xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: xin:544a41048a05487d382e9b43447eed57335f0bce
Branches Tags
xin:master
xin:deploy
xin:testing-weilite
xin:testing-raspite
xin:testing-calcite
xin:next
xin:deploy-comin-eval
..
compare: xin:a3d9de6ad2d10fae0c4c1a695f89d0dd38a718ed
Branches Tags
xin:deploy
xin:testing-weilite
xin:testing-raspite
xin:testing-calcite
xin:next
xin:deploy-comin-eval
xin:master

2 commits
544a41048a ... a3d9de6ad2

Author SHA1 Message Date
xinyangli
a3d9de6ad2
osmium: added 2024-11-24 17:26:49 +08:00
xinyangli
647c409206
dolomite: reinstall hk-00 2024-11-23 09:46:49 +08:00
12 changed files with 377 additions and 67 deletions
Show stats Expand all files Collapse all files

2
.sops.yaml
View file

@ -7,7 +7,7 @@ keys:
- &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
- &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta
- &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml
- &host-hk-00 age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 - &host-hk-00 age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu
creation_rules: creation_rules:
- path_regex: machines/calcite/secrets.yaml - path_regex: machines/calcite/secrets.yaml
key_groups: key_groups:

21
flake.lock generated
View file

@ -61,6 +61,26 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732221404,
"narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=",
"owner": "nix-community",
"repo": "disko",
"rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -596,6 +616,7 @@
"inputs": { "inputs": {
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"colmena": "colmena", "colmena": "colmena",
"disko": "disko",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"home-manager": "home-manager", "home-manager": "home-manager",
"my-nixvim": "my-nixvim", "my-nixvim": "my-nixvim",

14
flake.nix
View file

@ -37,6 +37,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = { nix-index-database = {
url = "github:Mic92/nix-index-database"; url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -66,6 +71,7 @@
nix-vscode-extensions, nix-vscode-extensions,
colmena, colmena,
nix-index-database, nix-index-database,
disko,
... ...
}: }:
let let
@ -107,6 +113,7 @@
hk-00 = [ hk-00 = [
./machines/dolomite/claw.nix ./machines/dolomite/claw.nix
./machines/dolomite/common.nix ./machines/dolomite/common.nix
disko.nixosModules.disko
]; ];
la-00 = [ la-00 = [
./machines/dolomite/bandwagon.nix ./machines/dolomite/bandwagon.nix
@ -116,6 +123,9 @@
./machines/dolomite/lightsail.nix ./machines/dolomite/lightsail.nix
./machines/dolomite/common.nix ./machines/dolomite/common.nix
]; ];
osmium = [
./machines/osmium
];
}; };
sharedColmenaModules = [ sharedColmenaModules = [
deploymentModule deploymentModule
@ -258,6 +268,10 @@
calcite = mkNixos { calcite = mkNixos {
hostname = "calcite"; hostname = "calcite";
}; };
osmium = mkNixos {
hostname = "osmium";
};
} // self.colmenaHive.nodes; } // self.colmenaHive.nodes;
} }

10
garnix.yaml
View file

@ -1,10 +0,0 @@
builds:
include:
- '*.x86_64-linux.*'
- defaultPackage.x86_64-linux
- devShell.x86_64-linux
- homeConfigurations.x86_64-linux.*
- homeConfigurations.aarch64-linux.*
- darwinConfigurations.*
- nixosConfigurations.*

8
home/xin/calcite.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, lib, ... }:
let let
homeDirectory = "/home/xin"; homeDirectory = "/home/xin";
in in
@ -61,6 +61,12 @@ in
fcitx5.addons = with pkgs; [ fcitx5-rime ]; fcitx5.addons = with pkgs; [ fcitx5-rime ];
}; };
# Using wayland
home.sessionVariables = {
GTK_IM_MODULE = lib.mkForce "";
QT_IM_MODULE = lib.mkForce "";
};
custom-hm = { custom-hm = {
alacritty = { alacritty = {
enable = true; enable = true;

37
machines/dolomite/claw.nix
View file

@ -18,6 +18,38 @@
"xen_blkfront" "xen_blkfront"
"vmw_pvscsi" "vmw_pvscsi"
]; ];
disko.devices = {
disk = {
main = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/";
};
};
};
};
};
};
};
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -26,11 +58,6 @@
device = "/dev/vda"; device = "/dev/vda";
}; };
fileSystems."/" = {
device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee";
fsType = "ext4";
};
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

