"x86_64-linux".iso = mkEphemeral "x86_64-linux" "iso";
|
||||
"aarch64-linux".kexec = mkEphemeral "aarch64-linux" "kexec-bundle";
|
||||
"aarch64-linux".iso = mkEphemeral "aarch64-linux" "iso";
|
||||
};
|
||||
|
||||
overlays.default = import ./overlays { inherit inputs; };
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
{ modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/cd-dvd/iso-image.nix")
|
||||
./minimal.nix
|
||||
];
|
||||
|
||||
isoImage.makeUsbBootable = true;
|
||||
|
||||
networking.hostName = "iso";
|
||||
}
|
||||
@@ -1,48 +0,0 @@
|
||||
# From https://mdleom.com/blog/2021/03/09/nixos-oracle/#Build-a-kexec-tarball
|
||||
# Builds a kexec img
|
||||
|
||||
{ config, pkgs, modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/netboot/netboot.nix")
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
./minimal.nix
|
||||
];
|
||||
|
||||
networking.hostName = "kexec";
|
||||
|
||||
# stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec
|
||||
system.build = rec {
|
||||
image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
|
||||
mkdir $out
|
||||
if [ -f ${config.system.build.kernel}/bzImage ]; then
|
||||
cp ${config.system.build.kernel}/bzImage $out/kernel
|
||||
else
|
||||
cp ${config.system.build.kernel}/Image $out/kernel
|
||||
fi
|
||||
cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
|
||||
nuke-refs $out/kernel
|
||||
'';
|
||||
kexec_script = pkgs.writeTextFile {
|
||||
executable = true;
|
||||
name = "kexec-nixos";
|
||||
text = ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
set -e
|
||||
${pkgs.kexec-tools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
|
||||
sync
|
||||
echo "executing kernel, filesystems will be improperly umounted"
|
||||
${pkgs.kexec-tools}/bin/kexec -e
|
||||
'';
|
||||
};
|
||||
kexec_tarball = pkgs.callPackage (modulesPath + "/../lib/make-system-tarball.nix") {
|
||||
storeContents = [
|
||||
{
|
||||
object = config.system.build.kexec_script;
|
||||
symlink = "/kexec_nixos";
|
||||
}
|
||||
];
|
||||
contents = [ ];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -5,6 +5,8 @@
|
||||
(modulesPath + "/installer/cd-dvd/channel.nix")
|
||||
../../common/machine-info
|
||||
../../common/ssh.nix
|
||||
../../common/flakes.nix
|
||||
../../common/shell.nix
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
@@ -22,9 +24,7 @@
|
||||
boot.kernelParams = [
|
||||
"console=ttyS0,115200" # enable serial console
|
||||
];
|
||||
boot.kernel.sysctl."vm.overcommit_memory" = "1";
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
# boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
|
||||
@@ -38,6 +38,7 @@
|
||||
git-lfs
|
||||
wget
|
||||
htop
|
||||
btop
|
||||
dnsutils
|
||||
pciutils
|
||||
usbutils
|
||||
@@ -46,7 +47,7 @@
|
||||
|
||||
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
|
||||
|
||||
networking.useDHCP = true;
|
||||
# networking.useDHCP = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
@@ -56,6 +57,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
services.getty.autologinUser = "root";
|
||||
nix.flakes.enable = true;
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
|
||||
}
|
||||
|
||||
@@ -1,57 +0,0 @@
|
||||
{ config, modulesPath, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
pinecube-uboot = pkgs.buildUBoot {
|
||||
defconfig = "pinecube_defconfig";
|
||||
extraMeta.platforms = [ "armv7l-linux" ];
|
||||
filesToInstall = [ "u-boot-sunxi-with-spl.bin" ];
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/sd-card/sd-image.nix")
|
||||
./minimal.nix
|
||||
];
|
||||
|
||||
sdImage.populateFirmwareCommands = "";
|
||||
sdImage.populateRootCommands = ''
|
||||
mkdir -p ./files/boot
|
||||
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
|
||||
'';
|
||||
sdImage.postBuildCommands = ''
|
||||
dd if=${pinecube-uboot}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
|
||||
'';
|
||||
|
||||
###
|
||||
|
||||
networking.hostName = "pinecube";
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.consoleLogLevel = 7;
|
||||
|
||||
# cma is 64M by default which is waay too much and we can't even unpack initrd
|
||||
boot.kernelParams = [ "console=ttyS0,115200n8" "cma=32M" ];
|
||||
|
||||
boot.kernelModules = [ "spi-nor" ]; # Not sure why this doesn't autoload. Provides SPI NOR at /dev/mtd0
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.rtl8189es ];
|
||||
|
||||
zramSwap.enable = true; # 128MB is not much to work with
|
||||
|
||||
sound.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ffmpeg
|
||||
(v4l_utils.override { withGUI = false; })
|
||||
usbutils
|
||||
];
|
||||
|
||||
services.getty.autologinUser = lib.mkForce "googlebot";
|
||||
users.users.googlebot = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "networkmanager" "video" ];
|
||||
openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
|
||||
};
|
||||
|
||||
networking.wireless.enable = true;
|
||||
}
|
||||
@@ -65,40 +65,11 @@
|
||||
# useNetworkd = true;
|
||||
dhcpcd.enable = true;
|
||||
interfaces."eth0".useDHCP = true;
|
||||
interfaces."eth1".useDHCP = false;
|
||||
interfaces."main@eth1".useDHCP = true;
|
||||
interfaces."iot@eth1".useDHCP = true;
|
||||
interfaces."management@eth1".useDHCP = true;
|
||||
|
||||
vlans = {
|
||||
main = {
|
||||
id = 5;
|
||||
interface = "eth1";
|
||||
};
|
||||
iot = {
|
||||
id = 2;
|
||||
interface = "eth1";
|
||||
};
|
||||
management = {
|
||||
id = 4;
|
||||
interface = "eth1";
|
||||
};
|
||||
};
|
||||
|
||||
# interfaces.eth1.ipv4.addresses = [{
|
||||
# address = "192.168.1.2";
|
||||
# prefixLength = 21;
|
||||
# }];
|
||||
# interfaces.iot.ipv4.addresses = [{
|
||||
# address = "192.168.9.8";
|
||||
# prefixLength = 22;
|
||||
# }];
|
||||
interfaces."eth1".useDHCP = true;
|
||||
|
||||
defaultGateway = {
|
||||
# interface = "eth1";
|
||||
address = "192.168.1.1";
|
||||
};
|
||||
# nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
};
|
||||
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user