steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: steveej:ba9e9f0916780112dd4f7342fc610ef88a452bcf
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0
...
compare: steveej:53481414df4a24aff7f26161a7b6ad42e82a847e
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0

2 commits
ba9e9f0916 ... 53481414df

Author SHA1 Message Date
Stefan Junker
53481414df feat: experimental k3s + nix-snapshotter snippet 2024-08-04 14:40:13 +02:00
Stefan Junker
7f8bf5c525 feat(toplevel): add x13s (proprietary) bluetooth and wifi firmware 
this allows them to be reused more easily
 2024-08-04 14:38:38 +02:00
10 changed files with 671 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

30
flake.lock generated
View file

@ -33,6 +33,22 @@
"type": "github" "type": "github"
} }
}, },
"ath11k-firmware": {
"flake": false,
"locked": {
"lastModified": 1720482684,
"narHash": "sha256-p6ifwtRNUOyQ2FN2VhSXS6dcrvrtiFZawu/iVXQ4uR0=",
"ref": "refs/heads/main",
"rev": "bb527dcebac835c47ed4f5428a7687769fa9b1b2",
"revCount": 152,
"type": "git",
"url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"
},
"original": {
"type": "git",
"url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"
}
},
"brainwart_x13s-nixos": { "brainwart_x13s-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -823,6 +839,7 @@
"inputs": { "inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export", "adamcstephens_stop-export": "adamcstephens_stop-export",
"aphorme_launcher": "aphorme_launcher", "aphorme_launcher": "aphorme_launcher",
"ath11k-firmware": "ath11k-firmware",
"brainwart_x13s-nixos": "brainwart_x13s-nixos", "brainwart_x13s-nixos": "brainwart_x13s-nixos",
"colmena": "colmena", "colmena": "colmena",
"crane": "crane", "crane": "crane",
@ -860,6 +877,7 @@
"salut": "salut", "salut": "salut",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"srvos": "srvos", "srvos": "srvos",
"x13s-bt-firmware": "x13s-bt-firmware",
"yofi": "yofi" "yofi": "yofi"
} }
}, },
@ -1057,6 +1075,18 @@
"type": "github" "type": "github"
} }
}, },
"x13s-bt-firmware": {
"flake": false,
"locked": {
"narHash": "sha256-FCWkZp+MtEGS5lS5+pxmpCl4wU9GGRegolebcmCN7RU=",
"type": "file",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65"
},
"original": {
"type": "file",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65"
}
},
"yofi": { "yofi": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_4",

37
flake.nix
View file

@ -119,6 +119,31 @@
flake = false; flake = false;
url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b"; url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b";
}; };
x13s-bt-firmware = {
flake = false;
# revisions for this file: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/qca/hpbtfw21.tlv
# 2024-07-29
# not working well
# url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=d118dc8ad5562ac0ae0c07be748cbe35a9361b47";
# 2024-05-30
# url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=436b0a920352d13290043d9ec9e50c420ab10f92";
# 2023-12-18
# not working well
# url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=598f5bd22361d7e92eebe8452d1f8013a1d35b9a";
# 2013-01-17
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/qca/hpbtfw21.tlv?id=2ba1beaae0c649ce8a50baecc8df9e81cd524e65";
};
ath11k-firmware = {
url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git";
flake = false;
};
}; };
outputs = inputs @ { outputs = inputs @ {
@ -337,6 +362,18 @@
buildInputs = [ buildInputs = [
]; ];
}; };
x13s-bt-firmware = pkgs.runCommand "x13s-bt-firmware" {} ''
mkdir -p $out/lib/firmware/qca
cp -v ${self}/misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw $out/lib/firmware/qca/hpnv21.bin
cp -v ${inputs.x13s-bt-firmware} $out/lib/firmware/qca//hpbtfw21.tlv
'';
x13s-ath11k-firmware = pkgs.runCommand "x13s-ath11k-firmware-before" {} ''
mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/
cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/
cp -v ${inputs.ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/
'';
}; };
formatter = pkgs.alejandra; formatter = pkgs.alejandra;

BIN
misc/x13s_bt_firmware/hpnv21g.b8c.crypt.fw Executable file
View file

Binary file not shown.

