diff options
-rwxr-xr-x | devices.sh | 44 | ||||
-rw-r--r-- | flake.lock | 34 | ||||
-rw-r--r-- | flake.nix | 14 | ||||
-rwxr-xr-x[-rw-r--r--] | install.sh | 36 | ||||
-rw-r--r-- | nixos/machine/adm-mpd.nix | 30 | ||||
-rw-r--r-- | nixos/machine/adm-omnia.nix | 4 | ||||
-rw-r--r-- | nixos/machine/default.nix | 2 | ||||
-rw-r--r-- | nixos/machine/spt-mox.nix | 10 | ||||
-rw-r--r-- | nixos/machine/spt-omnia.nix | 17 | ||||
-rw-r--r-- | nixos/modules/generic.nix | 32 |
10 files changed, 151 insertions, 72 deletions
@@ -1,24 +1,18 @@ #!/usr/bin/env bash set -eu declare -a devices -declare -A sshmap ################################################################################ -omnia_hash="bd7ac5d8c08538ec1f126d34b765f0362427fe17" ## aarch64 # Mox -devices+=( "dean" "spt-mox2" ) -sshmap["spt-mox2"]="mox2.spt" +devices+=( "dean" "spt-mox" "spt-mox2" ) # Raspberry Pi devices+=( "adm-mpd" ) -sshmap["adm-mpd"]="mpd.adm" ## armv7 # Omnia -devices+=( "spt-omnia" ) -sshmap["spt-omnia"]="omnia.spt" +devices+=( "spt-omnia" "adm-omnia" "adm-omnia2" ) # Raspberry Pi devices+=( "spt-mpd" ) -sshmap["spt-mpd"]="mpd.spt" ################################################################################ valid_device() { @@ -30,6 +24,14 @@ valid_device() { return 1 } +device_system() { + nix eval --raw ".#nixosConfigurations.$1.config.nixpkgs.system" +} + +sshdev() { + echo "$1" | awk -F- 'NF > 1 { print $2"."$1; exit } { print $1 }' +} + build() { local system="$1" @@ -37,14 +39,8 @@ build() { local -a args local toplevel=".config.system.build.toplevel" args+=("--keep-going") - args+=("--override-input" "nixturris" "/home/cynerd/projects/nixturris") - if [[ "$system" == *omnia ]]; then - true - #toplevel=".config.system.build.cross.x86_64-linux${toplevel}" - #args=( \ - # "--override-input" "nixpkgs" "github:NixOS/nixpkgs/${omnia_hash}" - # "--override-input" "nixturris/nixpkgs" "github:NixOS/nixpkgs/${omnia_hash}" - #) + if [ "$(device_system "$1")" = "armv7l-linux" ]; then + toplevel=".config.system.build.cross.x86_64-linux${toplevel}" fi nix build \ -o "result-${system}" \ @@ -54,7 +50,7 @@ build() { build_validate() { local system="$1" - [ -L "result-$system" ] && [ ! -e "result-$system" ] + [ -L "result-$system" ] && [ -e "result-$system" ] } copy() { @@ -64,10 +60,12 @@ copy() { return 1 fi local store="$(readlink -f "result-$system")" - local host="${sshmap["$system"]:-$system}" + local host="$(sshdev "$system")" local freespace="$(ssh "$host" -- df -B 1 /nix | awk 'NR == 2 { print $4 }')" - local required="$(nix path-info -S "$store")" + local required="$(nix path-info -S "$store" | awk '{ print $2 }')" + echo "Free space on device: $(numfmt --to=iec "$freespace")" + echo "Required space: $(numfmt --to=iec "$required")" if [ "$required" -ge "$freespace" ]; then echo "There is not enough space to copy clousure to: $system" >&2 return 1 @@ -84,7 +82,7 @@ setenv() { return 1 fi local store="$(readlink -f "result-$system")" - local host="${sshmap["$system"]:-$system}" + local host="$(sshdev "$system")" echo "Update system: $system" if [ "$(ssh "$host" -- readlink -f /nix/var/nix/profiles/system)" != "$store" ]; then @@ -98,7 +96,7 @@ boot() { setenv "$system" || return 1 local store="$(readlink -f "result-$system")" - local host="${sshmap["$system"]:-$system}" + local host="$(sshdev "$system")" echo "Setting boot system: $system" ssh -t "$host" -- \ @@ -115,7 +113,7 @@ switch() { setenv "$system" || return 1 local store="$(readlink -f "result-$system")" - local host="${sshmap["$system"]:-$system}" + local host="$(sshdev "$system")" if is_current "$host"; then echo "Switching: $system" @@ -131,7 +129,7 @@ switch_test() { setenv "$system" || return 1 local store="$(readlink -f "result-$system")" - local host="${sshmap["$system"]:-$system}" + local host="$(sshdev "$system")" if is_current "$host"; then echo "Testing: $system" @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -16,11 +16,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -44,11 +44,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1659606041, - "narHash": "sha256-W4/u2ssr3fS4XOtltrsDD9w2kF4jYYZr6JyPGUW2jdI=", + "lastModified": 