From 6fb71cbf4f7a631232944bc08b65fab7009ccf48 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Jan 2024 21:18:08 +0100 Subject: [PATCH] steveej-x13s-rmvbl: boring setup with copying the whole x13s flake --- flake.nix | 3 +- .../steveej-x13s-rmvbl/configuration.nix | 134 +++++++++++++++++- nix/os/devices/steveej-x13s-rmvbl/default.nix | 6 +- nix/os/devices/steveej-x13s-rmvbl/flake.lock | 58 ++++++++ nix/os/devices/steveej-x13s-rmvbl/flake.nix | 96 +++++++------ nix/os/devices/steveej-x13s/flake.nix | 49 ++++--- nix/os/profiles/common/user.nix | 2 +- 7 files changed, 281 insertions(+), 67 deletions(-) diff --git a/flake.nix b/flake.nix index 0931bc3..46ae21a 100644 --- a/flake.nix +++ b/flake.nix @@ -139,6 +139,7 @@ }) [ "steveej-t14" "steveej-x13s" + "steveej-x13s-rmvbl" # "elias-e525" # "justyna-p300" @@ -186,7 +187,7 @@ , lib , pkgs , ... - }: rec { + }: { imports = [ ./nix/modules/flake-parts/perSystem/default.nix ]; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index fd8e1c1..6e902e6 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -10,9 +10,139 @@ }: { + nixos-x13s = { + enable = true; + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + + systemd.services.bluetooth-mac = { + enable = true; + path = [ + pkgs.systemd + pkgs.util-linux + pkgs.bluez5-experimental + pkgs.expect + ]; + script = '' + # TODO: this may not be required + while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do + echo Waiting for bluetooth firmware to complete + echo sleep 1 + done + + ( + # best effort + set +e + rfkill block bluetooth + echo $? + btmgmt public-addr ${config.nixos-x13s.bluetoothMac} + echo $? + rfkill unblock bluetooth + echo $? + ) + ''; + requiredBy = [ "bluetooth.service" ]; + before = [ "bluetooth.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + + # we need a tty, otherwise btmgmt will hang + StandardInput = "tty"; + TTYPath = "/dev/tty2"; + TTYReset = "yes"; + TTYVHangup = "yes"; + }; + }; + imports = [ - ../steveej-x13s/configuration.nix + nodeFlake.inputs.nixos-x13s.nixosModules.default + + repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.disko.nixosModules.disko + ./disko.nix + + ../../snippets/nix-settings.nix + ../../profiles/common/user.nix + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.openFirewall = true; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + users.commonUsers = { + enable = true; + enableNonRoot = true; + }; + } + + + ../../snippets/home-manager-with-zsh.nix + ../../snippets/sway-desktop.nix + ../../snippets/bluetooth.nix + ../../snippets/timezone.nix + ../../snippets/radicale.nix ]; - users.commonUsers.installPassword = "install"; + networking.hostName = nodeName; + networking.firewall.enable = true; + networking.networkmanager.enable = true; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.sshfs + pkgs.util-linux + pkgs.coreutils + pkgs.vim + + pkgs.git + pkgs.git-crypt + ]; + + system.stateVersion = "23.11"; + home-manager.users.root = _: { + home.stateVersion = "23.11"; + }; + home-manager.users.steveej = _: { + home.stateVersion = "23.11"; + + imports = [ + ../../../home-manager/configuration/graphical-fullblown.nix + ]; + + home.sessionVariables = { }; + + home.packages = with pkgs; [ + ]; + + # TODO: currently unsupported + services.gammastep.enable = lib.mkForce false; + # programs.chromium.enable = lib.mkForce false; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = lib.mkForce false; + loader.efi.efiSysMountPoint = "/boot"; + blacklistedKernelModules = [ "wwan" ]; + }; + + # see https://linrunner.de/tlp/ + services.tlp = { + enable = true; + settings = { + START_CHARGE_THRESH_BAT0 = "80"; + STOP_CHARGE_THRESH_BAT0 = "85"; + }; + }; + + # android on linux + virtualisation.waydroid.enable = true; + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index e7a5794..fc3933e 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -1,6 +1,7 @@ { system ? "aarch64-linux" , nodeName , repoFlake +, repoFlakeWithSystem , nodeFlake , localDomainName ? "internal" , ... @@ -9,6 +10,7 @@ inherit repoFlake nodeName nodeFlake system; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); inherit localDomainName; }; @@ -24,10 +26,10 @@ deployment.replaceUnknownProfiles = true; deployment.allowLocalDeployment = true; + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ]; - - networking.hostName = nodeName; }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index 6fc6701..dcc457f 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -19,6 +19,24 @@ "type": "indirect" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -71,6 +89,27 @@ "type": "github" } }, + "nixos-x13s": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706097550, + "narHash": "sha256-rR4HMpUlT7SbVPxQIvWH0DsxaEQcjTLqLrst2xoT1CY=", + "ref": "refs/heads/main", + "rev": "732a0f1549996740bdb06989599a5f0653de5056", + "revCount": 6, + "type": "git", + "url": "https://codeberg.org/steveej/nixos-x13s" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/steveej/nixos-x13s" + } + }, "nixpkgs": { "locked": { "lastModified": 1705916986, @@ -103,6 +142,24 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable-small": { "locked": { "lastModified": 1706022028, @@ -125,6 +182,7 @@ "get-flake": "get-flake", "home-manager": "home-manager", "mobile-nixos": "mobile-nixos", + "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-unstable-small": "nixpkgs-unstable-small" diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index 9a6bcba..cf5a06e 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -3,7 +3,7 @@ { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # requires for home-manager modules + # required for home-manager modules nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; @@ -18,6 +18,9 @@ url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -27,51 +30,60 @@ , ... }: let - targetPlatform = "aarch64-linux"; + system = "aarch64-linux"; buildPlatform = "x86_64-linux"; - nodeName = "steveej-x13s-rmvbl"; - - x13s-flake = get-flake ../steveej-x13s; - - mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: - nixpkgs.lib.nixosSystem ( - nixpkgs.lib.attrsets.recursiveUpdate - attrs - { - specialArgs = (import ./default.nix { - system = targetPlatform; - inherit nodeName; - - repoFlake = get-flake ../../../..; - - # TODO: double-check if this hack doesn't have negative side-effects - # the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found - nodeFlake = x13s-flake; - }).meta.nodeSpecialArgs.${nodeName}; - - modules = - [ - ../steveej-x13s/configuration.nix - ./configuration.nix - ] - ++ extraModules; - } - ); + repoFlake = get-flake ../../../..; in { - nixosConfigurations = { - native = mkNixosConfiguration { - system = targetPlatform; - }; + lib = { + mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + inherit system; + inherit nodeName repoFlake; - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + # repoFlake.nixosModules.hardware-x13s + ] + ++ extraModules; + } + ); }; + + nixosConfigurations = + let + nodeName = "steveej-x13s-rmvbl"; + in + { + native = self.lib.mkNixosConfiguration { + inherit system nodeName; + extraModules = [ + ./configuration.nix + + { + users.commonUsers.installPassword = "install"; + } + ]; + }; + + cross = self.lib.mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = system; + } + ]; + }; + }; }; } diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 9f10331..6220ebb 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -3,7 +3,7 @@ { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # requires for home-manager modules + # required for home-manager modules nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; @@ -32,10 +32,9 @@ let targetPlatform = "aarch64-linux"; buildPlatform = "x86_64-linux"; - nodeName = "steveej-x13s"; repoFlake = get-flake ../../../..; - mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: + mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( nixpkgs.lib.attrsets.recursiveUpdate attrs @@ -50,28 +49,40 @@ modules = [ # repoFlake.nixosModules.hardware-x13s - - - ./configuration.nix ] ++ extraModules; } ); in { - nixosConfigurations = { - native = mkNixosConfiguration { - system = targetPlatform; - }; - - cross = mkNixosConfiguration { - extraModules = [ - { - nixpkgs.buildPlatform.system = buildPlatform; - nixpkgs.hostPlatform.system = targetPlatform; - } - ]; - }; + lib = { + inherit mkNixosConfiguration; }; + + nixosConfigurations = + let + nodeName = "steveej-x13s"; + in + { + native = mkNixosConfiguration { + inherit nodeName; + system = targetPlatform; + extraModules = [ + ./configuration.nix + ]; + }; + + cross = mkNixosConfiguration { + inherit nodeName; + extraModules = [ + ./configuration.nix + + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; }; } diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 0df5e5f..1b6afbd 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -61,7 +61,7 @@ in }) { - users.mutableUsers = lib.mkForce false; + users.mutableUsers = cfg.installPassword != ""; users.users.root = lib.mkMerge [ {