30
machines/dolomite/secrets/hk-00.yaml
View file

@ -1,5 +1,5 @@
wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str] wg_private_key: ENC[AES256_GCM,data:rzWGmeKVKjSaViN7fkgwLXdD7gLwTaNd9dtTdj6POMXqjk6uYNXKhKES/d0=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:Pz8P7mq1DpGPVwgTTFmFiw==,type:str]
wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str] wg_ipv6_local_addr: ENC[AES256_GCM,data:SuRSCFKW5MM2mtDNNfa3By7hrz66Y+nw/Ij+uO0MHwklAlkydVVKi89D,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:DjZjY54Pb1AHIyyzQIlHaw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -9,23 +9,23 @@ sops:
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNXJzOHF2M3RkV2MxeThi
SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2 NzFXcHg2QVZzQXZWMlFibE10MnhiekJnSVNzCjJ4TVBXZmk1ZWk5Rjl0WUlHNWc2
NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n bUdHcCsraEpWb2hqVDAxaVpNdC9SOXMKLS0tIFJ2amxtTXY2VnF2NUlVYXdJZG5R
WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M RHk3SjZIUTQ3VmJpcElmMXd3dFp1RVEKQCe/BYPU9b8aNsTV1z5VKfnesp8KT98T
VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ== iRWUz4cuNLEUbmO9H2AuoM2iVtsFmYyPRz2NlSPUMdCHR7MnAGbkFg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY25mNU1DVnc5eHdPWlpt
OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ a2RtMVRLa3BwRTJQbWIrREcrRGtSdHNsUnpvCkZQN1k0blBON1FLOG5SeFRRalc3
TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1 UTUvNVV6RXpxZmUzVGJlMEVkRzVqUFEKLS0tIHpNYWdaTkMycGp3WW9VNkYrUzZD
TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO NmhOZldZa2lQVEFQQk8zNFI3dm1QaHcKdTuNNHPE/Co4Eg5KWfIFb47w4nt6n7K4
2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw== 7gSrkobL+aZJTGZcEjwh6LsqmxoPbU0jyVk6Lb8cv2I71p1UcF32JA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-17T10:52:20Z" lastmodified: "2024-11-22T07:15:56Z"
mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str] mac: ENC[AES256_GCM,data:fJcdcoGiqkEPOyINmCjLf+PUc46pCkjZB8q8CE1vxpgLQg+SuaYRByVTuse1xHPVj/ytBiHFHk9btEFcf4F69IyMJl7abuIakTvJctkfs1Y1/lSiDvYBi8+S6n1Oloj63osRX0XKKIabju262zb7KsA6Vyxg9hSJI54dbVRkCqg=,iv:a0dHwBQbQJm1grg9S4T6VMg8177px0sc19GWvvUJYDs=,tag:T1CivleWWnijQQDm/3xP4A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

