raspberrypi #70

Merged
pim merged 5 commits from raspberrypi into master 2024-02-28 20:42:51 +00:00
5 changed files with 63 additions and 34 deletions
Showing only changes of commit c2e2ed5ea8 - Show all commits

View file

@ -30,10 +30,9 @@
outputs = outputs =
{ self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, ... }: { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, ... }:
let let
system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages."x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
lib = pkgs.lib; lib = pkgs.lib;
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
machines = import ./nixos/machines; machines = import ./nixos/machines;
physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines; physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;
mkNixosSystems = systemDef: mkNixosSystems = systemDef:
@ -48,7 +47,7 @@
physicalMachines; physicalMachines;
in in
{ {
devShells.${system}.default = pkgs.mkShell { devShells."x86_64-linux".default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
libsecret libsecret
# TODO: using nixos-anywhere from nixos-unstable produces buffer overflow. # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
@ -65,10 +64,11 @@
]; ];
}; };
formatter.${system} = pkgs.nixfmt; formatter."x86_64-linux" = pkgs.nixfmt;
nixosConfigurations = mkNixosSystems (name: machine: { nixosConfigurations = mkNixosSystems (name: machine: {
inherit system; system = machine.arch;
specialArgs = { inherit machines machine dns microvm disko agenix; }; specialArgs = { inherit machines machine dns microvm disko agenix; };
modules = [ modules = [
./nixos ./nixos
@ -83,7 +83,8 @@
nodes = mkDeployNodes (name: machine: { nodes = mkDeployNodes (name: machine: {
hostname = self.nixosConfigurations.${name}.config.networking.fqdn; hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
profiles.system = { profiles.system = {
path = deploy-rs.lib.${system}.activate.nixos remoteBuild = true;
path = deploy-rs.lib."aarch64-linux".activate.nixos
self.nixosConfigurations.${name}; self.nixosConfigurations.${name};
}; };
}); });

View file

@ -1,6 +1,18 @@
{ {
warwick = {
type = "physical";
arch = "aarch64-linux";
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
};
};
};
atlas = { atlas = {
type = "physical"; type = "physical";
arch = "x86_64-linux";
nixosModule.lab = { nixosModule.lab = {
storage = { storage = {
@ -18,6 +30,7 @@
jefke = { jefke = {
type = "physical"; type = "physical";
arch = "x86_64-linux";
nixosModule = { nixosModule = {
lab = { lab = {
@ -37,6 +50,7 @@
lewis = { lewis = {
type = "physical"; type = "physical";
arch = "x86_64-linux";
nixosModule.lab = { nixosModule.lab = {
backups.enable = true; backups.enable = true;

View file

@ -35,7 +35,7 @@ in {
networking = { networking = {
domain = if machine.type == "physical" then "hyp" else "dmz"; domain = if machine.type == "physical" then "hyp" else "dmz";
nftables.enable = true; nftables.enable = true;
useDHCP = false; useDHCP = true;
firewall = { firewall = {
enable = true; enable = true;
@ -43,7 +43,7 @@ in {
}; };
}; };
systemd.network = lib.mkIf (machine.type == "physical") { systemd.network = lib.mkIf (false && machine.type == "physical") {
enable = true; enable = true;
netdevs = { netdevs = {

View file

@ -10,7 +10,8 @@ in {
}; };
dataPartition = lib.mkOption { dataPartition = lib.mkOption {
type = lib.types.str; default = null;
type = lib.types.nullOr lib.types.str;
description = '' description = ''
Partition to be used for data storage on this machine. Partition to be used for data storage on this machine.
''; '';
@ -25,8 +26,10 @@ in {
}; };
}; };
config = lib.mkIf (machine.type == "physical") { config = lib.mkIf (false && machine.type == "physical") {
fileSystems.${cfg.dataMountPoint}.device = cfg.dataPartition; fileSystems.${cfg.dataMountPoint} = lib.mkIf (! isNull cfg.dataPartition) {
device = cfg.dataPartition;
};
# TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then. # TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then.
disko.devices.disk.vdb = { disko.devices.disk.vdb = {

View file

@ -1,39 +1,50 @@
{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, ... }: { { pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, machine, ... }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
microvm.nixosModules.host microvm.nixosModules.host
]; ];
config = { config = {
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = { fileSystems = {
availableKernelModules = [ "/" = {
"ahci" device = "/dev/disk/by-label/NIXOS_SD";
"xhci_pci" fsType = "ext4";
"nvme" options = [ "noatime" ];
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
kernelModules = [ ];
};
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
}; };
}; };
boot.loader.grub.device = "/dev/sda";
# boot = {
# # kernelModules = [ "kvm-intel" ];
# kernelModules = [ ];
# extraModulePackages = [ ];
# initrd = {
# availableKernelModules = [
# "ahci"
# "xhci_pci"
# "nvme"
# "usbhid"
# "usb_storage"
# "sd_mod"
# "sdhci_pci"
# ];
# kernelModules = [ ];
# };
# loader = {
# # systemd-boot.enable = true;
# efi.canTouchEfiVariables = true;
# };
# };
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
hostPlatform = "x86_64-linux"; # hostPlatform = machine.arch;
}; };
hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware; # hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
age.identityPaths = [ "/etc/age_ed25519" ]; age.identityPaths = [ "/etc/age_ed25519" ];