1659868656, + "narHash": "sha256-LINDS957FYzOb412t/Zha44LQqGniMpUIUz4Pi+fvSs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f9b871b72b24f066b1a1e189efd0669f2888c49", + "rev": "80fc83ad314fe701766ee66ac8286307d65b39e3", "type": "github" }, "original": { @@ -93,11 +93,11 @@ ] }, "locked": { - "lastModified": 1658309689, - "narHash": "sha256-Jy1j1hII6SvR1IaGoNh7VU0jx6xCnkjthwR67H5lwj8=", + "lastModified": 1659940026, + "narHash": "sha256-b6DJbQ6s7fIWDJ4VtYruHmq8Nu9nF2yjQkcFnwSwFYc=", "ref": "refs/heads/master", - "rev": "defa8544d9437116a652827db62cbbf1f8933d5e", - "revCount": 33, + "rev": "07896ee61dba47bc57c4c3b3b819033dc0324a1b", + "revCount": 34, "type": "git", "url": "https://git.cynerd.cz/nixturris" }, @@ -108,11 +108,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1658301734, - "narHash": "sha256-lMjE6i/rM/ee1xOkkLxqYzlSqS9FXEu5HdhXi/Fxtyk=", + "lastModified": 1659901081, + "narHash": "sha256-S81VB06BqQr4Wox8g1uWiGRyhPtNLahs5mSF3HslRWw=", "ref": "refs/heads/master", - "rev": "9517244ffa46efa3be21bd4e099bce054c692047", - "revCount": 26, + "rev": "3859c3d6b744726a23ae1c903c6ecd28ff2ffc35", + "revCount": 28, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, @@ -28,7 +28,6 @@ self.nixosModules.default self.nixosModules."machine-${hostname}" shellrc.nixosModules.default - nixturris.nixosModules.turris-crossbuild (personal-secret.lib.personalSecrets hostname) { networking.hostName = hostname; @@ -39,15 +38,18 @@ } ]; - genericSystem = system: hostname: { + genericSystem = {system, extra_modules ? []}: hostname: { ${hostname} = nixpkgs.lib.nixosSystem { system = system; - modules = modules hostname; + modules = (modules hostname) ++ extra_modules; }; }; - amd64System = genericSystem "x86_64-linux"; - armv7lSystem = genericSystem "armv7l-linux"; - aarch64System = genericSystem "aarch64-linux"; + amd64System = genericSystem {system = "x86_64-linux";}; + armv7lSystem = genericSystem {system = "armv7l-linux"; extra_modules = [ + nixturris.nixosModules.turris-crossbuild + nixturris.nixosModules.armv7l-overlay + ];}; + aarch64System = genericSystem {system = "aarch64-linux";}; turrisSystem = board: hostname: { ${hostname} = nixturris.lib.nixturrisSystem { diff --git a/install.sh b/install.sh index a707ed4..a0ec3b7 100644..100755 --- a/install.sh +++ b/install.sh @@ -1,11 +1,15 @@ #!/bin/sh set -eu hostname="${1:-$(hostname)}" +root="${2:-}" -if [ "$(id -u)" -ne 0 ]; then - echo "Please run as root!" >&2 - exit 1 -fi +_sudo() { + if [ "$(id -u)" -ne 0 ]; then + "$@" + else + sudo -p 'Sudo password: ' -- "$@" + fi +} if [ "$hostname" = "nixos" ]; then echo "The hostname is the default one, that is not right for sure." >&2 @@ -13,19 +17,21 @@ if [ "$hostname" = "nixos" ]; then exit 1 fi -if [ ! -s /.personal-secrets.key ]; then +if [ ! -s "$root/.personal-secrets.key" ]; then echo "Please paste the personal secret key (terminate using ^D)" >&2 - cat >/.personal-secrets.key + sudo tee "$root/.personal-secrets.key" >/dev/null fi -mkdir -p ~/.ssh -cat >~/.ssh/config <<EOF -Match User git Host cynerd.cz - IdentityFile ~/.ssh/nixos-secret-access -EOF +eval "$(ssh-agent)" echo "Please paste the SSH access key now (terminate using ^D):" >&2 -cat >~/.ssh/nixos-secret-access -trap "rm -f ~/.ssh/nixos-secret-access" EXIT +ssh-add - +trap 'kill "$SSH_AGENT_PID"' EXIT -nix-shell -p git --command \ - "nixos-rebuild switch --flake 'git+https://git.cynerd.cz/nixos-personal#$hostname' --fast" +flake="git+https://git.cynerd.cz/nixos-personal#$hostname" +if [ -z "$root" ]; then + nix shell nixpkgs\#git --command \ + "_sudo \"\$(command -v nixos-rebuild)\" switch --flake '$flake' --fast" +else + nix shell nixpkgs\#git nixpkgs\#nixos-install-tools --command \ + "_sudo \"\$(command -v nixos-install)\" --flake '$flake' --root '$root'" +fi diff --git a/nixos/machine/adm-mpd.nix b/nixos/machine/adm-mpd.nix index 3e103e1..aa85445 100644 --- a/nixos/machine/adm-mpd.nix +++ b/nixos/machine/adm-mpd.nix @@ -5,6 +5,7 @@ with lib; { config = { + fileSystems = { "/" = { device = "/dev/mmcblk0p2"; @@ -18,6 +19,35 @@ with lib; device = "/dev/mmcblk0p1"; }; }; + + networking.wireless = { + enable = true; + networks = filterAttrs (n: v: n == "Nela") config.secrets.wifiNetworks; + environmentFile = "/run/secrets/wifi.env"; + userControlled.enable = true; + }; + + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + + services.spotifyd = { + enable = true; + settings.global = { + device_name = "Adámkovi"; + device = "sysdefault"; + mixer = "Master"; + bitrate = 320; + cache_path = "/var/cahe/spotify"; + no_audio_cache = true; + volume_normalisation = true; + normalisation_pregain = -10; + initial_volume = 60; + }; + }; + }; } diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix index 21bfeb6..f5ca827 100644 --- a/nixos/machine/adm-omnia.nix +++ b/nixos/machine/adm-omnia.nix @@ -5,6 +5,10 @@ with lib; { config = { + cynerd = { + openvpn.oldpersonal = true; + }; + }; } diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix index 87c9d15..32ad5ab 100644 --- a/nixos/machine/default.nix +++ b/nixos/machine/default.nix @@ -14,5 +14,5 @@ machine-adm-omnia = import ./adm-omnia.nix; machine-adm-omnia2 = import ./adm-omnia2.nix; - machine-adm-mpd = import ./spt-mpd.nix; + machine-adm-mpd = import ./adm-mpd.nix; } diff --git a/nixos/machine/spt-mox.nix b/nixos/machine/spt-mox.nix index eb304b2..bb0ac5e 100644 --- a/nixos/machine/spt-mox.nix +++ b/nixos/machine/spt-mox.nix @@ -24,6 +24,16 @@ with lib; ]; }; }; + interfaces.brlan = { + ipv4 = { + addresses = [{ + address = config.cynerd.hosts.spt.mox; + prefixLength = 24; + }]; + }; + }; + defaultGateway = config.cynerd.hosts.spt.omnia; + nameservers = [ config.cynerd.hosts.spt.omnia "1.1.1.1" "8.8.8.8" ]; dhcpcd.allowInterfaces = [ "brlan" ]; }; }; diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix index 21bfeb6..4cb80c4 100644 --- a/nixos/machine/spt-omnia.nix +++ b/nixos/machine/spt-omnia.nix @@ -5,6 +5,23 @@ with lib; { config = { + cynerd = { + openvpn.oldpersonal = true; + }; + + services.syncthing = { + enable = true; + #user = mkDefault "cynerd"; + #group = mkDefault "cynerd"; + openDefaultPorts = true; + + overrideDevices = false; + overrideFolders = false; + + dataDir = "/data"; + configDir = "/srv/syncthing"; + }; + }; } diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 2b3c3fd..57c5d82 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -2,7 +2,11 @@ with lib; -{ +let + + isNative = config.nixpkgs.crossSystem == null; + +in { config = { system.stateVersion = "22.05"; @@ -12,12 +16,10 @@ with lib; settings = { auto-optimise-store = true; substituters = [ - "https://cache.nixos.org" "https://thefloweringash-armv7.cachix.org" "https://arm.cachix.org" ]; trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" "arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8=" ]; @@ -41,7 +43,8 @@ with lib; environment.systemPackages = with pkgs; [ git # We need git for this repository to even work # Administration tools - coreutils moreutils binutils psmisc progress lshw file + #coreutils moreutils binutils psmisc progress lshw file + coreutils binutils psmisc progress lshw file ldns wget gnumake exfat exfatprogs @@ -49,16 +52,16 @@ with lib; usbutils # NCurses tools - htop iotop glances + htop iotop #glances mc screen tmux - ncdu + #ncdu # ls tools tree - mlocate lsof strace + #mlocate sourceHighlight # Colors for less unrar p7zip zip unzip @@ -71,7 +74,16 @@ with lib; lm_sensors - ] ++ optional (system == "x86_64-linux") ltrace; + ] ++ optionals (system == "x86_64-linux") [ + ltrace + ] ++ optionals (!isNative) [ + ncdu_1 + ] ++ optionals (isNative) [ + moreutils + glances + ncdu + mlocate + ]; users.mutableUsers = false; users.groups.cynerd.gid = 1000; @@ -87,14 +99,14 @@ with lib; subGidRanges = [{ count = 65534; startGid = 10000; }]; isNormalUser = true; createHome = true; - shell = pkgs.zsh.out; + shell = if isNative then pkgs.zsh.out else pkgs.bash.out; passwordFile = "/run/secrets/cynerd.pass"; openssh.authorizedKeys.keyFiles = [ (config.personal-secrets + "/unencrypted/git-private.pub") ]; }; }; - programs.zsh.enable = true; + programs.zsh.enable = isNative; programs.shellrc.enable = true; programs.vim.defaultEditor = mkDefault true; |