commit 8e4b51453fdf57de77701e4d6094c658e1fb98a6
parent 7c2af21db7c004faa1f2b028d7d7f1a35721adc3
Author: Vincent Demeester <vincent@sbr.pm>
Date: Wed, 21 Feb 2024 12:38:27 +0100
Add a new host, athena Raspberry PI 4
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 83 insertions(+), 0 deletions(-)
diff --git a/flake.nix b/flake.nix
@@ -79,6 +79,16 @@
];
in
{
+ images = {
+ athena = (self.nixosConfigurations.athena.extendModules {
+ modules = [
+ "${inputs.nixpkgs-23_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+ {
+ disabledModules = [ "profiles/base.nix" ];
+ }
+ ];
+ }).config.system.build.sdImage;
+ };
nixosConfigurations =
{
# Work laptop (unstable)
@@ -120,6 +130,15 @@
./systems/hosts/kerkouane.nix
];
};
+ # Raspberry PI
+ # athena
+ athena = inputs.nixpkgs-23_11.lib.nixosSystem {
+ system = "aarch64-linux";
+ modules = stableModules ++ [
+ ./systems/hosts/athena.nix
+ ];
+ };
+ # demeter
};
# TODO: expose some packages ?
diff --git a/systems/hosts/athena.nix b/systems/hosts/athena.nix
@@ -0,0 +1,63 @@
+{ pkgs, lib, ... }:
+
+with lib;
+let
+ hostname = "athena";
+ # secretPath = ../../secrets/machines.nix;
+ # secretCondition = (builtins.pathExists secretPath);
+ #
+ # ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
+ # ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ # endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
+ # endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
+ # endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+
+ metadata = importTOML ../../ops/hosts.toml;
+in
+{
+ imports = [
+ # (import ../../users/vincent)
+ # (import ../../users/root)
+ ];
+
+ networking = {
+ hostName = hostname;
+ firewall.enable = false; # we are in safe territory :D
+ # bridges.br1.interfaces = [ "enp0s31f6" ];
+ # useDHCP = false;
+ # interfaces.br1 = {
+ # useDHCP = true;
+ # };
+ };
+
+ # core.boot.systemd-boot = lib.mkForce true;
+ # profiles.base.systemd-boot = lib.mkForce true;
+ #
+ # modules = {
+ # services = {
+ # syncthing = {
+ # enable = true;
+ # guiAddress = "${metadata.hosts.sakhalin.wireguard.addrs.v4}:8384";
+ # };
+ # avahi.enable = true;
+ # ssh.enable = true;
+ # };
+ # };
+ #
+ # profiles = {
+ # bind.enable = true;
+ # home = true;
+ # };
+
+ # services = {
+ # wireguard = {
+ # enable = true;
+ # ips = ips;
+ # endpoint = endpointIP;
+ # endpointPort = endpointPort;
+ # endpointPublicKey = endpointPublicKey;
+ # };
+ # };
+ security.apparmor.enable = true;
+ security.pam.enableSSHAgentAuth = true;
+}
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -91,6 +91,7 @@ in
];
modules = {
+ core.binfmt.enable = true;
editors.emacs.enable = true;
hardware = {
yubikey = { enable = true; u2f = true; };