Added pi4 configuration
This commit is contained in:
parent
4b9993d11a
commit
28fe66a888
17
flake.lock
17
flake.lock
|
@ -169,6 +169,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixos-hardware": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1693588489,
|
||||||
|
"narHash": "sha256-hUGiONyurfBxmTtRUttdlkdq+ml16L1MiKKAS1047OE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"rev": "fe0ea731b84b10143fc68cd557368ac70f0fb65c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692734709,
|
"lastModified": 1692734709,
|
||||||
|
@ -192,6 +208,7 @@
|
||||||
"flake-utils-plus": "flake-utils-plus",
|
"flake-utils-plus": "flake-utils-plus",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"snowfall-lib": "snowfall-lib"
|
"snowfall-lib": "snowfall-lib"
|
||||||
}
|
}
|
||||||
|
|
36
flake.nix
36
flake.nix
|
@ -25,6 +25,8 @@
|
||||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
agenix.inputs.home-manager.follows = "home-manager";
|
agenix.inputs.home-manager.follows = "home-manager";
|
||||||
agenix.inputs.darwin.follows = "";
|
agenix.inputs.darwin.follows = "";
|
||||||
|
|
||||||
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs: let
|
outputs = inputs: let
|
||||||
|
@ -39,11 +41,12 @@
|
||||||
channels-config.allowUnfree = true;
|
channels-config.allowUnfree = true;
|
||||||
|
|
||||||
systems.modules = with inputs; [
|
systems.modules = with inputs; [
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
];
|
];
|
||||||
|
|
||||||
deploy.nodes.node = {
|
deploy.nodes = {
|
||||||
|
node = {
|
||||||
hostname = "node";
|
hostname = "node";
|
||||||
profiles.system = {
|
profiles.system = {
|
||||||
user = "root";
|
user = "root";
|
||||||
|
@ -53,6 +56,33 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
|
pi4 = let
|
||||||
|
system = "aarch64-linux";
|
||||||
|
pkgs = import inputs.nixpkgs {inherit system;};
|
||||||
|
deployPkgs = import inputs.nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
overlays = [
|
||||||
|
inputs.deploy-rs.overlay
|
||||||
|
(self: super: {
|
||||||
|
deploy-rs = {
|
||||||
|
inherit (pkgs) deploy-rs;
|
||||||
|
lib = inputs.deploy-rs.lib;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
hostname = "pi4";
|
||||||
|
profiles.system = {
|
||||||
|
user = "root";
|
||||||
|
sshUser = "alejandro";
|
||||||
|
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: Re-enable this when I figure out how to prevent needing to build
|
||||||
|
# dependencies for architectures other than the host machine
|
||||||
|
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
44
modules/services/octoprint/default.nix
Normal file
44
modules/services/octoprint/default.nix
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
options,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
cfg = config.aa.services.octoprint;
|
||||||
|
in {
|
||||||
|
options.aa.services.octoprint = with types; {
|
||||||
|
enable = mkEnableOption "octoprint";
|
||||||
|
acmeCertName = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
If set to a non-empty string, foces SSL with the supplied acme
|
||||||
|
certificate.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.octoprint.enable = true;
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
virtualHosts."octoprint.kilonull.com" =
|
||||||
|
{
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
// lib.optionalAttrs (cfg.acmeCertName != "") {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = cfg.acmeCertName;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,12 +1,14 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 Yk7ehg yd4HdQ3M4nNxxkQJxbBTpxm4Q91Geu9NPTpc89GDX2k
|
-> ssh-ed25519 Yk7ehg NwKwWQiMTehA+gluPXpVyL4zyhGRheQ1hCyyjPyWNlM
|
||||||
VDK0jJvCRmDzjXkCTt7FTRQflccY+5Sw6m5j+i8y5qE
|
ZTD2ssehxzayPhnW+OVqXzr/fqQ7Hdm711RgZT5R4Pw
|
||||||
-> ssh-ed25519 SYNSNQ 6bUFdt0+KzWLIhk8HC2YSlvRGUHx9lbfsLuId3eI8mE
|
-> ssh-ed25519 SYNSNQ oEc4p7cz7u+gEYIJVW7hl+VXwXzPSpRXCL33Ij2ZIkc
|
||||||
/J8MhNcNbwGt3GNFWRqBoEuRA2diuVUEIwCNjWduV58
|
avgbK9ss20KmL1XB9Sg45bwv6BItDcMJj8/e2fXxZOE
|
||||||
-> piv-p256 UIEGzg AmQTLuIgW3b1xwBR72vx1HKOWSrlBo2u2Cp/ERAUuC3E
|
-> ssh-ed25519 t5XIGA huqEOk8X1Z4g4pcjAc6griyt3x+hU5NWMfCUL8WoUkI
