nix #11

Manually merged
geoffrey merged 113 commits from nix into main 2023-12-09 21:43:01 +01:00
7 changed files with 185 additions and 8 deletions
Showing only changes of commit dd6f579f74 - Show all commits

71
build-pindakaas-disk.sh Executable file
View file

@ -0,0 +1,71 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash
#! nix-shell -p bash nixos-install-tools
set -euo pipefail
# Parse arguments
function help {
echo "Usage: $0 -e"
echo
echo "Options:"
echo " -h: Display this help message."
echo " -e: Erase the disk. This can be used in case the wanted partition scheme doesn't match."
}
disko_mode=mount
while getopts "e" OPTION
do
case "$OPTION" in
h)
help
exit 0
;;
e)
disko_mode=disko
;;
?)
help
exit 2
;;
esac
done
shift "$(($OPTIND -1))"
if [ "$#" -gt 0 ]
then
help
exit 2
fi
set -x
# Add channels to root user, as nixos-install uses those.
# Not great, but fixable with flakes I guess
sudo ./add_channels.sh
# Format or mount disk
sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes run github:nix-community/disko -- --mode $disko_mode ./pindakaas_disko.nix
# Generate hardware-config.nix
sudo nixos-generate-config --no-filesystems --root /mnt
# --no-filesystems because they are imported via disko
# Plug system configuration into this git repo
sudo mkdir -p /mnt/etc/nixos
echo "{ ... }: { imports = [ ./hardware-configuration.nix /home/geoffrey/.config/dotfiles/pindakaas.nix ]; }" | sudo tee /mnt/etc/nixos/configuration.nix > /dev/null
# Everything there should be covered by (and conflicts with) the repo anyways.
# Install NixOS! Or create a new generation.
sudo nixos-install
# Install dotfiles. Actually not needed by nixos-install since it doesn't rewrite global paths to /mnt.
# Without it no nixos-rebuild from the system itself once installed though.
# Should probably be replaced with something like git-sync
# sudo mkdir -p /mnt/home/geoffrey/.config/
# sudo cp -a ../dotfiles /mnt/home/geoffrey/.config/
# sudo chown geoffrey:geoffrey /mnt/home/geoffrey -R
# Signal we're done!
# Although it might ask for passwords beforehand, so not sure it's really useful
echo 

View file

@ -5,6 +5,8 @@
./os/loader.nix ./os/loader.nix
]; ];
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "curacao"; networking.hostName = "curacao";
frogeye.extra = true; frogeye.extra = true;
frogeye.desktop.xorg = true; frogeye.desktop.xorg = true;

View file

@ -16,7 +16,9 @@
dotfiles = { dotfiles = {
path = lib.mkOption { path = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "${config.home.homeDirectory}/.config/dotfiles"; # default = "${config.home.homeDirectory}/.config/dotfiles";
# FIXME Above doesn't work outside home-manager context
default = "/home/geoffrey/.config/dotfiles";
}; };
}; };
}; };

View file

@ -2,10 +2,11 @@
{ {
networking.domain = "geoffrey.frogeye.fr"; networking.domain = "geoffrey.frogeye.fr";
boot.loader.efi.canTouchEfiVariables = true;
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
# Might fill emptiness?
boot.consoleLogLevel = 6; # KERN_INFO
# TODO qwerty-fr for console # TODO qwerty-fr for console
# Enable CUPS to print documents # Enable CUPS to print documents

View file

@ -9,6 +9,7 @@
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh; shell = pkgs.zsh;
initialHashedPassword = "$y$j9T$e64bjL7iyVlniEKwKbM9g0$cCn74za0r6L9QMO20Fdxz3/SX0yvhz3Xd6.2BhtbRL1"; # Not a real password
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
]; ];

View file

@ -4,13 +4,35 @@
# First commit before 23.05 release date: # First commit before 23.05 release date:
"${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/468a7a108108908c7a35d6549f1e1f0236a9448a.tar.gz"}/pine64/pinebook-pro" "${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/468a7a108108908c7a35d6549f1e1f0236a9448a.tar.gz"}/pine64/pinebook-pro"
./os/loader.nix ./os/loader.nix
./pindakaas_disko.nix
]; ];
# nixos-hardware use latest kernel by default. This obviously runs quickly out of sync with zfs packages. boot = {
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; # nixos-hardware use latest kernel by default. It has been set a while ago, we maybe don't need it anymore?
kernelPackages = pkgs.linuxPackages;
# Pinebook supports UEFI, at least when tow-boot is installed on the SPI
loader = {
# EFI Variables don't work (no generation appears in systemd-boot)
efi.canTouchEfiVariables = false;
# systemd-boot crashes after booting, so GRUB it is
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
};
};
networking.hostName = "pindakaas"; networking.hostName = "pindakaas";
frogeye.extra = false; # FIXME Not working yet # DEBUG Barebones is faster
frogeye.desktop.xorg = true; frogeye.dev.ansible = false;
frogeye.dev.docker = true; frogeye.dev.python = false;
# frogeye.extra = false; # FIXME Not working yet
# frogeye.desktop.xorg = true;
# frogeye.dev.docker = true;
} }

78
pindakaas_disko.nix Normal file
View file

@ -0,0 +1,78 @@
{
disko.devices = {
disk = {
pindakaas_sd = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
# Needs enough to store multiple kernel generations
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
# FIXME Hang on Linux boot, for some reason
# luks = {
# size = "100%";
# content = {
# type = "luks";
# name = "pindakaas_sd";
# # disable settings.keyFile if you want to use interactive password entry
# #passwordFile = "/tmp/secret.key"; # Interactive
# settings = {
# # Not having SSDs die fast is more important than crypto
# # nerds that could potentially discover which filesystem I
# # use from TRIM patterns
# allowDiscards = true;
# # keyFile = "/tmp/secret.key";
# fallbackToPassword = true; # TEST
# };
# # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
# content = {
# type = "btrfs";
# extraArgs = [ "-f" ];
# subvolumes = {
# "/nixos" = {
# mountpoint = "/";
# mountOptions = [ "compress=zstd" "noatime" ];
# };
# "/home" = {
# mountpoint = "/home";
# mountOptions = [ "compress=zstd" "relatime" ];
# };
# "/nix" = {
# mountpoint = "/nix";
# mountOptions = [ "compress=zstd" "noatime" ];
# };
# # Maybe later
# # "/swap" = {
# # mountpoint = "/.swapvol";
# # swap.swapfile.size = "20M";
# # };
# };
# };
# };
# };
};
};
};
};
};
}