0
nix/os/containers/mycelium/configuration.nix Normal file
View file

141
nix/os/containers/mycelium/flake.lock generated Normal file
View file

@ -0,0 +1,141 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-snapshotter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"nix-snapshotter": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715438114,
"narHash": "sha256-btb702TXuhDg0D6tW0dCOy4+II9Wl6BJ0LvpT+O9wrs=",
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"rev": "7b251c9356bc7bb383ebeedcd0045b3ae431bff7",
"type": "github"
},
"original": {
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1712450863,
"narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718025593,
"narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1718086528,
"narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "47b604b07d1e8146d5398b42d3306fdebd343986",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-systemd256": {
"locked": {
"lastModified": 1718397913,
"narHash": "sha256-omV+dq3GdXQQTaewxhkBgxM4Bbwqa4D9FVS4dTITxOQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "962cf03fb8c782c5e00f465397e03dc84284acc9",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "962cf03fb8c782c5e00f465397e03dc84284acc9",
"type": "github"
}
},
"root": {
"inputs": {
"nix-snapshotter": "nix-snapshotter",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"nixpkgs-systemd256": "nixpkgs-systemd256"
}
}
},
"root": "root",
"version": 7
}

340
nix/os/containers/mycelium/flake.nix Normal file
View file

@ -0,0 +1,340 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-systemd256.url = "github:NixOS/nixpkgs/962cf03fb8c782c5e00f465397e03dc84284acc9";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-snapshotter = {
url = "github:pdtpartners/nix-snapshotter";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
nixos-generators,
...
}: let
systems = [
"aarch64-linux"
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
nixosConfigurations.default =
nixpkgs.lib.nixosSystem
{
system = "aarch64-linux";
specialArgs = {};
modules = [
({
config,
modulesPath,
pkgs,
lib,
...
}: {
nixpkgs.overlays = [
(final: previous: {
# inherit (self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}) systemd systemdMinimal;
# systemd =
# self.inputs.nixpkgs-systemd256.legacyPackages.${pkgs.system}.systemd.overrideAttrs (prevAttrs: {
# src = /home/steveej/src/others/systemd;
# withAppArmor = false;
# withRepart = false;
# withHomed = false;
# withAcl = false;
# withEfi = false;
# withBootloader = false;
# withCryptsetup = false;
# withLibBPF = false;
# withOomd = false;
# withFido2 = false;
# withApparmor = false;
# withDocumentation = false;
# withUtmp = false;
# withQrencode = false;
# withVmspawn = false;
# withMachined = false;
# withLogTrace = true;
# withArchive = false;
# # don't need these but cause errors for exampel files not found
# # withLogind = false;
# })
# pkgs.systemdMinimal.override {
# # getting errors with these disabled
# withCoredump = true;
# withCompression = true;
# withLogind = true;
# withSysusers = true;
# withUserDb = true;
# }
# pkgs.systemdMinimal
# pkgs.systemd.override {
# withRepart = false;
# withHomed = false;
# withAcl = false;
# withEfi = false;
# withBootloader = false;
# withCryptsetup = false;
# withLibBPF = false;
# withOomd = false;
# withFido2 = false;
# withApparmor = false;
# withDocumentation = false;
# withUtmp = false;
# withQrencode = false;
# withVmspawn = false;
# withMachined = false;
# withLogTrace = true;
# # don't need these but cause errors for exampel files not found
# # withLogind = false;
# }
# ;
})
];
imports = [
(modulesPath + "/profiles/minimal.nix")
];
system.stateVersion = "24.05";
# https://github.com/hercules-ci/arion/blob/c24c185e67f093298a081900b49ca18716077dec/src/nix/modules/nixos/container-systemd.nix
boot.isContainer = true;
# boot.tmp.useTmpfs = true;
boot.loader.grub.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false;
services.journald.console = "/dev/console";
services.journald.storage = "none";
# boot.specialFileSystems = lib.mkForce {};
services.nscd.enable = false;
system.nssModules = lib.mkForce [];
systemd.services.systemd-logind.enable = false;
systemd.services.console-getty.enable = true;
systemd.sockets.nix-daemon.enable = false;
systemd.services.nix-daemon.enable = false;
systemd.oomd.enable = false;
networking.useDHCP = false;
networking.firewall.enable = false;
boot.postBootCommands = ''
ls -lha /run
mkdir -p /run/wrappers
'';