|
||||||
yRIBeItdJuAgp2f8/j4ZZAzvGSQnoDL1u3bneHKxdt8
|
yqJxaxWF04PzcmyFN8hq+u9DaQmbI4W3PSDC2+Rxr5I
|
||||||
-> g@-grease ekU. 7n9S
|
-> piv-p256 UIEGzg AzYN661WI0nUCA4MHnSqOT0A23jbBl9Dnv5CmmJkvuSk
|
||||||
TQDOfhGOoWQ0CRITXdz3pSreU3MTaB/SXBupQ2KCw8M3CN3q33DpL+29asuKQuK4
|
BXxeYW5RdiYNwtMG+PHF5b7x2Pu129SNOeqItwfcWTs
|
||||||
6StATcU7fMQ+NU/tCXt1qWz/qw4cfo2+gLk
|
-> X{\S-grease <0c[|Bb
|
||||||
--- QFnlzub83Ji3lIK+B/U8nztj9t4DLBX00BBVKkJJ/gs
|
tXXujcfm/3s/TMaX5tM9TamHAEHSUCArwJCDEJ2SFKcL8FSV1N3srp4wNogtF7pO
|
||||||
¬S&°MÑ{@â¤@'H|Aà7ZìIrþ‰{>K¨WS'ªØ™¶µäŠŠâ"ŒoÖÙ¥(77-z!âùA¸<41>;Ø‹yr´7Ä*æ±oÄÉ‘<>ƒk$…\ÙpØå^©¾XL,ÃOÌâÏIXÆ´<±×)È‘åÝÓ> úyeÂSüÁ¡4”fŽ}8vE+YYù<59>Q|iŒbéìã'ú%âN‡~
|
PjLeXFHo
|
||||||
|
--- 1VR3EGzzVvK+pbDlvomJ6cJ9wOrP2LoPsUqmh0c6bVE
|
||||||
|
°¸>¦/<2F>Éÿ,+ðì®bÇLþjgŽfÏ<9m¿K‰ÙõT¢‚±N3òà¦wÄ͹1¸(¿&É´D¦Á 7ø2 #.^"KWì$BªKUknDX¨îkÂÝ7GRÚ¡d§Ìèœ^9`Ðã©Ñ”yóM-µˆçKvõO#çÑ#¤þ8_—<Êù©âu:;Ø\•A0â¬X5ø³)²Þ
|
|
@ -2,9 +2,12 @@ let
|
||||||
# Remember to pass '--identity identities/me.txt` when using this key
|
# Remember to pass '--identity identities/me.txt` when using this key
|
||||||
users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25";
|
users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25";
|
||||||
|
|
||||||
machines.gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
|
machines = {
|
||||||
machines.node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
|
gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
|
||||||
|
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
|
||||||
|
pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel];
|
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4];
|
||||||
"nextcloud_admin.age".publicKeys = [users.me machines.node];
|
"nextcloud_admin.age".publicKeys = [users.me machines.node];
|
||||||
}
|
}
|
||||||
|
|
85
systems/aarch64-linux/pi4/default.nix
Normal file
85
systems/aarch64-linux/pi4/default.nix
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
nixpkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = with inputs; [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
|
||||||
|
nixos-hardware.nixosModules.raspberry-pi-4
|
||||||
|
];
|
||||||
|
|
||||||
|
# Workaround for issue 109280
|
||||||
|
# See here: https://github.com/NixOS/nixpkgs/issues/109280#issuecomment-973636212
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: super: {
|
||||||
|
makeModulesClosure = x:
|
||||||
|
super.makeModulesClosure (x // {allowMissing = true;});
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets.cf_dns_kilonull.file = ../../../secrets/cf_dns_kilonull.age;
|
||||||
|
|
||||||
|
aa = {
|
||||||
|
nix.enable = true;
|
||||||
|
nix.useSelfhostedCache = true;
|
||||||
|
|
||||||
|
apps.btop.enable = true;
|
||||||
|
apps.tmux.enable = true;
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
configureClientRouting = true;
|
||||||
|
configureServerRouting = true;
|
||||||
|
};
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.octoprint = {
|
||||||
|
enable = true;
|
||||||
|
acmeCertName = "kilonull.com";
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
enable = true;
|
||||||
|
domainName = "kilonull.com";
|
||||||
|
dnsCredentialsFile = config.age.secrets.cf_dns_kilonull.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
suites.utils.enable = true;
|
||||||
|
tools.zsh.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
libraspberrypi
|
||||||
|
raspberrypi-eeprom
|
||||||
|
];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "pi4";
|
||||||
|
useDHCP = false;
|
||||||
|
defaultGateway = "192.168.113.1";
|
||||||
|
nameservers = ["192.168.113.13" "1.1.1.1"];
|
||||||
|
interfaces.end0.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.113.42";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
security.sudo = {
|
||||||
|
wheelNeedsPassword = false;
|
||||||
|
execWheelOnly = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
}
|
|
@ -73,7 +73,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
|
# boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "gospel";
|
hostName = "gospel";
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
|
|
Loading…
Reference in a new issue