build-pindakaas-disk.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash
+#! nix-shell -p bash nixos-install-tools
+
+set -euo pipefail
+
+# Parse arguments
+function help {
+    echo "Usage: $0 -e"
+    echo
+    echo "Options:"
+    echo "  -h: Display this help message."
+    echo "  -e: Erase the disk. This can be used in case the wanted partition scheme doesn't match."
+}
+
+disko_mode=mount
+while getopts "e" OPTION
+do
+    case "$OPTION" in
+        h)
+            help
+            exit 0
+            ;;
+        e)
+            disko_mode=disko
+            ;;
+        ?)
+            help
+            exit 2
+            ;;
+    esac
+done
+shift "$(($OPTIND -1))"
+
+if [ "$#" -gt 0 ]
+then
+    help
+    exit 2
+fi
+
+set -x
+
+# Add channels to root user, as nixos-install uses those.
+# Not great, but fixable with flakes I guess
+sudo ./add_channels.sh
+
+# Format or mount disk
+sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes run github:nix-community/disko -- --mode $disko_mode ./pindakaas_disko.nix
+
+# Generate hardware-config.nix
+sudo nixos-generate-config --no-filesystems --root /mnt
+# --no-filesystems because they are imported via disko
+
+# Plug system configuration into this git repo
+sudo mkdir -p /mnt/etc/nixos
+echo "{ ... }: { imports = [ ./hardware-configuration.nix /home/geoffrey/.config/dotfiles/pindakaas.nix ]; }" | sudo tee /mnt/etc/nixos/configuration.nix > /dev/null
+# Everything there should be covered by (and conflicts with) the repo anyways.
+
+# Install NixOS! Or create a new generation.
+sudo nixos-install
+
+# Install dotfiles. Actually not needed by nixos-install since it doesn't rewrite global paths to /mnt.
+# Without it no nixos-rebuild from the system itself once installed though.
+# Should probably be replaced with something like git-sync
+# sudo mkdir -p /mnt/home/geoffrey/.config/
+# sudo cp -a ../dotfiles /mnt/home/geoffrey/.config/
+# sudo chown geoffrey:geoffrey /mnt/home/geoffrey -R
+
+# Signal we're done!
+# Although it might ask for passwords beforehand, so not sure it's really useful
+echo 

curacao.nix

@@ -5,6 +5,8 @@
     ./os/loader.nix
   ];
 
+  boot.loader.efi.canTouchEfiVariables = true;
+
   networking.hostName = "curacao";
   frogeye.extra = true;
   frogeye.desktop.xorg = true;

options.nix

@@ -16,7 +16,9 @@
     dotfiles = {
       path = lib.mkOption {
         type = lib.types.str;
-        default = "${config.home.homeDirectory}/.config/dotfiles";
+        # default = "${config.home.homeDirectory}/.config/dotfiles";
+        # FIXME Above doesn't work outside home-manager context
+        default = "/home/geoffrey/.config/dotfiles";
       };
     };
   };

os/common.nix

@@ -2,10 +2,11 @@
 {
   networking.domain = "geoffrey.frogeye.fr";
 
-  boot.loader.efi.canTouchEfiVariables = true;
-
   time.timeZone = "Europe/Amsterdam";
 
+  # Might fill emptiness?
+  boot.consoleLogLevel = 6; # KERN_INFO
+
   # TODO qwerty-fr for console
 
   # Enable CUPS to print documents

os/geoffrey.nix

@@ -9,6 +9,7 @@
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
     shell = pkgs.zsh;
 
+    initialHashedPassword = "$y$j9T$e64bjL7iyVlniEKwKbM9g0$cCn74za0r6L9QMO20Fdxz3/SX0yvhz3Xd6.2BhtbRL1"; # Not a real password
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
     ];

pindakaas.nix

@@ -4,13 +4,35 @@
     # First commit before 23.05 release date:
     "${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/468a7a108108908c7a35d6549f1e1f0236a9448a.tar.gz"}/pine64/pinebook-pro"
     ./os/loader.nix
+    ./pindakaas_disko.nix
   ];
-  # nixos-hardware use latest kernel by default. This obviously runs quickly out of sync with zfs packages.
-  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  boot = {
+    # nixos-hardware use latest kernel by default. It has been set a while ago, we maybe don't need it anymore?
+    kernelPackages = pkgs.linuxPackages;
+
+    # Pinebook supports UEFI, at least when tow-boot is installed on the SPI
+    loader = {
+      # EFI Variables don't work (no generation appears in systemd-boot)
+      efi.canTouchEfiVariables = false;
+
+      # systemd-boot crashes after booting, so GRUB it is
+      grub = {
+        enable = true;
+        efiSupport = true;
+        efiInstallAsRemovable = true;
+        device = "nodev";
+      };
+    };
+  };
+
 
   networking.hostName = "pindakaas";
 
-  frogeye.extra = false; # FIXME Not working yet
-  frogeye.desktop.xorg = true;
-  frogeye.dev.docker = true;
+  # DEBUG Barebones is faster
+  frogeye.dev.ansible = false;
+  frogeye.dev.python = false;
+
+  # frogeye.extra = false; # FIXME Not working yet
+  # frogeye.desktop.xorg = true;
+  # frogeye.dev.docker = true;
 }

pindakaas_disko.nix

@@ -0,0 +1,78 @@
+{
+  disko.devices = {
+    disk = {
+      pindakaas_sd = {
+        type = "disk";
+        device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              # Needs enough to store multiple kernel generations
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+            # FIXME Hang on Linux boot, for some reason
+            # luks = {
+            #   size = "100%";
+            #   content = {
+            #     type = "luks";
+            #     name = "pindakaas_sd";
+            #     # disable settings.keyFile if you want to use interactive password entry
+            #     #passwordFile = "/tmp/secret.key"; # Interactive
+            #     settings = {
+            #       # Not having SSDs die fast is more important than crypto
+            #       # nerds that could potentially discover which filesystem I
+            #       # use from TRIM patterns
+            #       allowDiscards = true;
+            #       # keyFile = "/tmp/secret.key";
+            #       fallbackToPassword = true; # TEST
+            #     };
+            #     # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+            #     content = {
+            #       type = "btrfs";
+            #       extraArgs = [ "-f" ];
+            #       subvolumes = {
+            #         "/nixos" = {
+            #           mountpoint = "/";
+            #           mountOptions = [ "compress=zstd" "noatime" ];
+            #         };
+            #         "/home" = {
+            #           mountpoint = "/home";
+            #           mountOptions = [ "compress=zstd" "relatime" ];
+            #         };
+            #         "/nix" = {
+            #           mountpoint = "/nix";
+            #           mountOptions = [ "compress=zstd" "noatime" ];
+            #         };
+            #         # Maybe later
+            #         # "/swap" = {
+            #         #   mountpoint = "/.swapvol";
+            #         #   swap.swapfile.size = "20M";
+            #         # };
+            #       };
+            #     };
+            #   };
+            # };
+          };
+        };
+      };
+    };
+  };
+}