# services.udev.enable = false;
# TODO: this is only needed because `/run/current-system` is missing
# environment.variables.PATH = "${lib.makeBinPath config.environment.systemPackages}:$PATH";
services.mycelium.enable = false;
services.mycelium.keyFile = "/var/lib/secrets/mycelium-keyfile";
systemd.services.mycelium.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.mycelium.serviceConfig.User = lib.mkForce "root";
systemd.services.mycelium.serviceConfig.ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" ''
while true; do
ls -lha $CREDENTIALS_DIRECTORY
sleep 5
done
'');
systemd.services.testing-credentials = {
description = "testing credentials";
wantedBy = ["multi-user.target"];
path = [pkgs.coreutils];
serviceConfig = {
SyslogIdentifier = "testing-credential";
StateDirectory = "testing-credentials";
# DynamicUser = true;
# User = "tc";
# ProtectHome = true;
# ProtectSystem = true;
LoadCredential = [
"mycelium-keyfile:${self.nixosConfigurations.default.config.services.mycelium.keyFile}"
"hosts:/etc/hosts"
];
SetCredential = "nosecret:not secret string";
ExecStart = lib.mkForce (pkgs.writeShellScript "mycelium" ''
cd $STATE_DIRECTORY
env
while true; do
ls -lha $CREDENTIALS_DIRECTORY
sleep 5
done
'');
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts.":80" = {
extraConfig = ''
respond "hello from ${config.networking.hostName}"
'';
};
};
})
];
};
packages = forAllSystems (system: let
name = "mycelium";
inherit (self.inputs) nix-snapshotter;
config = {
entrypoint = "${self.nixosConfigurations.default.config.system.build.toplevel}/init";
# port = 2379;
args = [
];
# nodePort = 30001;
};
myceliumPorts = {
tcp = [9651];
udp = [9650 9651];
};
inherit
(config)
entrypoint
# port
args
# nodePort
;
pkgs = import nixpkgs {
overlays = [nix-snapshotter.overlays.default];
};
image = pkgs.nix-snapshotter.buildImage {
inherit name;
resolvedByNix = true;
config = {
entrypoint = [entrypoint];
env = [
# this is read by the `/init` script and prevents various incompatible commands like mount, etc.
# the value of this doesn't seem to matter as long as it's not an empty string.
"container=nerd"
];
volumes = {
# "/var/lib/private/mycelium/key.bin" = {};
};
copyToRoot = [
# self.nixosConfigurations.default.config.system.build.toplevel
];
};
};
in {
k8s = let
pod = pkgs.writeText "${name}-pod.json" (builtins.toJSON {
apiVersion = "v1";
kind = "Pod";
metadata = {
inherit name;
labels = {inherit name;};
};
spec.containers = [
{
inherit name args;
image = "nix:0${image}";
ports = [
{
name = "mycelium-tcp-0";
containerPort = builtins.elemAt myceliumPorts.tcp 0;
}
{
name = "mycelium-udp-0";
protocol = "UDP";
containerPort = builtins.elemAt myceliumPorts.udp 0;
}
{
name = "mycelium-udp-1";
protocol = "UDP";
containerPort = builtins.elemAt myceliumPorts.udp 1;
}
];
}
];
});
service = pkgs.writeText "${name}-service.json" (builtins.toJSON {
apiVersion = "v1";
kind = "Service";
metadata.name = "${name}-service";
spec = {
type = "NodePort";
selector = {inherit name;};
ports = [
{
name = "mycelium-tcp-0";
port = builtins.elemAt myceliumPorts.tcp 0 + 50000;
targetPort = "mycelium-tcp-0";
}
{
name = "mycelium-udp-0";
protocol = "UDP";
port = builtins.elemAt myceliumPorts.udp 0 + 50000;
targetPort = "mycelium-udp-0";
}
{
name = "mycelium-udp-1";
protocol = "UDP";
port = builtins.elemAt myceliumPorts.udp 1 + 50000;
targetPort = "mycelium-udp-1";
}
];
};
});
in
pkgs.runCommand "declarative-k8s" {} ''
mkdir -p $out/share/k8s
cp ${pod} $out/share/k8s/
cp ${service} $out/share/k8s/
'';
inherit image;
start = pkgs.writeShellApplication {
name = "start";
text = ''
set -x
rm -rf ./result
nix build --impure .#image
sudo nix2container load ./result
sudo -E nerdctl run --name ${name} --privileged -dt \
--volume "$PWD/key.bin.crypt:${self.nixosConfigurations.default.config.services.mycelium.keyFile}:ro" \
"nix:0$(readlink result):latest"
'';
};
stop = pkgs.writeShellApplication {
name = "stop";
text = ''
set +e
sudo -E nerdctl stop -t 60 ${name}
sudo -E nerdctl rm --force ${name}
sudo -E nerdctl system prune --all --force
sudo systemctl stop nix-snapshotter
sudo systemctl stop containerd
mount | rg -No '(/var/lib/container|/tmp/initial)[^ ]+' | tac | xargs sudo umount -l
sudo systemctl start containerd
sudo systemctl start nix-snapshotter
'';
# tmpfs on /run/credentials/mycelium.service type tmpfs (ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap)
# mount -t tmpfs tmpfs /run/credentials/mycelium.service -o ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap
};
});
};
}