60
machines/dolomite/secrets/secrets.yaml
View file

@ -1,6 +1,6 @@
sing-box: sing-box:
password: ENC[AES256_GCM,data:aifvj/rBvmIF6M4SJ6j4rkw0J0oBGUmO,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:10zUgbP2exTQ4KK0zeMM2A==,type:str] password: ENC[AES256_GCM,data:YfMSwvgAu7wBEYCP9/L+FFVdd9dL1Ls3,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:/94NFyVHzPIkqn+/NzKTHQ==,type:str]
uuid: ENC[AES256_GCM,data:ZPEqllAXeLMyVEp/6+9LSL346J2tiuM5tYs404/vp9rnkrvc,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:BHU+ScDBeWnctkDBRnm+4g==,type:str] uuid: ENC[AES256_GCM,data:bDjrhciE0lttJfdL8cvGSf7/gdMRu/Fid+q0yBUqEvWH5ZSm,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:s0HwGkhqvnCQkzfbTEHUWw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,50 +10,50 @@ sops:
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dElZTXFjbzhNbE1OYmdP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc0ZvdUIzRXJhVVRuTWZ6
M0JLVWMyOUpSMnQ1Q2hDc2VXVUxpblhDVUNjCmxGZXRsUmdWWjZPZGFhaDFHNnpx dkN5OTVDR0tWSXhBZEI1U2srLzJmSnMvOXk4ClhaWk15Wng5WHJPVmtNSTM2OHpF
YVVSWFl1YThwWENSVTdiWkRENlBhdDQKLS0tIGl0OWsrNXljLy9wejd4Q3JmTUFE ZWUrcXNKV21BZ05xMkRwcnFRVkFGd0EKLS0tIGQ1c3psYmV5YXZZR1N6WjZRQndH
WGFaN21vb1EwTDdSOEFVSWlQZWR1Z1kKIy+vG42G/7hTJX9BNYXjy4GNnUEnzUgB TW5WeXVXS2ZtRklPbEs4S1BGYVFxSncKmwg7cINY6Vk8WCWdOEk8quBn67tiieiD
aRoLxgTpkTKezZiKkISQwEuFD8qC7aeQIV1kmGDpNK2uucJfFswvbQ== 6bWyq+OQbDoAzwOdZ1Bt6q7YrTWSlrFjs8mk/YWUSFmn2g25grKABg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNGE0Sk5lbXVNSjVQUTFF YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbUhaSXdmbXJmUGtHb1lr
VFFrVzJKczJwTWJJOEdKTVFhai9RWmJNSkJjCkNKQzRQWmcxTndIcERkMTFubi9K Sk1GSGJUMHhNQ1lET2VleXlmcDBPd3NodlNNCmRWVUNQOExWVzI0VzR3Wk0vbkp5
SXVhbDhEMmRFRCtXdEVqMFdRbjQ3RTgKLS0tIGNIOWYzL0NUeklBRU5paEoyZ211 NmV4NlUrbUxNbWdMNGNRdDdvbzhsSmsKLS0tIHgyVFI3REcySGRLai9lVTI2VWpn
NDY5RDdwelMwVjVscHdOaGV2aTMwQUUKZaCo5jFlWxTsELGyQiY4CmcjdUcnBzOU enVSUjBoRHN3ekc2ci9oaUhqdnRiVHMKAS+KAsqqF/xm80mucgpHbky2Lw3k/kxH
JzcWDMcODTo/yER/0jdPpdfvUWiGi12voIuqRJkON0x7d3X2d2Sexg== iQGzhzMsNY3jY/nSARcRjWSRrugDtK5ou+rJySGCOov7U2AlulZl3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzI1M2orSDVyYTRRRnB6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha21uc3dQZWZTQmp0Q0pT
d25oaHZSMWFUQ2lZTWxtVzFRSkxjd01tNjFZCmJHUWVGd2hYWVlpdk80WUxwM080 WEk5cy9oUm1yN2FxdDU4THIySEk2SDJrMVd3CnZ6c2VneTMwRC8vUG5sM0s1SHNx
N0V1UW1hUC9GNWlPRCtuYUsxSzdmWUEKLS0tIEhSazVWeEpIVnoweWdnOEU2Q1hT dm9mSDdhem1CdkpPQ0dpY2pSbzN0Nk0KLS0tIEpLVGtBSEsyMnpFSk81ekRhVU84
Yjl6bFRZS2RSRGpPWFdDS2lObCt0MGsKcFXy/2mLLlxY/vP+kCaeaR+9aBRL7ys1 bTRzTS8wemRHNUJrZWJlc2l0bXFIN3MK8IB0DBkJdTU4evQO41hf/GKGvSm39bWd
x+HBAPqvcqvYk3MGBD9TpIW317RthDhEkY57GmtHgqIUsSLWsBgNdw== CDKCn62RnWLEDlq3xRddqQnr4ogk/6D0lhxvbrN8obCq+Ev1wakAcg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL2NXTDNqWkYzQlVvM0xO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbEpyNkhrZ0lldU9Bc0lr
ZDk2RTFISHh3TmpTN2cxT3RTVnFUaURpK3dRCmJEVWJnNXdoT0JYYjBvcm4rSkZ0 Q21ENWFOS0UwK1gzZ1A1SjFKUkRzUTNBV0gwCnBYY0dPakZnaVJWekdlS2hUaXIx
QW5WeWhqWnZqaGlLRHphZW5PMUNZTDQKLS0tIGZFc2ZlREgwKysrNEhROUJzbHBU a3J2VjhCalVPMk5qcFkzekpYR0Y2WUEKLS0tIEhYQWUxZjIvTit4R0hHMDYxZXpu
TzhHdlV1bjduT1hlTVFMTmRtQmN0MFUKhCYQh5uVOjEj2kKSfSUVa8k35mqkDoTk amV1YmxraDRETmdmTmU3ekhQdGlOVjAKzJGI5WomWDMSLHeJZ8Rka4rRv6AEaYnp
3CchebRciIR+w52d6uEsQove0248+OniG6bJ5ykkExLo1RzDQD7pBQ== NgYpsDF6uhB2a270xzGDHXOUjRFUMhYiz3p+tN/RSzt00Ks/q5SyPg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhS0tDdThIRnNaZVZKanZY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRWwwSTd6cGJpZXl6ZjZk
bm1uV25nUzZITW5QY2Z2SkZtMFAvY1RVOWdrCnZMZ3F6dHd1TmhCMnZvbFhZYjJK TlJySzdxNXlNMWdjVisrZEUxQWVuNXVqb1NBCklTSkVST092MURDL0JhT1dpWGR1
ZXRVUWNtVXVpOWFYWmdFQ2RZajlTQk0KLS0tIFJSYkxkelFTWkRYMjAvQ2lpTGRQ QzdJbXROM2ZIRjZUUG5FaFBUVUNHWTgKLS0tIHJycG8vUGJoOVNCcmxwVVlJQ0NO
bmE0bWg1U1ZkZHR4TEVtR0crbVZxdmcKeVUli/Tt4Xy4XxbUbFj9a4y6c9ZE/NjE NlBsZmpCODUwNThCc1RrUkNHMWdQeUUKRHsKHjCRmJ0L5W7Aw5LTf0jlulvBOt4u
nCKLNYYPsZ/nS6qN3Pdetps4ziajJHUVmxCqNMHD+OoWqT6W8V/O6w== IQWkyuw/5Co3cS9DHZ41zlFDKld/+jr1DFpATUSvSTFL+laNcwWwCQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-22T05:51:19Z" lastmodified: "2024-11-22T07:16:07Z"
mac: ENC[AES256_GCM,data:LPUb7YbELPsgYX+LvfuGdiNG1B5ZrvyRVZL9UiMHoJMDHaWpDGCQkT1bk5jEOewwFh+StK560UsPK4uW0+SqADJO80rmM3xfqlp5Ul2HJ8mU19l5C6FLpv2REIzhCp333rNJJlyhn3H6GZgMaWnjjLSX9XMOVaq1iz6Qt0P76SI=,iv://EdDr5D51RFuucq8gkei2RC7H2bkRYxP/7lerp9dtk=,tag:JrRQ19sZ0OAZouMgOiU/tQ==,type:str] mac: ENC[AES256_GCM,data:ldGU1of+oldDpdgGrlryUSsudUjk2FOKQ/4krY+5fOb07NRl0nvVgWBhVoHbY7JgdFO9EXxJfhLe/vkxjeQ6XxbZQkJFaXBY8MM4S8CPFdUwd2Ebr6e+aNvJR586LtZOfJ0cU8zr/DGm00zIaQParbzXPLq2fvahKgzqv84bM3Y=,iv:ZBzkMkkRRtJ9lIOdrG1fC0YayPZlT7Gsdos7ulFJjD0=,tag:3rSlPFWeVNfeyTIia0hU2w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

