diff --git a/.sops.yaml b/.sops.yaml index 0ce16ed..153993e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml - - &host-hk-00 age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu + - &host-hk-00 age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 creation_rules: - path_regex: machines/calcite/secrets.yaml key_groups: diff --git a/flake.lock b/flake.lock index f6abc8b..50dd949 100644 --- a/flake.lock +++ b/flake.lock @@ -61,26 +61,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732221404, - "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", - "owner": "nix-community", - "repo": "disko", - "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -616,7 +596,6 @@ "inputs": { "catppuccin": "catppuccin", "colmena": "colmena", - "disko": "disko", "flake-utils": "flake-utils_2", "home-manager": "home-manager", "my-nixvim": "my-nixvim", diff --git a/flake.nix b/flake.nix index a7957b4..606276e 100644 --- a/flake.nix +++ b/flake.nix @@ -37,11 +37,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; @@ -71,7 +66,6 @@ nix-vscode-extensions, colmena, nix-index-database, - disko, ... }: let @@ -113,7 +107,6 @@ hk-00 = [ ./machines/dolomite/claw.nix ./machines/dolomite/common.nix - disko.nixosModules.disko ]; la-00 = [ ./machines/dolomite/bandwagon.nix @@ -123,9 +116,6 @@ ./machines/dolomite/lightsail.nix ./machines/dolomite/common.nix ]; - osmium = [ - ./machines/osmium - ]; }; sharedColmenaModules = [ deploymentModule @@ -268,10 +258,6 @@ calcite = mkNixos { hostname = "calcite"; }; - - osmium = mkNixos { - hostname = "osmium"; - }; } // self.colmenaHive.nodes; } diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..38563a7 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,10 @@ +builds: + include: + - '*.x86_64-linux.*' + - defaultPackage.x86_64-linux + - devShell.x86_64-linux + - homeConfigurations.x86_64-linux.* + - homeConfigurations.aarch64-linux.* + - darwinConfigurations.* + - nixosConfigurations.* + diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index 69d16d6..11dd9ed 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: let homeDirectory = "/home/xin"; in @@ -61,12 +61,6 @@ in fcitx5.addons = with pkgs; [ fcitx5-rime ]; }; - # Using wayland - home.sessionVariables = { - GTK_IM_MODULE = lib.mkForce ""; - QT_IM_MODULE = lib.mkForce ""; - }; - custom-hm = { alacritty = { enable = true; diff --git a/machines/dolomite/claw.nix b/machines/dolomite/claw.nix index 84b3da9..ead0225 100644 --- a/machines/dolomite/claw.nix +++ b/machines/dolomite/claw.nix @@ -18,38 +18,6 @@ "xen_blkfront" "vmw_pvscsi" ]; - - disko.devices = { - disk = { - main = { - device = "/dev/vda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "xfs"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; @@ -58,6 +26,11 @@ device = "/dev/vda"; }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee"; + fsType = "ext4"; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/machines/dolomite/secrets/hk-00.yaml b/machines/dolomite/secrets/hk-00.yaml index 3236479..91d6540 100644 --- a/machines/dolomite/secrets/hk-00.yaml +++ b/machines/dolomite/secrets/hk-00.yaml @@ -1,5 +1,5 @@ -wg_private_key: ENC[AES256_GCM,data:rzWGmeKVKjSaViN7fkgwLXdD7gLwTaNd9dtTdj6POMXqjk6uYNXKhKES/d0=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:Pz8P7mq1DpGPVwgTTFmFiw==,type:str] -wg_ipv6_local_addr: