flake.nix

@@ -30,10 +30,9 @@
   outputs =
     { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, ... }:
     let
-      system = "x86_64-linux";
+      pkgs = nixpkgs.legacyPackages."x86_64-linux";
-      pkgs = nixpkgs.legacyPackages.${system};
       lib = pkgs.lib;
-      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
+      pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
       machines = import ./nixos/machines;
       physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;
       mkNixosSystems = systemDef:
@@ -48,7 +47,7 @@
           physicalMachines;
     in
     {
-      devShells.${system}.default = pkgs.mkShell {
+      devShells."x86_64-linux".default = pkgs.mkShell {
         packages = with pkgs; [
           libsecret
           # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
@@ -65,10 +64,11 @@
         ];
       };
 
-      formatter.${system} = pkgs.nixfmt;
+      formatter."x86_64-linux" = pkgs.nixfmt;
 
       nixosConfigurations = mkNixosSystems (name: machine: {
-        inherit system;
+        system = machine.arch;
+
         specialArgs = { inherit machines machine dns microvm disko agenix; };
         modules = [
           ./nixos
@@ -83,7 +83,8 @@
         nodes = mkDeployNodes (name: machine: {
           hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
           profiles.system = {
-            path = deploy-rs.lib.${system}.activate.nixos
+            remoteBuild = true;
+            path = deploy-rs.lib."aarch64-linux".activate.nixos
               self.nixosConfigurations.${name};
           };
         });

nixos/machines/default.nix

@@ -1,6 +1,18 @@
 {
+  warwick = {
+    type = "physical";
+    arch = "aarch64-linux";
+
+    nixosModule.lab = {
+      storage = {
+        osDisk = "/dev/sda";
+      };
+    };
+  };
+
   atlas = {
     type = "physical";
+    arch = "x86_64-linux";
 
     nixosModule.lab = {
       storage = {
@@ -18,6 +30,7 @@
 
   jefke = {
     type = "physical";
+    arch = "x86_64-linux";
 
     nixosModule = {
       lab = {
@@ -37,6 +50,7 @@
 
   lewis = {
     type = "physical";
+    arch = "x86_64-linux";
 
     nixosModule.lab = {
       backups.enable = true;

nixos/modules/networking/default.nix

@@ -35,7 +35,7 @@ in {
     networking = {
       domain = if machine.type == "physical" then "hyp" else "dmz";
       nftables.enable = true;
-      useDHCP = false;
+      useDHCP = true;
 
       firewall = {
         enable = true;
@@ -43,7 +43,7 @@ in {
       };
     };
 
-    systemd.network = lib.mkIf (machine.type == "physical") {
+    systemd.network = lib.mkIf (false && machine.type == "physical") {
       enable = true;
 
       netdevs = {

nixos/modules/storage.nix

@@ -10,7 +10,8 @@ in {
     };
 
     dataPartition = lib.mkOption {
-      type = lib.types.str;
+      default = null;
+      type = lib.types.nullOr lib.types.str;
       description = ''
         Partition to be used for data storage on this machine.
       '';
@@ -25,8 +26,10 @@ in {
     };
   };
 
-  config = lib.mkIf (machine.type == "physical") {
+  config = lib.mkIf (false && machine.type == "physical") {
-    fileSystems.${cfg.dataMountPoint}.device = cfg.dataPartition;
+    fileSystems.${cfg.dataMountPoint} = lib.mkIf (! isNull cfg.dataPartition) {
+      device = cfg.dataPartition;
+    };
 
     # TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then.
     disko.devices.disk.vdb = {

nixos/physical.nix

@@ -1,39 +1,50 @@
-{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, ... }: {
+{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, machine, ... }: {
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     microvm.nixosModules.host
   ];
 
   config = {
-    boot = {
-      kernelModules = [ "kvm-intel" ];
-      extraModulePackages = [ ];
 
-      initrd = {
+    fileSystems = {
-        availableKernelModules = [
+      "/" = {
-          "ahci"
+        device = "/dev/disk/by-label/NIXOS_SD";
-          "xhci_pci"
+        fsType = "ext4";
-          "nvme"
+        options = [ "noatime" ];
-          "usbhid"
-          "usb_storage"
-          "sd_mod"
-          "sdhci_pci"
-        ];
-        kernelModules = [ ];
-      };
-
-      loader = {
-        systemd-boot.enable = true;
-        efi.canTouchEfiVariables = true;
       };
     };
 
+    boot.loader.grub.device = "/dev/sda";
+    # boot = {
+    #   # kernelModules = [ "kvm-intel" ];
+    #   kernelModules = [ ];
+    #   extraModulePackages = [ ];
+
+    #   initrd = {
+    #     availableKernelModules = [
+    #       "ahci"
+    #       "xhci_pci"
+    #       "nvme"
+    #       "usbhid"
+    #       "usb_storage"
+    #       "sd_mod"
+    #       "sdhci_pci"
+    #     ];
+    #     kernelModules = [ ];
+    #   };
+
+    #   loader = {
+    #     # systemd-boot.enable = true;
+    #     efi.canTouchEfiVariables = true;
+    #   };
+    # };
+
     nixpkgs = {
       config.allowUnfree = true;
-      hostPlatform = "x86_64-linux";
+      # hostPlatform = machine.arch;
     };
 
-    hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
+    # hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
 
     age.identityPaths = [ "/etc/age_ed25519" ];