111
machines/osmium/default.nix Normal file
View file

@ -0,0 +1,111 @@
{
pkgs,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
./sd-image-aarch64-orangepi-r1plus.nix
];
config = {
system.stateVersion = "24.05";
nixpkgs.system = "aarch64-linux";
boot.tmp.useTmpfs = false;
boot.kernelModules = [
"br_netfilter"
"bridge"
];
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv4.ip_nonlocal_bind" = 1;
"net.ipv6.conf.all.forwarding" = 1;
"net.ipv6.ip_nonlocal_bind" = 1;
"net.bridge.bridge-nf-call-ip6tables" = 1;
"net.bridge.bridge-nf-call-iptables" = 1;
"net.bridge.bridge-nf-call-arptables" = 1;
"fs.inotify.max_user_watches" = 524288;
"dev.i915.perf_stream_paranoid" = 0;
"net.ipv4.conf.all.rp_filter" = 0;
"vm.max_map_count" = 2000000;
"net.ipv4.conf.all.route_localnet" = 1;
"net.ipv4.conf.all.send_redirects" = 0;
"kernel.msgmnb" = 65536;
"kernel.msgmax" = 65536;
"net.ipv4.tcp_timestamps" = 0;
"net.ipv4.tcp_synack_retries" = 1;
"net.ipv4.tcp_syn_retries" = 1;
"net.ipv4.tcp_tw_recycle" = 1;
"net.ipv4.tcp_tw_reuse" = 1;
"net.ipv4.tcp_fin_timeout" = 15;
"net.ipv4.tcp_keepalive_time" = 1800;
"net.ipv4.tcp_keepalive_probes" = 3;
"net.ipv4.tcp_keepalive_intvl" = 15;
"net.ipv4.ip_local_port_range" = "2048 65535";
"fs.file-max" = 102400;
"net.ipv4.tcp_max_tw_buckets" = 180000;
};
commonSettings = {
nix.enableMirrors = true;
auth.enable = true;
};
documentation.enable = false;
time.timeZone = "Asia/Shanghai";
i18n = {
defaultLocale = "en_US.UTF-8";
};
environment.systemPackages = with pkgs; [
lsof
wget
curl
neovim
jq
iptables
ebtables
tcpdump
busybox
ethtool
socat
htop
iftop
lm_sensors
];
programs.command-not-found.enable = false;
networking = {
useDHCP = false;
hostName = "osmium";
};
systemd.network = {
enable = true;
networks."lan" = {
matchConfig.Name = "enu1";
networkConfig.DHCP = "no";
linkConfig.RequiredForOnline = "no";
};
networks."wan" = {
matchConfig.Name = "end0";
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = "yes";
};
};
services.dae = {
enable = true;
configFile = "/var/lib/dae/config.dae";
};
services.tailscale.enable = true;
};
}

