Added pi4 configuration

This commit is contained in:
Alejandro Angulo 2023-09-02 17:12:21 -07:00
parent 4b9993d11a
commit 28fe66a888
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
7 changed files with 205 additions and 24 deletions

View file

@ -169,6 +169,22 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1693588489,
"narHash": "sha256-hUGiONyurfBxmTtRUttdlkdq+ml16L1MiKKAS1047OE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "fe0ea731b84b10143fc68cd557368ac70f0fb65c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1692734709,
@ -192,6 +208,7 @@
"flake-utils-plus": "flake-utils-plus",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib"
}

View file

@ -25,6 +25,8 @@
agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "home-manager";
agenix.inputs.darwin.follows = "";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
outputs = inputs: let
@ -39,20 +41,48 @@
channels-config.allowUnfree = true;
systems.modules = with inputs; [
home-manager.nixosModules.home-manager
agenix.nixosModules.default
home-manager.nixosModules.home-manager
];
deploy.nodes.node = {
hostname = "node";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node;
sshOpts = ["-A"];
deploy.nodes = {
node = {
hostname = "node";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node;
sshOpts = ["-A"];
};
};
pi4 = let
system = "aarch64-linux";
pkgs = import inputs.nixpkgs {inherit system;};
deployPkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.deploy-rs.overlay
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = inputs.deploy-rs.lib;
};
})
];
};
in {
hostname = "pi4";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
};
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
# TODO: Re-enable this when I figure out how to prevent needing to build
# dependencies for architectures other than the host machine
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
};
}

View file

@ -0,0 +1,44 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.aa.services.octoprint;
in {
options.aa.services.octoprint = with types; {
enable = mkEnableOption "octoprint";
acmeCertName = mkOption {
type = str;
default = "";
description = ''
If set to a non-empty string, foces SSL with the supplied acme
certificate.
'';
};
};
config = mkIf cfg.enable {
services.octoprint.enable = true;
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."octoprint.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
proxyWebsockets = true;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall.allowedTCPPorts = [80 443];
};
}

View file

@ -1,12 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 Yk7ehg yd4HdQ3M4nNxxkQJxbBTpxm4Q91Geu9NPTpc89GDX2k
VDK0jJvCRmDzjXkCTt7FTRQflccY+5Sw6m5j+i8y5qE
-> ssh-ed25519 SYNSNQ 6bUFdt0+KzWLIhk8HC2YSlvRGUHx9lbfsLuId3eI8mE
/J8MhNcNbwGt3GNFWRqBoEuRA2diuVUEIwCNjWduV58
-> piv-p256 UIEGzg AmQTLuIgW3b1xwBR72vx1HKOWSrlBo2u2Cp/ERAUuC3E
yRIBeItdJuAgp2f8/j4ZZAzvGSQnoDL1u3bneHKxdt8
-> g@-grease ekU. 7n9S
TQDOfhGOoWQ0CRITXdz3pSreU3MTaB/SXBupQ2KCw8M3CN3q33DpL+29asuKQuK4
6StATcU7fMQ+NU/tCXt1qWz/qw4cfo2+gLk
--- QFnlzub83Ji3lIK+B/U8nztj9t4DLBX00BBVKkJJ/gs
¬S&°MÑ{@â¤@'H|Aà7ZìIrþ‰{>K¨WS'ªØ™¶µäŠŠâ"ŒoÖÙ¥(77-z!âùA¸<41> yr´7Ä*æ±oÄÉ<>ƒk$…\ÙpØå^©¾XL,­ÃOÌâÏIXÆ´<±×)È‘åÝÓ> úyeÂSüÁ¡4”fŽ}8vE+YYù<59>Q|iŒbéìã'ú%âN‡~
-> ssh-ed25519 Yk7ehg NwKwWQiMTehA+gluPXpVyL4zyhGRheQ1hCyyjPyWNlM
ZTD2ssehxzayPhnW+OVqXzr/fqQ7Hdm711RgZT5R4Pw
-> ssh-ed25519 SYNSNQ oEc4p7cz7u+gEYIJVW7hl+VXwXzPSpRXCL33Ij2ZIkc
avgbK9ss20KmL1XB9Sg45bwv6BItDcMJj8/e2fXxZOE
-> ssh-ed25519 t5XIGA huqEOk8X1Z4g4pcjAc6griyt3x+hU5NWMfCUL8WoUkI
yqJxaxWF04PzcmyFN8hq+u9DaQmbI4W3PSDC2+Rxr5I
-> piv-p256 UIEGzg AzYN661WI0nUCA4MHnSqOT0A23jbBl9Dnv5CmmJkvuSk
BXxeYW5RdiYNwtMG+PHF5b7x2Pu129SNOeqItwfcWTs
-> X{\S-grease <0c[|Bb
tXXujcfm/3s/TMaX5tM9TamHAEHSUCArwJCDEJ2SFKcL8FSV1N3srp4wNogtF7pO
PjLeXFHo
--- 1VR3EGzzVvK+pbDlvomJ6cJ9wOrP2LoPsUqmh0c6bVE
°¸>¦/<2F>Éÿ,+ðì®bÇLþjgŽfÏ<9m¿K‰ÙõT¢±N3òà¦wÄ͹1¸(¿&É´D¦Á 7ø2 #­.^"KWì$BªKUknDX¨î­kÂÝ7GRÚ¡d§Ìèœ^9`Ðã©Ñ”yóM-µˆçKvõO#çÑ#¤þ8_—<Êù©âu:;Ø\•A0â¬X5ø³)²Þ

View file

@ -2,9 +2,12 @@ let
# Remember to pass '--identity identities/me.txt` when using this key
users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25";
machines.gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
machines.node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
machines = {
gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
};
in {
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel];
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4];
"nextcloud_admin.age".publicKeys = [users.me machines.node];
}

View file

@ -0,0 +1,85 @@
{
config,
pkgs,
lib,
inputs,
nixpkgs,
modulesPath,
...
}: {
imports = with inputs; [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
nixos-hardware.nixosModules.raspberry-pi-4
];
# Workaround for issue 109280
# See here: https://github.com/NixOS/nixpkgs/issues/109280#issuecomment-973636212
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // {allowMissing = true;});
})
];
age.secrets.cf_dns_kilonull.file = ../../../secrets/cf_dns_kilonull.age;
aa = {
nix.enable = true;
nix.useSelfhostedCache = true;
apps.btop.enable = true;
apps.tmux.enable = true;
services.tailscale = {
enable = true;
configureClientRouting = true;
configureServerRouting = true;
};
services.openssh.enable = true;
services.octoprint = {
enable = true;
acmeCertName = "kilonull.com";
};
security.acme = {
enable = true;
domainName = "kilonull.com";
dnsCredentialsFile = config.age.secrets.cf_dns_kilonull.path;
};
suites.utils.enable = true;
tools.zsh.enable = true;
};
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
networking = {
hostName = "pi4";
useDHCP = false;
defaultGateway = "192.168.113.1";
nameservers = ["192.168.113.13" "1.1.1.1"];
interfaces.end0.ipv4.addresses = [
{
address = "192.168.113.42";
prefixLength = 24;
}
];
};
security.sudo = {
wheelNeedsPassword = false;
execWheelOnly = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

View file

@ -73,7 +73,7 @@
};
};
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
# boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
networking = {
hostName = "gospel";
useDHCP = false;