diff --git a/build-pindakaas-disk.sh b/build-pindakaas-disk.sh new file mode 100755 index 0000000..4c0a658 --- /dev/null +++ b/build-pindakaas-disk.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash +#! nix-shell -p bash nixos-install-tools + +set -euo pipefail + +# Parse arguments +function help { + echo "Usage: $0 -e" + echo + echo "Options:" + echo " -h: Display this help message." + echo " -e: Erase the disk. This can be used in case the wanted partition scheme doesn't match." +} + +disko_mode=mount +while getopts "e" OPTION +do + case "$OPTION" in + h) + help + exit 0 + ;; + e) + disko_mode=disko + ;; + ?) + help + exit 2 + ;; + esac +done +shift "$(($OPTIND -1))" + +if [ "$#" -gt 0 ] +then + help + exit 2 +fi + +set -x + +# Add channels to root user, as nixos-install uses those. +# Not great, but fixable with flakes I guess +sudo ./add_channels.sh + +# Format or mount disk +sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes run github:nix-community/disko -- --mode $disko_mode ./pindakaas_disko.nix + +# Generate hardware-config.nix +sudo nixos-generate-config --no-filesystems --root /mnt +# --no-filesystems because they are imported via disko + +# Plug system configuration into this git repo +sudo mkdir -p /mnt/etc/nixos +echo "{ ... }: { imports = [ ./hardware-configuration.nix /home/geoffrey/.config/dotfiles/pindakaas.nix ]; }" | sudo tee /mnt/etc/nixos/configuration.nix > /dev/null +# Everything there should be covered by (and conflicts with) the repo anyways. + +# Install NixOS! Or create a new generation. +sudo nixos-install + +# Install dotfiles. Actually not needed by nixos-install since it doesn't rewrite global paths to /mnt. +# Without it no nixos-rebuild from the system itself once installed though. +# Should probably be replaced with something like git-sync +# sudo mkdir -p /mnt/home/geoffrey/.config/ +# sudo cp -a ../dotfiles /mnt/home/geoffrey/.config/ +# sudo chown geoffrey:geoffrey /mnt/home/geoffrey -R + +# Signal we're done! +# Although it might ask for passwords beforehand, so not sure it's really useful +echo  diff --git a/curacao.nix b/curacao.nix index e02df95..1344c11 100644 --- a/curacao.nix +++ b/curacao.nix @@ -5,6 +5,8 @@ ./os/loader.nix ]; + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "curacao"; frogeye.extra = true; frogeye.desktop.xorg = true; diff --git a/options.nix b/options.nix index 1a2c67d..3ce3b36 100644 --- a/options.nix +++ b/options.nix @@ -16,7 +16,9 @@ dotfiles = { path = lib.mkOption { type = lib.types.str; - default = "${config.home.homeDirectory}/.config/dotfiles"; + # default = "${config.home.homeDirectory}/.config/dotfiles"; + # FIXME Above doesn't work outside home-manager context + default = "/home/geoffrey/.config/dotfiles"; }; }; }; diff --git a/os/common.nix b/os/common.nix index 727eebd..b65873b 100644 --- a/os/common.nix +++ b/os/common.nix @@ -2,10 +2,11 @@ { networking.domain = "geoffrey.frogeye.fr"; - boot.loader.efi.canTouchEfiVariables = true; - time.timeZone = "Europe/Amsterdam"; + # Might fill emptiness? + boot.consoleLogLevel = 6; # KERN_INFO + # TODO qwerty-fr for console # Enable CUPS to print documents diff --git a/os/geoffrey.nix b/os/geoffrey.nix index 38c642b..1597880 100644 --- a/os/geoffrey.nix +++ b/os/geoffrey.nix @@ -9,6 +9,7 @@ extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; + initialHashedPassword = "$y$j9T$e64bjL7iyVlniEKwKbM9g0$cCn74za0r6L9QMO20Fdxz3/SX0yvhz3Xd6.2BhtbRL1"; # Not a real password openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr" ]; diff --git a/pindakaas.nix b/pindakaas.nix index 08da534..d52901c 100644 --- a/pindakaas.nix +++ b/pindakaas.nix @@ -4,13 +4,35 @@ # First commit before 23.05 release date: "${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/468a7a108108908c7a35d6549f1e1f0236a9448a.tar.gz"}/pine64/pinebook-pro" ./os/loader.nix + ./pindakaas_disko.nix ]; - # nixos-hardware use latest kernel by default. This obviously runs quickly out of sync with zfs packages. - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + boot = { + # nixos-hardware use latest kernel by default. It has been set a while ago, we maybe don't need it anymore? + kernelPackages = pkgs.linuxPackages; + + # Pinebook supports UEFI, at least when tow-boot is installed on the SPI + loader = { + # EFI Variables don't work (no generation appears in systemd-boot) + efi.canTouchEfiVariables = false; + + # systemd-boot crashes after booting, so GRUB it is + grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + }; + }; + networking.hostName = "pindakaas"; - frogeye.extra = false; # FIXME Not working yet - frogeye.desktop.xorg = true; - frogeye.dev.docker = true; + # DEBUG Barebones is faster + frogeye.dev.ansible = false; + frogeye.dev.python = false; + + # frogeye.extra = false; # FIXME Not working yet + # frogeye.desktop.xorg = true; + # frogeye.dev.docker = true; } diff --git a/pindakaas_disko.nix b/pindakaas_disko.nix new file mode 100644 index 0000000..bd93cc7 --- /dev/null +++ b/pindakaas_disko.nix @@ -0,0 +1,78 @@ +{ + disko.devices = { + disk = { + pindakaas_sd = { + type = "disk"; + device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; + content = { + type = "gpt"; + partitions = { + ESP = { + # Needs enough to store multiple kernel generations + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + # FIXME Hang on Linux boot, for some reason + # luks = { + # size = "100%"; + # content = { + # type = "luks"; + # name = "pindakaas_sd"; + # # disable settings.keyFile if you want to use interactive password entry + # #passwordFile = "/tmp/secret.key"; # Interactive + # settings = { + # # Not having SSDs die fast is more important than crypto + # # nerds that could potentially discover which filesystem I + # # use from TRIM patterns + # allowDiscards = true; + # # keyFile = "/tmp/secret.key"; + # fallbackToPassword = true; # TEST + # }; + # # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + # content = { + # type = "btrfs"; + # extraArgs = [ "-f" ]; + # subvolumes = { + # "/nixos" = { + # mountpoint = "/"; + # mountOptions = [ "compress=zstd" "noatime" ]; + # }; + # "/home" = { + # mountpoint = "/home"; + # mountOptions = [ "compress=zstd" "relatime" ]; + # }; + # "/nix" = { + # mountpoint = "/nix"; + # mountOptions = [ "compress=zstd" "noatime" ]; + # }; + # # Maybe later + # # "/swap" = { + # # mountpoint = "/.swapvol"; + # # swap.swapfile.size = "20M"; + # # }; + # }; + # }; + # }; + # }; + }; + }; + }; + }; + }; +}