44
machines/osmium/sd-image-aarch64-orangepi-r1plus.nix Normal file
View file

@ -0,0 +1,44 @@
{
config,
modulesPath,
lib,
pkgs,
...
}:
let
in
{
imports = [
(modulesPath + "/profiles/base.nix")
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [
"earlycon"
"console=ttyS2,1500000"
"consoleblank=0"
];
boot.supportedFilesystems = lib.mkForce [
"ext4"
"vfat"
"ntfs"
];
sdImage = {
compressImage = false;
imageBaseName = "nixos-sd-image-orange-pi-r1-plus-lts";
firmwarePartitionOffset = 16;
populateFirmwareCommands = ''
echo "Install U-Boot: ${pkgs.ubootOrangePiR1LtsPackage}"
dd if=${pkgs.ubootOrangePiR1LtsPackage}/idbloader.img of=$img seek=64 conv=notrunc
dd if=${pkgs.ubootOrangePiR1LtsPackage}/u-boot.itb of=$img seek=16384 conv=notrunc
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

17
overlays/add-pkgs.nix
View file

@ -1,5 +1,12 @@
( (final: prev: {
final: prev: ubootOrangePiR1LtsPackage = prev.buildUBoot {
{ defconfig = "orangepi-r1-plus-lts-rk3328_defconfig";
} enableParallelBuilding = true;
)
BL31 = "${prev.armTrustedFirmwareRK3328}/bl31.elf";
filesToInstall = [
"u-boot.itb"
"idbloader.img"
];
};
})

90
scripts/nixos-updater.py Normal file
View file

@ -0,0 +1,90 @@
import requests
import os
import socket
import json
from os import path as osp
from dataclasses import dataclass
"""
This updater consists of several parts:
- Update checker: Check an url for update (if outPath is different from /run/current-system or some specified profile) or maybe use timestamp for update
- Nix copy --from: copy from remote. Need to specify remote url.
- Create a symlink: /run/next-system -> <new system derivation>
- Listen for POST request to trigger system switch (optional)
"""
@dataclass
class GarnixConfig:
token: str
@dataclass
class Config:
check_type: str
check_url: str
remote_url: str
garnix: GarnixConfig
hostname: str = socket.gethostname()
class Nix:
def __init__(self, args):
self.args = args
def copy_from_remote(self):
# run nix copy with subprocess
pass
def eval(self):
class Updater:
def __init__(self, config: Config):
self.config = config
# TODO: Make this configurable
self.current_drv = os.readlink("/run/current-system")
self.next_dev = None
# checkers take an url and returns the outPath of the latest success build
def garnix_checker(self) -> str:
domain = "garnix.io"
build_endpoint = "/api/build/commit"
# Latest commit from git
# Check build status of this commit
resp = requests.get(
f"https://{domain}{build_endpoint}/40b1e9ff23aaa5f555420dd22414c3f137a02cfe"
)
# Raise error if status code is not valid
# Fetch outPath from eval endpoint
# TODO: In theory, this could be done by parsing raw log from garnix.
# Try to evaluate locally if eval endpoint is not configured
resp = resp.json()
# TODO
return "null"
def hydra_checker(self) -> str:
# TODO
return "null"
# Check for update
def poll(self) -> str | None:
cfg = self.config
if cfg.check_type == "garnix":
pass
elif cfg.check_type == "hydra":
pass
else:
pass
pass
if __name__ == "__main__":
pass