20
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -7,8 +7,15 @@
nodeName, nodeName,
localDomainName, localDomainName,
system, system,
packages',
... ...
}: { }: {
nixpkgs.overlays = [
(final: previous: {
# inherit (nodeFlake.inputs.nixpkgs-systemd256.legacyPackages.${system}) systemd systemdMinimal;
})
];
nixos-x13s = { nixos-x13s = {
enable = true; enable = true;
# TODO: use hardware address # TODO: use hardware address
@ -86,6 +93,8 @@
sops.secrets.builder-private-key = {}; sops.secrets.builder-private-key = {};
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.buildMachines = [ nix.buildMachines = [
# test these with: sudo nix store ping --store 'ssh-ng://nix-remote-builder@sj-bm-hostkey0.dev.infra.holochain.org?ssh-key=/run/secrets/builder-private-key'
{ {
hostName = "sj-bm-hostkey0.dev.infra.holochain.org"; hostName = "sj-bm-hostkey0.dev.infra.holochain.org";
sshUser = "nix-remote-builder"; sshUser = "nix-remote-builder";
@ -147,6 +156,8 @@
../../snippets/radicale.nix ../../snippets/radicale.nix
../../snippets/holo-zerotier.nix ../../snippets/holo-zerotier.nix
../../snippets/k3s-w-nix-snapshotter.nix
]; ];
networking.hostName = nodeName; networking.hostName = nodeName;
@ -193,7 +204,8 @@
}; };
hardware.firmware = lib.mkBefore [ hardware.firmware = lib.mkBefore [
nodeFlake.packages.${system}.x13s-ath11k-firmware packages'.x13s-bt-firmware
packages'.x13s-ath11k-firmware
]; ];
# see https://linrunner.de/tlp/ # see https://linrunner.de/tlp/
@ -208,11 +220,11 @@
# android on linux # android on linux
virtualisation.waydroid.enable = false; virtualisation.waydroid.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
hardware.ledger.enable = true; hardware.ledger.enable = true;
virtualisation.containers.enable = true;
virtualisation.podman.enable = true;
nix.settings.substituters = [ nix.settings.substituters = [
"https://nixos-x13s.cachix.org" "https://nixos-x13s.cachix.org"
]; ];

