steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

steveej-x13s-rmvbl: boring setup with copying the whole x13s flake

Browse source
This commit is contained in:
steveej 2024-01-28 21:18:08 +01:00
parent 4663780877
commit 6fb71cbf4f
7 changed files with 281 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -139,6 +139,7 @@
}) [
"steveej-t14"
"steveej-x13s"
"steveej-x13s-rmvbl"
# "elias-e525"
# "justyna-p300"
@ -186,7 +187,7 @@
, lib
, pkgs
, ...
}: rec {
}: {
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];

134
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -10,9 +10,139 @@
}:
{
nixos-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
systemd.services.bluetooth-mac = {
enable = true;
path = [
pkgs.systemd
pkgs.util-linux
pkgs.bluez5-experimental
pkgs.expect
];
script = ''
# TODO: this may not be required
while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do
echo Waiting for bluetooth firmware to complete
echo sleep 1
done
(
# best effort
set +e
rfkill block bluetooth
echo $?
btmgmt public-addr ${config.nixos-x13s.bluetoothMac}
echo $?
rfkill unblock bluetooth
echo $?
)
'';
requiredBy = [ "bluetooth.service" ];
before = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
# we need a tty, otherwise btmgmt will hang
StandardInput = "tty";
TTYPath = "/dev/tty2";
TTYReset = "yes";
TTYVHangup = "yes";
};
};
imports = [
../steveej-x13s/configuration.nix
nodeFlake.inputs.nixos-x13s.nixosModules.default
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../snippets/nix-settings.nix
../../profiles/common/user.nix
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
}
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix
../../snippets/timezone.nix
../../snippets/radicale.nix
];
users.commonUsers.installPassword = "install";
networking.hostName = nodeName;
networking.firewall.enable = true;
networking.networkmanager.enable = true;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.sshfs
pkgs.util-linux
pkgs.coreutils
pkgs.vim
pkgs.git
pkgs.git-crypt
];
system.stateVersion = "23.11";
home-manager.users.root = _: {
home.stateVersion = "23.11";
};
home-manager.users.steveej = _: {
home.stateVersion = "23.11";
imports = [
../../../home-manager/configuration/graphical-fullblown.nix
];
home.sessionVariables = { };
home.packages = with pkgs; [
];
# TODO: currently unsupported
services.gammastep.enable = lib.mkForce false;
# programs.chromium.enable = lib.mkForce false;
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
};
# see https://linrunner.de/tlp/
services.tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = "80";
STOP_CHARGE_THRESH_BAT0 = "85";
};
};
# android on linux
virtualisation.waydroid.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
}

6
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,6 +1,7 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
@ -9,6 +10,7 @@
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
inherit localDomainName;
};
@ -24,10 +26,10 @@
deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
];
networking.hostName = nodeName;
};
}

58
nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -19,6 +19,24 @@
"type": "indirect"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
@ -71,6 +89,27 @@
"type": "github"
}
},
"nixos-x13s": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706097550,
"narHash": "sha256-rR4HMpUlT7SbVPxQIvWH0DsxaEQcjTLqLrst2xoT1CY=",
"ref": "refs/heads/main",
"rev": "732a0f1549996740bdb06989599a5f0653de5056",
"revCount": 6,
"type": "git",
"url": "https://codeberg.org/steveej/nixos-x13s"
},
"original": {
"type": "git",
"url": "https://codeberg.org/steveej/nixos-x13s"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705916986,
@ -103,6 +142,24 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1706022028,
@ -125,6 +182,7 @@
"get-flake": "get-flake",
"home-manager": "home-manager",
"mobile-nixos": "mobile-nixos",
"nixos-x13s": "nixos-x13s",
"nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"

58
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -3,7 +3,7 @@
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
# required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
@ -18,6 +18,9 @@
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
@ -27,48 +30,57 @@
, ...
}:
let
targetPlatform = "aarch64-linux";
system = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s-rmvbl";
x13s-flake = get-flake ../steveej-x13s;
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
repoFlake = get-flake ../../../..;
in
{
lib = {
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
inherit system;
inherit nodeName repoFlake;
repoFlake = get-flake ../../../..;
# TODO: double-check if this hack doesn't have negative side-effects
# the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found
nodeFlake = x13s-flake;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
../steveej-x13s/configuration.nix
./configuration.nix
# repoFlake.nixosModules.hardware-x13s
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
nixosConfigurations =
let
nodeName = "steveej-x13s-rmvbl";
in
{
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [
./configuration.nix
{
users.commonUsers.installPassword = "install";
}
];
};
cross = self.lib.mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
nixpkgs.hostPlatform.system = system;
}
];
};

25
nix/os/devices/steveej-x13s/flake.nix
View file

@ -3,7 +3,7 @@
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
# required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
@ -32,10 +32,9 @@
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
repoFlake = get-flake ../../../..;
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
@ -50,22 +49,34 @@
modules =
[
# repoFlake.nixosModules.hardware-x13s
./configuration.nix
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
lib = {
inherit mkNixosConfiguration;
};
nixosConfigurations =
let
nodeName = "steveej-x13s";
in
{
native = mkNixosConfiguration {
inherit nodeName;
system = targetPlatform;
extraModules = [
./configuration.nix
];
};
cross = mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;

2
nix/os/profiles/common/user.nix
View file

@ -61,7 +61,7 @@ in
})
{
users.mutableUsers = lib.mkForce false;
users.mutableUsers = cfg.installPassword != "";
users.users.root = lib.mkMerge [
{