Added pi4 configuration
This commit is contained in:
parent
4b9993d11a
commit
28fe66a888
17
flake.lock
17
flake.lock
|
@ -169,6 +169,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1693588489,
|
||||
"narHash": "sha256-hUGiONyurfBxmTtRUttdlkdq+ml16L1MiKKAS1047OE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "fe0ea731b84b10143fc68cd557368ac70f0fb65c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "master",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1692734709,
|
||||
|
@ -192,6 +208,7 @@
|
|||
"flake-utils-plus": "flake-utils-plus",
|
||||
"home-manager": "home-manager",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"snowfall-lib": "snowfall-lib"
|
||||
}
|
||||
|
|
48
flake.nix
48
flake.nix
|
@ -25,6 +25,8 @@
|
|||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
agenix.inputs.home-manager.follows = "home-manager";
|
||||
agenix.inputs.darwin.follows = "";
|
||||
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
};
|
||||
|
||||
outputs = inputs: let
|
||||
|
@ -39,20 +41,48 @@
|
|||
channels-config.allowUnfree = true;
|
||||
|
||||
systems.modules = with inputs; [
|
||||
home-manager.nixosModules.home-manager
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
];
|
||||
|
||||
deploy.nodes.node = {
|
||||
hostname = "node";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "alejandro";
|
||||
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node;
|
||||
sshOpts = ["-A"];
|
||||
deploy.nodes = {
|
||||
node = {
|
||||
hostname = "node";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "alejandro";
|
||||
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node;
|
||||
sshOpts = ["-A"];
|
||||
};
|
||||
};
|
||||
|
||||
pi4 = let
|
||||
system = "aarch64-linux";
|
||||
pkgs = import inputs.nixpkgs {inherit system;};
|
||||
deployPkgs = import inputs.nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
inputs.deploy-rs.overlay
|
||||
(self: super: {
|
||||
deploy-rs = {
|
||||
inherit (pkgs) deploy-rs;
|
||||
lib = inputs.deploy-rs.lib;
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
in {
|
||||
hostname = "pi4";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "alejandro";
|
||||
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
|
||||
# TODO: Re-enable this when I figure out how to prevent needing to build
|
||||
# dependencies for architectures other than the host machine
|
||||
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
|
||||
};
|
||||
}
|
||||
|
|
44
modules/services/octoprint/default.nix
Normal file
44
modules/services/octoprint/default.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.octoprint;
|
||||
in {
|
||||
options.aa.services.octoprint = with types; {
|
||||
enable = mkEnableOption "octoprint";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, foces SSL with the supplied acme
|
||||
certificate.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.octoprint.enable = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts."octoprint.kilonull.com" =
|
||||
{
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
}
|
||||
// lib.optionalAttrs (cfg.acmeCertName != "") {
|
||||
forceSSL = true;
|
||||
useACMEHost = cfg.acmeCertName;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
};
|
||||
}
|
|
@ -1,12 +1,14 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 Yk7ehg yd4HdQ3M4nNxxkQJxbBTpxm4Q91Geu9NPTpc89GDX2k
|
||||
VDK0jJvCRmDzjXkCTt7FTRQflccY+5Sw6m5j+i8y5qE
|
||||
-> ssh-ed25519 SYNSNQ 6bUFdt0+KzWLIhk8HC2YSlvRGUHx9lbfsLuId3eI8mE
|
||||
/J8MhNcNbwGt3GNFWRqBoEuRA2diuVUEIwCNjWduV58
|
||||
-> piv-p256 UIEGzg AmQTLuIgW3b1xwBR72vx1HKOWSrlBo2u2Cp/ERAUuC3E
|
||||
yRIBeItdJuAgp2f8/j4ZZAzvGSQnoDL1u3bneHKxdt8
|
||||
-> g@-grease ekU. 7n9S
|
||||
TQDOfhGOoWQ0CRITXdz3pSreU3MTaB/SXBupQ2KCw8M3CN3q33DpL+29asuKQuK4
|
||||
6StATcU7fMQ+NU/tCXt1qWz/qw4cfo2+gLk
|
||||
