home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 8e4b51453fdf57de77701e4d6094c658e1fb98a6
parent 7c2af21db7c004faa1f2b028d7d7f1a35721adc3
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Wed, 21 Feb 2024 12:38:27 +0100

Add a new host, athena Raspberry PI 4

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 19+++++++++++++++++++
Asystems/hosts/athena.nix | 63+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Msystems/hosts/wakasu.nix | 1+
3 files changed, 83 insertions(+), 0 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -79,6 +79,16 @@ ]; in { + images = { + athena = (self.nixosConfigurations.athena.extendModules { + modules = [ + "${inputs.nixpkgs-23_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + { + disabledModules = [ "profiles/base.nix" ]; + } + ]; + }).config.system.build.sdImage; + }; nixosConfigurations = { # Work laptop (unstable) @@ -120,6 +130,15 @@ ./systems/hosts/kerkouane.nix ]; }; + # Raspberry PI + # athena + athena = inputs.nixpkgs-23_11.lib.nixosSystem { + system = "aarch64-linux"; + modules = stableModules ++ [ + ./systems/hosts/athena.nix + ]; + }; + # demeter }; # TODO: expose some packages ? diff --git a/systems/hosts/athena.nix b/systems/hosts/athena.nix @@ -0,0 +1,63 @@ +{ pkgs, lib, ... }: + +with lib; +let + hostname = "athena"; + # secretPath = ../../secrets/machines.nix; + # secretCondition = (builtins.pathExists secretPath); + # + # ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; + # ips = lists.optionals secretCondition ([ "${ip}/24" ]); + # endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; + # endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; + # endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; + + metadata = importTOML ../../ops/hosts.toml; +in +{ + imports = [ + # (import ../../users/vincent) + # (import ../../users/root) + ]; + + networking = { + hostName = hostname; + firewall.enable = false; # we are in safe territory :D + # bridges.br1.interfaces = [ "enp0s31f6" ]; + # useDHCP = false; + # interfaces.br1 = { + # useDHCP = true; + # }; + }; + + # core.boot.systemd-boot = lib.mkForce true; + # profiles.base.systemd-boot = lib.mkForce true; + # + # modules = { + # services = { + # syncthing = { + # enable = true; + # guiAddress = "${metadata.hosts.sakhalin.wireguard.addrs.v4}:8384"; + # }; + # avahi.enable = true; + # ssh.enable = true; + # }; + # }; + # + # profiles = { + # bind.enable = true; + # home = true; + # }; + + # services = { + # wireguard = { + # enable = true; + # ips = ips; + # endpoint = endpointIP; + # endpointPort = endpointPort; + # endpointPublicKey = endpointPublicKey; + # }; + # }; + security.apparmor.enable = true; + security.pam.enableSSHAgentAuth = true; +} diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix @@ -91,6 +91,7 @@ in ]; modules = { + core.binfmt.enable = true; editors.emacs.enable = true; hardware = { yubikey = { enable = true; u2f = true; };