96
nix/os/devices/steveej-x13s/flake.lock generated
View file

@ -1,21 +1,5 @@
{ {
"nodes": { "nodes": {
"ath11k-firmware": {
"flake": false,
"locked": {
"lastModified": 1720482684,
"narHash": "sha256-p6ifwtRNUOyQ2FN2VhSXS6dcrvrtiFZawu/iVXQ4uR0=",
"ref": "refs/heads/main",
"rev": "bb527dcebac835c47ed4f5428a7687769fa9b1b2",
"revCount": 152,
"type": "git",
"url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"
},
"original": {
"type": "git",
"url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"
}
},
"crane": { "crane": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -70,7 +54,44 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-snapshotter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
@ -141,22 +162,6 @@
"type": "github" "type": "github"
} }
}, },
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1722056346,
"narHash": "sha256-50fcuCppaLMfSOTFO4IkCBs4folToCwlhTgc6IdZFHg=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "717ce90cfadffa449480bae2e155185c651e9993",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"mycelium": { "mycelium": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -194,9 +199,31 @@
"type": "github" "type": "github"
} }
}, },
"nix-snapshotter": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717948701,
"narHash": "sha256-G7SXaZ7J4yO4OQEKSZPVWcccfV87uyLech0jEOU350g=",
"owner": "yu-re-ka",
"repo": "nix-snapshotter",
"rev": "c10b066a4b1bb3451507c141636014e3335e579e",
"type": "github"
},
"original": {
"owner": "yu-re-ka",
"repo": "nix-snapshotter",
"type": "github"
}
},
"nixos-x13s": { "nixos-x13s": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
@ -291,12 +318,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"ath11k-firmware": "ath11k-firmware",
"disko": "disko", "disko": "disko",
"get-flake": "get-flake", "get-flake": "get-flake",
"home-manager": "home-manager", "home-manager": "home-manager",
"mobile-nixos": "mobile-nixos",
"mycelium": "mycelium", "mycelium": "mycelium",
"nix-snapshotter": "nix-snapshotter",
"nixos-x13s": "nixos-x13s", "nixos-x13s": "nixos-x13s",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable"

14
nix/os/devices/steveej-x13s/flake.nix
View file

@ -20,9 +20,11 @@
# nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
mycelium.url = "github:threefoldtech/mycelium"; mycelium.url = "github:threefoldtech/mycelium";
ath11k-firmware = {
url = "git+https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"; nix-snapshotter = {
flake = false; url = "github:yu-re-ka/nix-snapshotter";
# url = "github:pdtpartners/nix-snapshotter";
inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@ -30,7 +32,6 @@
self, self,
get-flake, get-flake,
nixpkgs, nixpkgs,
ath11k-firmware,
... ...
}: let }: let
targetPlatform = "aarch64-linux"; targetPlatform = "aarch64-linux";
@ -93,11 +94,6 @@
}; };
}; };
packages.${targetPlatform} = { packages.${targetPlatform} = {
x13s-ath11k-firmware = nixpkgs.legacyPackages.${targetPlatform}.runCommand "x13s-ath11k-firmware-before" {} ''
mkdir -p $out/lib/firmware/ath11k/WCN6855/hw2.1/
cp -v ${ath11k-firmware}/WCN6855/hw2.1/{board-2,regdb}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/
cp -v ${ath11k-firmware}/WCN6855/hw2.1/1.1/WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41/{amss,m3}.bin $out/lib/firmware/ath11k/WCN6855/hw2.1/
'';
}; };
}; };
} }

41
nix/os/snippets/k3s-w-nix-snapshotter.nix Normal file
View file

@ -0,0 +1,41 @@
# experiment with k3s, nix-snapshotter, and nixos images
{
nodeFlake,
nodeFlakeInputs',
pkgs,
lib,
system,
...
}: {
# (1) Import nixos module.
imports = [
nodeFlake.inputs.nix-snapshotter.nixosModules.default
];
# (2) Add overlay.
nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default];
# (3) Enable service.
virtualisation.containerd = {
enable = true;
k3sIntegration = false;
nixSnapshotterIntegration = true;
# TODO: understand if this has an influence on the systemd LoadCredential issue
settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true;
};
services.nix-snapshotter = {
enable = true;
};
# (4) Add a containerd CLI like nerdctl.
environment.systemPackages = [
pkgs.nerdctl
nodeFlake.inputs.nix-snapshotter.packages.${system}.default
];
services.k3s = {
enable = false;
setKubeConfig = true;
};
}