--- QFnlzub83Ji3lIK+B/U8nztj9t4DLBX00BBVKkJJ/gs
|
||||
¬S&°MÑ{@â¤@'H|Aà7ZìIrþ‰{>K¨WS'ªØ™¶µäŠŠâ"ŒoÖÙ¥(77-z!âùA¸<41>;Ø‹yr´7Ä*æ±oÄÉ‘<>ƒk$…\ÙpØå^©¾XL,ÃOÌâÏIXÆ´<±×)È‘åÝÓ> úyeÂSüÁ¡4”fŽ}8vE+YYù<59>Q|iŒbéìã'ú%âN‡~
|
||||
-> ssh-ed25519 Yk7ehg NwKwWQiMTehA+gluPXpVyL4zyhGRheQ1hCyyjPyWNlM
|
||||
ZTD2ssehxzayPhnW+OVqXzr/fqQ7Hdm711RgZT5R4Pw
|
||||
-> ssh-ed25519 SYNSNQ oEc4p7cz7u+gEYIJVW7hl+VXwXzPSpRXCL33Ij2ZIkc
|
||||
avgbK9ss20KmL1XB9Sg45bwv6BItDcMJj8/e2fXxZOE
|
||||
-> ssh-ed25519 t5XIGA huqEOk8X1Z4g4pcjAc6griyt3x+hU5NWMfCUL8WoUkI
|
||||
yqJxaxWF04PzcmyFN8hq+u9DaQmbI4W3PSDC2+Rxr5I
|
||||
-> piv-p256 UIEGzg AzYN661WI0nUCA4MHnSqOT0A23jbBl9Dnv5CmmJkvuSk
|
||||
BXxeYW5RdiYNwtMG+PHF5b7x2Pu129SNOeqItwfcWTs
|
||||
-> X{\S-grease <0c[|Bb
|
||||
tXXujcfm/3s/TMaX5tM9TamHAEHSUCArwJCDEJ2SFKcL8FSV1N3srp4wNogtF7pO
|
||||
PjLeXFHo
|
||||
--- 1VR3EGzzVvK+pbDlvomJ6cJ9wOrP2LoPsUqmh0c6bVE
|
||||
°¸>¦/<2F>Éÿ,+ðì®bÇLþjgŽfÏ<9m¿K‰ÙõT¢‚±N3òà¦wÄ͹1¸(¿&É´D¦Á 7ø2 #.^"KWì$BªKUknDX¨îkÂÝ7GRÚ¡d§Ìèœ^9`Ðã©Ñ”yóM-µˆçKvõO#çÑ#¤þ8_—<Êù©âu:;Ø\•A0â¬X5ø³)²Þ
|
|
@ -2,9 +2,12 @@ let
|
|||
# Remember to pass '--identity identities/me.txt` when using this key
|
||||
users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25";
|
||||
|
||||
machines.gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
|
||||
machines.node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
|
||||
machines = {
|
||||
gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
|
||||
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
|
||||
pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
|
||||
};
|
||||
in {
|
||||
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel];
|
||||
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4];
|
||||
"nextcloud_admin.age".publicKeys = [users.me machines.node];
|
||||
}
|
||||
|
|
85
systems/aarch64-linux/pi4/default.nix
Normal file
85
systems/aarch64-linux/pi4/default.nix
Normal file
|
@ -0,0 +1,85 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
nixpkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = with inputs; [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
];
|
||||
|
||||
# Workaround for issue 109280
|
||||
# See here: https://github.com/NixOS/nixpkgs/issues/109280#issuecomment-973636212
|
||||
nixpkgs.overlays = [
|
||||
(final: super: {
|
||||
makeModulesClosure = x:
|
||||
super.makeModulesClosure (x // {allowMissing = true;});
|
||||
})
|
||||
];
|
||||
|
||||
age.secrets.cf_dns_kilonull.file = ../../../secrets/cf_dns_kilonull.age;
|
||||
|
||||
aa = {
|
||||
nix.enable = true;
|
||||
nix.useSelfhostedCache = true;
|
||||
|
||||
apps.btop.enable = true;
|
||||
apps.tmux.enable = true;
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
configureClientRouting = true;
|
||||
configureServerRouting = true;
|
||||
};
|
||||
services.openssh.enable = true;
|
||||
services.octoprint = {
|
||||
enable = true;
|
||||
acmeCertName = "kilonull.com";
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
enable = true;
|
||||
domainName = "kilonull.com";
|
||||
dnsCredentialsFile = config.age.secrets.cf_dns_kilonull.path;
|
||||
};
|
||||
|
||||
suites.utils.enable = true;
|
||||
tools.zsh.enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "pi4";
|
||||
useDHCP = false;
|
||||
defaultGateway = "192.168.113.1";
|
||||
nameservers = ["192.168.113.13" "1.1.1.1"];
|
||||
interfaces.end0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.113.42";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
security.sudo = {
|
||||
wheelNeedsPassword = false;
|
||||
execWheelOnly = true;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
}
|
|
@ -73,7 +73,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
|
||||
# boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
|
||||
networking = {
|
||||
hostName = "gospel";
|
||||
useDHCP = false;
|
||||
|
|
Loading…
Reference in a new issue