ENC[AES256_GCM,data:SuRSCFKW5MM2mtDNNfa3By7hrz66Y+nw/Ij+uO0MHwklAlkydVVKi89D,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:DjZjY54Pb1AHIyyzQIlHaw==,type:str] +wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str] +wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str] sops: kms: [] gcp_kms: [] @@ -9,23 +9,23 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNXJzOHF2M3RkV2MxeThi - NzFXcHg2QVZzQXZWMlFibE10MnhiekJnSVNzCjJ4TVBXZmk1ZWk5Rjl0WUlHNWc2 - bUdHcCsraEpWb2hqVDAxaVpNdC9SOXMKLS0tIFJ2amxtTXY2VnF2NUlVYXdJZG5R - RHk3SjZIUTQ3VmJpcElmMXd3dFp1RVEKQCe/BYPU9b8aNsTV1z5VKfnesp8KT98T - iRWUz4cuNLEUbmO9H2AuoM2iVtsFmYyPRz2NlSPUMdCHR7MnAGbkFg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr + SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2 + NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n + WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M + VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu + - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY25mNU1DVnc5eHdPWlpt - a2RtMVRLa3BwRTJQbWIrREcrRGtSdHNsUnpvCkZQN1k0blBON1FLOG5SeFRRalc3 - UTUvNVV6RXpxZmUzVGJlMEVkRzVqUFEKLS0tIHpNYWdaTkMycGp3WW9VNkYrUzZD - NmhOZldZa2lQVEFQQk8zNFI3dm1QaHcKdTuNNHPE/Co4Eg5KWfIFb47w4nt6n7K4 - 7gSrkobL+aZJTGZcEjwh6LsqmxoPbU0jyVk6Lb8cv2I71p1UcF32JA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw + OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ + TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1 + TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO + 2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-22T07:15:56Z" - mac: ENC[AES256_GCM,data:fJcdcoGiqkEPOyINmCjLf+PUc46pCkjZB8q8CE1vxpgLQg+SuaYRByVTuse1xHPVj/ytBiHFHk9btEFcf4F69IyMJl7abuIakTvJctkfs1Y1/lSiDvYBi8+S6n1Oloj63osRX0XKKIabju262zb7KsA6Vyxg9hSJI54dbVRkCqg=,iv:a0dHwBQbQJm1grg9S4T6VMg8177px0sc19GWvvUJYDs=,tag:T1CivleWWnijQQDm/3xP4A==,type:str] + lastmodified: "2024-10-17T10:52:20Z" + mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/machines/dolomite/secrets/secrets.yaml b/machines/dolomite/secrets/secrets.yaml index 5a33087..c05a97e 100644 --- a/machines/dolomite/secrets/secrets.yaml +++ b/machines/dolomite/secrets/secrets.yaml @@ -1,6 +1,6 @@ sing-box: - password: ENC[AES256_GCM,data:YfMSwvgAu7wBEYCP9/L+FFVdd9dL1Ls3,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:/94NFyVHzPIkqn+/NzKTHQ==,type:str] - uuid: ENC[AES256_GCM,data:bDjrhciE0lttJfdL8cvGSf7/gdMRu/Fid+q0yBUqEvWH5ZSm,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:s0HwGkhqvnCQkzfbTEHUWw==,type:str] + password: ENC[AES256_GCM,data:aifvj/rBvmIF6M4SJ6j4rkw0J0oBGUmO,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:10zUgbP2exTQ4KK0zeMM2A==,type:str] + uuid: ENC[AES256_GCM,data:ZPEqllAXeLMyVEp/6+9LSL346J2tiuM5tYs404/vp9rnkrvc,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:BHU+ScDBeWnctkDBRnm+4g==,type:str] sops: kms: [] gcp_kms: [] @@ -10,50 +10,50 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc0ZvdUIzRXJhVVRuTWZ6 - dkN5OTVDR0tWSXhBZEI1U2srLzJmSnMvOXk4ClhaWk15Wng5WHJPVmtNSTM2OHpF - ZWUrcXNKV21BZ05xMkRwcnFRVkFGd0EKLS0tIGQ1c3psYmV5YXZZR1N6WjZRQndH - TW5WeXVXS2ZtRklPbEs4S1BGYVFxSncKmwg7cINY6Vk8WCWdOEk8quBn67tiieiD - 6bWyq+OQbDoAzwOdZ1Bt6q7YrTWSlrFjs8mk/YWUSFmn2g25grKABg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dElZTXFjbzhNbE1OYmdP + M0JLVWMyOUpSMnQ1Q2hDc2VXVUxpblhDVUNjCmxGZXRsUmdWWjZPZGFhaDFHNnpx + YVVSWFl1YThwWENSVTdiWkRENlBhdDQKLS0tIGl0OWsrNXljLy9wejd4Q3JmTUFE + WGFaN21vb1EwTDdSOEFVSWlQZWR1Z1kKIy+vG42G/7hTJX9BNYXjy4GNnUEnzUgB + aRoLxgTpkTKezZiKkISQwEuFD8qC7aeQIV1kmGDpNK2uucJfFswvbQ== -----END AGE ENCRYPTED FILE----- - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbUhaSXdmbXJmUGtHb1lr - Sk1GSGJUMHhNQ1lET2VleXlmcDBPd3NodlNNCmRWVUNQOExWVzI0VzR3Wk0vbkp5 - NmV4NlUrbUxNbWdMNGNRdDdvbzhsSmsKLS0tIHgyVFI3REcySGRLai9lVTI2VWpn - enVSUjBoRHN3ekc2ci9oaUhqdnRiVHMKAS+KAsqqF/xm80mucgpHbky2Lw3k/kxH - iQGzhzMsNY3jY/nSARcRjWSRrugDtK5ou+rJySGCOov7U2AlulZl3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNGE0Sk5lbXVNSjVQUTFF + VFFrVzJKczJwTWJJOEdKTVFhai9RWmJNSkJjCkNKQzRQWmcxTndIcERkMTFubi9K + SXVhbDhEMmRFRCtXdEVqMFdRbjQ3RTgKLS0tIGNIOWYzL0NUeklBRU5paEoyZ211 + NDY5RDdwelMwVjVscHdOaGV2aTMwQUUKZaCo5jFlWxTsELGyQiY4CmcjdUcnBzOU + JzcWDMcODTo/yER/0jdPpdfvUWiGi12voIuqRJkON0x7d3X2d2Sexg== -----END AGE ENCRYPTED FILE----- - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha21uc3dQZWZTQmp0Q0pT - WEk5cy9oUm1yN2FxdDU4THIySEk2SDJrMVd3CnZ6c2VneTMwRC8vUG5sM0s1SHNx - dm9mSDdhem1CdkpPQ0dpY2pSbzN0Nk0KLS0tIEpLVGtBSEsyMnpFSk81ekRhVU84 - bTRzTS8wemRHNUJrZWJlc2l0bXFIN3MK8IB0DBkJdTU4evQO41hf/GKGvSm39bWd - CDKCn62RnWLEDlq3xRddqQnr4ogk/6D0lhxvbrN8obCq+Ev1wakAcg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzI1M2orSDVyYTRRRnB6 + d25oaHZSMWFUQ2lZTWxtVzFRSkxjd01tNjFZCmJHUWVGd2hYWVlpdk80WUxwM080 + N0V1UW1hUC9GNWlPRCtuYUsxSzdmWUEKLS0tIEhSazVWeEpIVnoweWdnOEU2Q1hT + Yjl6bFRZS2RSRGpPWFdDS2lObCt0MGsKcFXy/2mLLlxY/vP+kCaeaR+9aBRL7ys1 + x+HBAPqvcqvYk3MGBD9TpIW317RthDhEkY57GmtHgqIUsSLWsBgNdw== -----END AGE ENCRYPTED FILE----- - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbEpyNkhrZ0lldU9Bc0lr - Q21ENWFOS0UwK1gzZ1A1SjFKUkRzUTNBV0gwCnBYY0dPakZnaVJWekdlS2hUaXIx - a3J2VjhCalVPMk5qcFkzekpYR0Y2WUEKLS0tIEhYQWUxZjIvTit4R0hHMDYxZXpu - amV1YmxraDRETmdmTmU3ekhQdGlOVjAKzJGI5WomWDMSLHeJZ8Rka4rRv6AEaYnp - NgYpsDF6uhB2a270xzGDHXOUjRFUMhYiz3p+tN/RSzt00Ks/q5SyPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL2NXTDNqWkYzQlVvM0xO + ZDk2RTFISHh3TmpTN2cxT3RTVnFUaURpK3dRCmJEVWJnNXdoT0JYYjBvcm4rSkZ0 + QW5WeWhqWnZqaGlLRHphZW5PMUNZTDQKLS0tIGZFc2ZlREgwKysrNEhROUJzbHBU + TzhHdlV1bjduT1hlTVFMTmRtQmN0MFUKhCYQh5uVOjEj2kKSfSUVa8k35mqkDoTk + 3CchebRciIR+w52d6uEsQove0248+OniG6bJ5ykkExLo1RzDQD7pBQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu + - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRWwwSTd6cGJpZXl6ZjZk - TlJySzdxNXlNMWdjVisrZEUxQWVuNXVqb1NBCklTSkVST092MURDL0JhT1dpWGR1 - QzdJbXROM2ZIRjZUUG5FaFBUVUNHWTgKLS0tIHJycG8vUGJoOVNCcmxwVVlJQ0NO - NlBsZmpCODUwNThCc1RrUkNHMWdQeUUKRHsKHjCRmJ0L5W7Aw5LTf0jlulvBOt4u - IQWkyuw/5Co3cS9DHZ41zlFDKld/+jr1DFpATUSvSTFL+laNcwWwCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhS0tDdThIRnNaZVZKanZY + bm1uV25nUzZITW5QY2Z2SkZtMFAvY1RVOWdrCnZMZ3F6dHd1TmhCMnZvbFhZYjJK + ZXRVUWNtVXVpOWFYWmdFQ2RZajlTQk0KLS0tIFJSYkxkelFTWkRYMjAvQ2lpTGRQ + bmE0bWg1U1ZkZHR4TEVtR0crbVZxdmcKeVUli/Tt4Xy4XxbUbFj9a4y6c9ZE/NjE + nCKLNYYPsZ/nS6qN3Pdetps4ziajJHUVmxCqNMHD+OoWqT6W8V/O6w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-22T07:16:07Z" - mac: ENC[AES256_GCM,data:ldGU1of+oldDpdgGrlryUSsudUjk2FOKQ/4krY+5fOb07NRl0nvVgWBhVoHbY7JgdFO9EXxJfhLe/vkxjeQ6XxbZQkJFaXBY8MM4S8CPFdUwd2Ebr6e+aNvJR586LtZOfJ0cU8zr/DGm00zIaQParbzXPLq2fvahKgzqv84bM3Y=,iv:ZBzkMkkRRtJ9lIOdrG1fC0YayPZlT7Gsdos7ulFJjD0=,tag:3rSlPFWeVNfeyTIia0hU2w==,type:str] + lastmodified: "2024-11-22T05:51:19Z" + mac: ENC[AES256_GCM,data:LPUb7YbELPsgYX+LvfuGdiNG1B5ZrvyRVZL9UiMHoJMDHaWpDGCQkT1bk5jEOewwFh+StK560UsPK4uW0+SqADJO80rmM3xfqlp5Ul2HJ8mU19l5C6FLpv2REIzhCp333rNJJlyhn3H6GZgMaWnjjLSX9XMOVaq1iz6Qt0P76SI=,iv://EdDr5D51RFuucq8gkei2RC7H2bkRYxP/7lerp9dtk=,tag:JrRQ19sZ0OAZouMgOiU/tQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/machines/osmium/default.nix b/machines/osmium/default.nix deleted file mode 100644 index 823d2f0..0000000 --- a/machines/osmium/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ - pkgs, - lib, - modulesPath, - ... -}: -{ - imports = [ - (modulesPath + "/installer/sd-card/sd-image.nix") - ./sd-image-aarch64-orangepi-r1plus.nix - ]; - - config = { - system.stateVersion = "24.05"; - - nixpkgs.system = "aarch64-linux"; - - boot.tmp.useTmpfs = false; - boot.kernelModules = [ - "br_netfilter" - "bridge" - ]; - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv4.ip_nonlocal_bind" = 1; - "net.ipv6.conf.all.forwarding" = 1; - "net.ipv6.ip_nonlocal_bind" = 1; - "net.bridge.bridge-nf-call-ip6tables" = 1; - "net.bridge.bridge-nf-call-iptables" = 1; - "net.bridge.bridge-nf-call-arptables" = 1; - "fs.inotify.max_user_watches" = 524288; - "dev.i915.perf_stream_paranoid" = 0; - "net.ipv4.conf.all.rp_filter" = 0; - "vm.max_map_count" = 2000000; - "net.ipv4.conf.all.route_localnet" = 1; - "net.ipv4.conf.all.send_redirects" = 0; - "kernel.msgmnb" = 65536; - "kernel.msgmax" = 65536; - "net.ipv4.tcp_timestamps" = 0; - "net.ipv4.tcp_synack_retries" = 1; - "net.ipv4.tcp_syn_retries" = 1; - "net.ipv4.tcp_tw_recycle" = 1; - "net.ipv4.tcp_tw_reuse" = 1; - "net.ipv4.tcp_fin_timeout" = 15; - "net.ipv4.tcp_keepalive_time" = 1800; - "net.ipv4.tcp_keepalive_probes" = 3; - "net.ipv4.tcp_keepalive_intvl" = 15; - "net.ipv4.ip_local_port_range" = "2048 65535"; - "fs.file-max" = 102400; - "net.ipv4.tcp_max_tw_buckets" = 180000; - }; - - commonSettings = { - nix.enableMirrors = true; - auth.enable = true; - }; - - documentation.enable = false; - - time.timeZone = "Asia/Shanghai"; - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - - environment.systemPackages = with pkgs; [ - lsof - wget - curl - neovim - jq - iptables - ebtables - tcpdump - busybox - ethtool - socat - htop - iftop - lm_sensors - ]; - - programs.command-not-found.enable = false; - - networking = { - useDHCP = false; - hostName = "osmium"; - }; - - systemd.network = { - enable = true; - networks."lan" = { - matchConfig.Name = "enu1"; - networkConfig.DHCP = "no"; - linkConfig.RequiredForOnline = "no"; - }; - networks."wan" = { - matchConfig.Name = "end0"; - networkConfig.DHCP = "yes"; - linkConfig.RequiredForOnline = "yes"; - }; - }; - - services.dae = { - enable = true; - configFile = "/var/lib/dae/config.dae"; - }; - - services.tailscale.enable = true; - - }; -} diff --git a/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix b/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix deleted file mode 100644 index 3802760..0000000 --- a/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - modulesPath, - lib, - pkgs, - ... -}: -let -in -{ - imports = [ - (modulesPath + "/profiles/base.nix") - ]; - - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.kernelParams = [ - "earlycon" - "console=ttyS2,1500000" - "consoleblank=0" - ]; - boot.supportedFilesystems = lib.mkForce [ - "ext4" - "vfat" - "ntfs" - ]; - - sdImage = { - compressImage = false; - imageBaseName = "nixos-sd-image-orange-pi-r1-plus-lts"; - firmwarePartitionOffset = 16; - populateFirmwareCommands = '' - echo "Install U-Boot: ${pkgs.ubootOrangePiR1LtsPackage}" - dd if=${pkgs.ubootOrangePiR1LtsPackage}/idbloader.img of=$img seek=64 conv=notrunc - dd if=${pkgs.ubootOrangePiR1LtsPackage}/u-boot.itb of=$img seek=16384 conv=notrunc - ''; - populateRootCommands = '' - mkdir -p ./files/boot - ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot - ''; - }; -} diff --git a/overlays/add-pkgs.nix b/overlays/add-pkgs.nix index f1b214e..135a2cb 100644 --- a/overlays/add-pkgs.nix +++ b/overlays/add-pkgs.nix @@ -1,12 +1,5 @@ -(final: prev: { - ubootOrangePiR1LtsPackage = prev.buildUBoot { - defconfig = "orangepi-r1-plus-lts-rk3328_defconfig"; - enableParallelBuilding = true; - - BL31 = "${prev.armTrustedFirmwareRK3328}/bl31.elf"; - filesToInstall = [ - "u-boot.itb" - "idbloader.img" - ]; - }; -}) +( + final: prev: + { + } +) diff --git a/scripts/nixos-updater.py b/scripts/nixos-updater.py deleted file mode 100644 index c859250..0000000 --- a/scripts/nixos-updater.py +++ /dev/null @@ -1,90 +0,0 @@ -import requests -import os -import socket -import json -from os import path as osp -from dataclasses import dataclass - -""" -This updater consists of several parts: - -- Update checker: Check an url for update (if outPath is different from /run/current-system or some specified profile) or maybe use timestamp for update -- Nix copy --from: copy from remote. Need to specify remote url. -- Create a symlink: /run/next-system -> -- Listen for POST request to trigger system switch (optional) -""" - - -@dataclass -class GarnixConfig: - token: str - - -@dataclass -class Config: - check_type: str - check_url: str - remote_url: str - garnix: GarnixConfig - hostname: str = socket.gethostname() - - -class Nix: - def __init__(self, args): - self.args = args - - def copy_from_remote(self): - # run nix copy with subprocess - pass - - def eval(self): - - -class Updater: - def __init__(self, config: Config): - self.config = config - - # TODO: Make this configurable - self.current_drv = os.readlink("/run/current-system") - self.next_dev = None - - # checkers take an url and returns the outPath of the latest success build - def garnix_checker(self) -> str: - domain = "garnix.io" - build_endpoint = "/api/build/commit" - - # Latest commit from git - - # Check build status of this commit - resp = requests.get( - f"https://{domain}{build_endpoint}/40b1e9ff23aaa5f555420dd22414c3f137a02cfe" - ) - # Raise error if status code is not valid - - # Fetch outPath from eval endpoint - # TODO: In theory, this could be done by parsing raw log from garnix. - - # Try to evaluate locally if eval endpoint is not configured - - resp = resp.json() - # TODO - return "null" - - def hydra_checker(self) -> str: - # TODO - return "null" - - # Check for update - def poll(self) -> str | None: - cfg = self.config - if cfg.check_type == "garnix": - pass - elif cfg.check_type == "hydra": - pass - else: - pass - pass - - -if __name__ == "__main__": - pass