steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

steveej-x13s-rmvbl: boring setup with copying the whole x13s flake

Browse source
This commit is contained in:
steveej 2024-01-28 21:18:08 +01:00
parent 4663780877
commit 6fb71cbf4f
7 changed files with 281 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -139,6 +139,7 @@
}) [ }) [
"steveej-t14" "steveej-t14"
"steveej-x13s" "steveej-x13s"
"steveej-x13s-rmvbl"
# "elias-e525" # "elias-e525"
# "justyna-p300" # "justyna-p300"
@ -186,7 +187,7 @@
, lib , lib
, pkgs , pkgs
, ... , ...
}: rec { }: {
imports = [ imports = [
./nix/modules/flake-parts/perSystem/default.nix ./nix/modules/flake-parts/perSystem/default.nix
]; ];

134
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -10,9 +10,139 @@
}: }:
{ {
nixos-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
systemd.services.bluetooth-mac = {
enable = true;
path = [
pkgs.systemd
pkgs.util-linux
pkgs.bluez5-experimental
pkgs.expect
];
script = ''
# TODO: this may not be required
while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do
echo Waiting for bluetooth firmware to complete
echo sleep 1
done
(
# best effort
set +e
rfkill block bluetooth
echo $?
btmgmt public-addr ${config.nixos-x13s.bluetoothMac}
echo $?
rfkill unblock bluetooth
echo $?
)
'';
requiredBy = [ "bluetooth.service" ];
before = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
# we need a tty, otherwise btmgmt will hang
StandardInput = "tty";
TTYPath = "/dev/tty2";
TTYReset = "yes";
TTYVHangup = "yes";
};
};
imports = [ imports = [
../steveej-x13s/configuration.nix nodeFlake.inputs.nixos-x13s.nixosModules.default
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../snippets/nix-settings.nix
../../profiles/common/user.nix
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
}
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix
../../snippets/timezone.nix
../../snippets/radicale.nix
]; ];
users.commonUsers.installPassword = "install"; networking.hostName = nodeName;
networking.firewall.enable = true;
networking.networkmanager.enable = true;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.sshfs
pkgs.util-linux
pkgs.coreutils
pkgs.vim
pkgs.git
pkgs.git-crypt
];
system.stateVersion = "23.11";
home-manager.users.root = _: {
home.stateVersion = "23.11";
};
home-manager.users.steveej = _: {
home.stateVersion = "23.11";
imports = [
../../../home-manager/configuration/graphical-fullblown.nix
];
home.sessionVariables = { };
home.packages = with pkgs; [
];
# TODO: currently unsupported
services.gammastep.enable = lib.mkForce false;
# programs.chromium.enable = lib.mkForce false;
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
};
# see https://linrunner.de/tlp/
services.tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = "80";
STOP_CHARGE_THRESH_BAT0 = "85";
};
};
# android on linux
virtualisation.waydroid.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
} }

6
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,6 +1,7 @@
{ system ? "aarch64-linux" { system ? "aarch64-linux"
, nodeName , nodeName
, repoFlake , repoFlake
, repoFlakeWithSystem
, nodeFlake , nodeFlake
, localDomainName ? "internal" , localDomainName ? "internal"
, ... , ...
@ -9,6 +10,7 @@
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
inherit localDomainName; inherit localDomainName;
}; };
@ -24,10 +26,10 @@
deployment.replaceUnknownProfiles = true; deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true; deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [ imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
]; ];
networking.hostName = nodeName;
}; };
} }

58
nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -19,6 +19,24 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": { "get-flake": {
"locked": { "locked": {
"lastModified": 1694475786, "lastModified": 1694475786,
@ -71,6 +89,27 @@
"type": "github" "type": "github"
} }
}, },
"nixos-x13s": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706097550,
"narHash": "sha256-rR4HMpUlT7SbVPxQIvWH0DsxaEQcjTLqLrst2xoT1CY=",
"ref": "refs/heads/main",
"rev": "732a0f1549996740bdb06989599a5f0653de5056",
"revCount": 6,
"type": "git",
"url": "https://codeberg.org/steveej/nixos-x13s"
},
"original": {
"type": "git",
"url": "https://codeberg.org/steveej/nixos-x13s"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1705916986, "lastModified": 1705916986,
@ -103,6 +142,24 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1706022028, "lastModified": 1706022028,
@ -125,6 +182,7 @@
"get-flake": "get-flake", "get-flake": "get-flake",
"home-manager": "home-manager", "home-manager": "home-manager",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"nixos-x13s": "nixos-x13s",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small" "nixpkgs-unstable-small": "nixpkgs-unstable-small"

96
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -3,7 +3,7 @@
{ {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules # required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
@ -18,6 +18,9 @@
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
@ -27,51 +30,60 @@
, ... , ...
}: }:
let let
targetPlatform = "aarch64-linux"; system = "aarch64-linux";
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s-rmvbl"; repoFlake = get-flake ../../../..;
x13s-flake = get-flake ../steveej-x13s;
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
# TODO: double-check if this hack doesn't have negative side-effects
# the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found
nodeFlake = x13s-flake;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
../steveej-x13s/configuration.nix
./configuration.nix
]
++ extraModules;
}
);
in in
{ {
nixosConfigurations = { lib = {
native = mkNixosConfiguration { mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
system = targetPlatform; nixpkgs.lib.nixosSystem (
}; nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
inherit system;
inherit nodeName repoFlake;
cross = mkNixosConfiguration { nodeFlake = self;
extraModules = [ }).meta.nodeSpecialArgs.${nodeName};
{
nixpkgs.buildPlatform.system = buildPlatform; modules =
nixpkgs.hostPlatform.system = targetPlatform; [
} # repoFlake.nixosModules.hardware-x13s
]; ]
}; ++ extraModules;
}
);
}; };
nixosConfigurations =
let
nodeName = "steveej-x13s-rmvbl";
in
{
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [
./configuration.nix
{
users.commonUsers.installPassword = "install";
}
];
};
cross = self.lib.mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = system;
}
];
};
};
}; };
} }

49
nix/os/devices/steveej-x13s/flake.nix
View file

@ -3,7 +3,7 @@
{ {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules # required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
@ -32,10 +32,9 @@
let let
targetPlatform = "aarch64-linux"; targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem ( nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
@ -50,28 +49,40 @@
modules = modules =
[ [
# repoFlake.nixosModules.hardware-x13s # repoFlake.nixosModules.hardware-x13s
./configuration.nix
] ]
++ extraModules; ++ extraModules;
} }
); );
in in
{ {
nixosConfigurations = { lib = {
native = mkNixosConfiguration { inherit mkNixosConfiguration;
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
}; };
nixosConfigurations =
let
nodeName = "steveej-x13s";
in
{
native = mkNixosConfiguration {
inherit nodeName;
system = targetPlatform;
extraModules = [
./configuration.nix
];
};
cross = mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
}; };
} }

2
nix/os/profiles/common/user.nix
View file

@ -61,7 +61,7 @@ in
}) })
{ {
users.mutableUsers = lib.mkForce false; users.mutableUsers = cfg.installPassword != "";
users.users.root = lib.mkMerge [ users.users.root = lib.mkMerge [
{ {