steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP: x13s: install to nvme, refactor into module

Browse source
This commit is contained in:
steveej 2024-01-22 22:50:51 +01:00
parent 40416bd4de
commit a083c05b27
28 changed files with 1361 additions and 737 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nix/os/devices/steveej-x13s/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

107
nix/os/devices/steveej-x13s/configuration.nix Normal file
View file

@ -0,0 +1,107 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
repoFlake.nixosModules.thinkpad-x13s
../../profiles/common/pkg.nix
{
# nixpkgs.config.allowUnsupportedSystem = true;
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
# ../../profiles/common/user.nix
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# users.commonUsers = {
# enable = true;
# enableNonRoot = true;
# };
users.users.root.initialPassword = "install";
}
nodeFlake.inputs.home-manager.nixosModules.home-manager
# ../../snippets/sway-desktop.nix
# ../../snippets/radicale.nix
];
hardware.thinkpad-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
networking = {
hostName = nodeName;
firewall.enable = true;
# useNetworkd = true;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.sshfs
pkgs.util-linux
pkgs.coreutils
pkgs.vim
pkgs.git
pkgs.git-crypt
];
# home-manager.users.steveej = _: {
# home.stateVersion = "23.11";
# imports = [
# ../../../home-manager/configuration/graphical-fullblown.nix
# ];
# home.sessionVariables = { };
# home.packages = with pkgs; [
# ];
# };
}

40
nix/os/devices/steveej-x13s/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
networking.hostName = nodeName;
};
}

66
nix/os/devices/steveej-x13s/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
x13s-nvme = {
type = "disk";
device = "/dev/disk/by-id/nvme-KBG5AZNT1T02_LA_KIOXIA_52QC84BEEJS6";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

207
nix/os/devices/steveej-x13s/flake.lock generated Normal file
View file

@ -0,0 +1,207 @@
{
"nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705890365,
"narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=",
"owner": "nix-community",
"repo": "disko",
"rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9",
"type": "github"
},
"original": {
"id": "disko",
"type": "indirect"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705659542,
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1705008488,
"narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "56e55df7b07b5e5c6d050732d851cec62b41df95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705774713,
"narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1705891108,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
}
},
"root": "root",
"version": 7
}

73
nix/os/devices/steveej-x13s/flake.nix Normal file
View file

@ -0,0 +1,73 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
({ repoFlake, ... }: repoFlake.nixosModules.hardware-x13s)
./configuration.nix
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
}