From 3987b94d217330824a1b5ea5bee7207fd33160bf Mon Sep 17 00:00:00 2001 From: Patrick Neff Date: Fri, 10 Jan 2025 00:10:03 +0100 Subject: [PATCH] updates --- flake.nix | 27 ++++-- lib/mkNixosConfiguration.nix | 22 ++--- modules/home-manager/base/nixpkgs.nix | 3 +- modules/home-manager/binary-cache/default.nix | 2 +- modules/home-manager/desktop/theme/gtk.nix | 2 +- modules/home-manager/sops/default.nix | 6 +- modules/nixos/base/nixos/default.nix | 11 +-- .../nixos/base/raspberry-pi/cec/default.nix | 9 ++ modules/nixos/desktop/fonts/default.nix | 3 +- profiles/home-manager/odie@pi0/home.nix | 1 + profiles/home-manager/odie@wanaheim/home.nix | 1 + profiles/nixos/pi-installer/configuration.nix | 30 +++++++ .../pi-installer/hardware-configuration.nix | 83 +++++++++++++++++++ profiles/nixos/wanaheim/configuration.nix | 3 +- 14 files changed, 171 insertions(+), 32 deletions(-) create mode 100644 profiles/nixos/pi-installer/configuration.nix create mode 100644 profiles/nixos/pi-installer/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 4766eb3..57e2af4 100644 --- a/flake.nix +++ b/flake.nix @@ -64,9 +64,17 @@ system = "x86_64-linux"; hostName = "wsl-dev"; } + // flakeLib.mkNixosConfiguration { + inherit inputs nixpkgs outputs flakeLib overlays vars; + system = "x86_64-linux"; + hostName = "pi-installer"; + modules = [ + inputs.raspberry-pi-nix.nixosModules.sd-image + ]; + } // flakeLib.mkNixosConfiguration { inherit inputs outputs nixpkgs vars flakeLib overlays; - system = "aarch64-linux"; + system = "aarch64-linux"; hostName = "pi0"; } // flakeLib.mkNixosConfiguration { @@ -131,8 +139,17 @@ description = ""; }; }; + images = { + pi-installer = self.outputs.nixosConfigurations.pi-installer.config.system.build.sdImage; + }; } - // flake-utils.lib.eachDefaultSystem (system: { }); + // flake-utils.lib.eachDefaultSystem (system: let + pkgs = import nixpkgs { + inherit system; + }; + in { + devShells.default = pkgs.mkShell {}; + }); inputs = { # System @@ -159,9 +176,9 @@ inputs.systems.follows = "systems"; }; sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixos-wsl = { url = "github:nix-community/NixOS-WSL"; inputs = { diff --git a/lib/mkNixosConfiguration.nix b/lib/mkNixosConfiguration.nix index 19b56f3..9cab72a 100644 --- a/lib/mkNixosConfiguration.nix +++ b/lib/mkNixosConfiguration.nix @@ -1,13 +1,13 @@ -{ - inputs, - outputs, - flakeLib, - overlays, - system, - hostName, - nixpkgs, - vars, - ... +{ inputs +, outputs +, flakeLib +, overlays +, system +, hostName +, nixpkgs +, vars +, modules ? [ ] +, ... }: { ${hostName} = nixpkgs.lib.nixosSystem { inherit system; @@ -21,6 +21,6 @@ }; modules = [ ../profiles/nixos/${hostName}/configuration.nix - ]; + ] ++ modules; }; } diff --git a/modules/home-manager/base/nixpkgs.nix b/modules/home-manager/base/nixpkgs.nix index d793f95..c1e90eb 100644 --- a/modules/home-manager/base/nixpkgs.nix +++ b/modules/home-manager/base/nixpkgs.nix @@ -1,5 +1,6 @@ -{ +{pkgs, ...}: { nixpkgs = { config.allowUnfree = true; }; + nix.package = pkgs.nix; } diff --git a/modules/home-manager/binary-cache/default.nix b/modules/home-manager/binary-cache/default.nix index 73d30d7..e5f52c2 100644 --- a/modules/home-manager/binary-cache/default.nix +++ b/modules/home-manager/binary-cache/default.nix @@ -3,7 +3,7 @@ _: { # package = pkgs.nix; settings = { substituters = [ - "http://nixcache.odie.home.arpa" + "http://nix-cache.gaja-group.intranet:5000" "https://nix-community.cachix.org" "https://cache.nixos.org/" ]; diff --git a/modules/home-manager/desktop/theme/gtk.nix b/modules/home-manager/desktop/theme/gtk.nix index 23d1def..322a9ff 100644 --- a/modules/home-manager/desktop/theme/gtk.nix +++ b/modules/home-manager/desktop/theme/gtk.nix @@ -19,7 +19,7 @@ package = pkgs.papirus-icon-theme; }; theme = { - name = "Catppuccin-Mocha-Standard-Blue-Dark"; + name = "catppuccin-mocha-blue-standard+default"; package = pkgs.catppuccin-gtk; }; }; diff --git a/modules/home-manager/sops/default.nix b/modules/home-manager/sops/default.nix index 0e1898a..d8a254f 100644 --- a/modules/home-manager/sops/default.nix +++ b/modules/home-manager/sops/default.nix @@ -1,12 +1,12 @@ -{ inputs, ... }: { +{ inputs, vars, ... }: { imports = [ inputs.sops-nix.homeManagerModules.sops ]; sops = { - age.keyFile = "/home/user/.age-key.txt"; # must have no password! + #age.keyFile = "/home/${vars.username}/.sops-key.txt"; # must have no password! # It's also possible to use a ssh key, but only when it has no password: - #age.sshKeyPaths = [ "/home/user/path-to-ssh-key" ]; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../../../secrets/general.yaml; secrets.hello = { # sopsFile = ./secrets.yml.enc; # optionally define per-secret files diff --git a/modules/nixos/base/nixos/default.nix b/modules/nixos/base/nixos/default.nix index e397781..39c21d1 100644 --- a/modules/nixos/base/nixos/default.nix +++ b/modules/nixos/base/nixos/default.nix @@ -12,23 +12,22 @@ automatic = true; }; channel.enable = false; - registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; settings = { - trusted-users = [ "root" "@wheel" ]; + trusted-users = [ "@wheel" ]; experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; substituters = [ - "http://nix-cache.gaja-group.intranet:5000" "https://nix-community.cachix.org" - "https://cache.nixos.org" + "http://nix-cache.gaja-group.intranet:5000" ]; trusted-public-keys = [ "nix-cache.gaja-group.intranet:EcUsafvI9NUrnab3DA71s2PGjAYMgct0FOvCwdYuStw=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; nix-path = config.nix.nixPath; + flake-registry = ""; }; gc = { automatic = true; @@ -38,10 +37,7 @@ buildMachines = [ { hostName = "nix-cache.gaja-group.intranet"; - #system = "x86_64-linux"; protocol = "ssh-ng"; - # if the builder supports building for multiple architectures, - # replace the previous line by, e.g., systems = [ "x86_64-linux" "aarch64-linux" ]; maxJobs = 4; speedFactor = 2; @@ -50,7 +46,6 @@ } ]; distributedBuilds = true; - # optional, useful when the builder has a faster internet connection than yours extraOptions = '' builders-use-substitutes = true ''; diff --git a/modules/nixos/base/raspberry-pi/cec/default.nix b/modules/nixos/base/raspberry-pi/cec/default.nix index 7685a8c..f0dd8f5 100644 --- a/modules/nixos/base/raspberry-pi/cec/default.nix +++ b/modules/nixos/base/raspberry-pi/cec/default.nix @@ -11,5 +11,14 @@ environment.systemPackages = with pkgs; [ libcec ]; + + nixpkgs = { + overlays = [ + (final: prev: { + makeModulesClosure = x: prev.makeModulesClosure (x // { allowMissing = true; }); + libcec = prev.libcec.override { withLibraspberrypi = true; }; + }) + ]; + }; }; } diff --git a/modules/nixos/desktop/fonts/default.nix b/modules/nixos/desktop/fonts/default.nix index 8629198..2f356d7 100644 --- a/modules/nixos/desktop/fonts/default.nix +++ b/modules/nixos/desktop/fonts/default.nix @@ -7,7 +7,8 @@ noto-fonts noto-fonts-emoji sarasa-gothic - (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) + nerd-fonts.symbols-only + #(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) ]; fontconfig = { antialias = true; diff --git a/profiles/home-manager/odie@pi0/home.nix b/profiles/home-manager/odie@pi0/home.nix index dfead50..e05e232 100644 --- a/profiles/home-manager/odie@pi0/home.nix +++ b/profiles/home-manager/odie@pi0/home.nix @@ -1,6 +1,7 @@ { outputs, ... }: { imports = [ outputs.homeManagerModules.base + outputs.homeManagerModules.shell outputs.homeManagerModules.user ]; } diff --git a/profiles/home-manager/odie@wanaheim/home.nix b/profiles/home-manager/odie@wanaheim/home.nix index 07680d1..292b6cd 100644 --- a/profiles/home-manager/odie@wanaheim/home.nix +++ b/profiles/home-manager/odie@wanaheim/home.nix @@ -12,6 +12,7 @@ outputs.homeManagerModules.games outputs.homeManagerModules.user outputs.homeManagerModules.binary-cache + outputs.homeManagerModules.sops ]; home.stateVersion = "23.11"; desktop = { diff --git a/profiles/nixos/pi-installer/configuration.nix b/profiles/nixos/pi-installer/configuration.nix new file mode 100644 index 0000000..546c0ec --- /dev/null +++ b/profiles/nixos/pi-installer/configuration.nix @@ -0,0 +1,30 @@ +{ nixpkgs +, pkgs +, outputs +, vars +, ... +}: +{ + imports = [ + #inputs.nixos-hardware.nixosModules.raspberry-pi-4 + outputs.nixosModules.base + outputs.nixosModules.raspberry-pi + ./hardware-configuration.nix + ]; + + networking = { + inherit (vars) hostName domain; + }; + security.rtkit.enable = true; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + nfs-utils + ]; + + users.users.odie.initialPassword = "odie"; + + programs.zsh.enable = true; + +} diff --git a/profiles/nixos/pi-installer/hardware-configuration.nix b/profiles/nixos/pi-installer/hardware-configuration.nix new file mode 100644 index 0000000..e868ce7 --- /dev/null +++ b/profiles/nixos/pi-installer/hardware-configuration.nix @@ -0,0 +1,83 @@ +{ lib, pkgs, ... }: { + boot = { + loader = { + systemd-boot.enable = false; + }; + }; + + swapDevices = [{ + device = "/var/lib/swapfile"; + size = 4 * 1024; + }]; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + raspberry-pi-nix = { + board = "bcm2711"; + uboot.enable = true; + }; + + hardware = { + raspberry-pi = { + enable = true; + config = { + pi4 = { + options = { + arm_boost = { + enable = true; + value = true; + }; + gpu_mem = { + enable = true; + value = "256"; + }; + }; + dt-overlays = { + vc4-kms-v3d = { + enable = true; + params = { cma-256 = { enable = true; }; }; + }; + }; + }; + all = { + options = { + arm_64bit = { + enable = true; + value = true; + }; + }; + base-dt-params = { + BOOT_UART = { + value = 1; + enable = true; + }; + uart_2ndstage = { + value = 1; + enable = true; + }; + }; + dt-overlays = { + disable-bt = { + enable = true; + params = { }; + }; + vc4-kms-v3d = { + enable = true; + params = { }; + }; + }; + }; + }; + }; + }; + system.stateVersion = "25.05"; + + nixpkgs.hostPlatform.system = "aarch64-linux"; + #nixpkgs.buildPlatform.system = "x86_64-linux"; +} diff --git a/profiles/nixos/wanaheim/configuration.nix b/profiles/nixos/wanaheim/configuration.nix index 26a0968..19a4170 100644 --- a/profiles/nixos/wanaheim/configuration.nix +++ b/profiles/nixos/wanaheim/configuration.nix @@ -3,10 +3,11 @@ }: { imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t410 - inputs.nur.nixosModules.nur + inputs.nur.modules.nixos.default outputs.nixosModules.base outputs.nixosModules.desktop outputs.nixosModules.wsl + outputs.nixosModules.sops ./hardware-configuration.nix ];