nix #11
71
build-pindakaas-disk.sh
Executable file
71
build-pindakaas-disk.sh
Executable file
|
@ -0,0 +1,71 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#! nix-shell -i bash
|
||||||
|
#! nix-shell -p bash nixos-install-tools
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Parse arguments
|
||||||
|
function help {
|
||||||
|
echo "Usage: $0 -e"
|
||||||
|
echo
|
||||||
|
echo "Options:"
|
||||||
|
echo " -h: Display this help message."
|
||||||
|
echo " -e: Erase the disk. This can be used in case the wanted partition scheme doesn't match."
|
||||||
|
}
|
||||||
|
|
||||||
|
disko_mode=mount
|
||||||
|
while getopts "e" OPTION
|
||||||
|
do
|
||||||
|
case "$OPTION" in
|
||||||
|
h)
|
||||||
|
help
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
e)
|
||||||
|
disko_mode=disko
|
||||||
|
;;
|
||||||
|
?)
|
||||||
|
help
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
shift "$(($OPTIND -1))"
|
||||||
|
|
||||||
|
if [ "$#" -gt 0 ]
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
# Add channels to root user, as nixos-install uses those.
|
||||||
|
# Not great, but fixable with flakes I guess
|
||||||
|
sudo ./add_channels.sh
|
||||||
|
|
||||||
|
# Format or mount disk
|
||||||
|
sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes run github:nix-community/disko -- --mode $disko_mode ./pindakaas_disko.nix
|
||||||
|
|
||||||
|
# Generate hardware-config.nix
|
||||||
|
sudo nixos-generate-config --no-filesystems --root /mnt
|
||||||
|
# --no-filesystems because they are imported via disko
|
||||||
|
|
||||||
|
# Plug system configuration into this git repo
|
||||||
|
sudo mkdir -p /mnt/etc/nixos
|
||||||
|
echo "{ ... }: { imports = [ ./hardware-configuration.nix /home/geoffrey/.config/dotfiles/pindakaas.nix ]; }" | sudo tee /mnt/etc/nixos/configuration.nix > /dev/null
|
||||||
|
# Everything there should be covered by (and conflicts with) the repo anyways.
|
||||||
|
|
||||||
|
# Install NixOS! Or create a new generation.
|
||||||
|
sudo nixos-install
|
||||||
|
|
||||||
|
# Install dotfiles. Actually not needed by nixos-install since it doesn't rewrite global paths to /mnt.
|
||||||
|
# Without it no nixos-rebuild from the system itself once installed though.
|
||||||
|
# Should probably be replaced with something like git-sync
|
||||||
|
# sudo mkdir -p /mnt/home/geoffrey/.config/
|
||||||
|
# sudo cp -a ../dotfiles /mnt/home/geoffrey/.config/
|
||||||
|
# sudo chown geoffrey:geoffrey /mnt/home/geoffrey -R
|
||||||
|
|
||||||
|
# Signal we're done!
|
||||||
|
# Although it might ask for passwords beforehand, so not sure it's really useful
|
||||||
|
echo
|
|
@ -5,6 +5,8 @@
|
||||||
./os/loader.nix
|
./os/loader.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "curacao";
|
networking.hostName = "curacao";
|
||||||
frogeye.extra = true;
|
frogeye.extra = true;
|
||||||
frogeye.desktop.xorg = true;
|
frogeye.desktop.xorg = true;
|
||||||
|
|
|
@ -16,7 +16,9 @@
|
||||||
dotfiles = {
|
dotfiles = {
|
||||||
path = lib.mkOption {
|
path = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "${config.home.homeDirectory}/.config/dotfiles";
|
# default = "${config.home.homeDirectory}/.config/dotfiles";
|
||||||
|
# FIXME Above doesn't work outside home-manager context
|
||||||
|
default = "/home/geoffrey/.config/dotfiles";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,10 +2,11 @@
|
||||||
{
|
{
|
||||||
networking.domain = "geoffrey.frogeye.fr";
|
networking.domain = "geoffrey.frogeye.fr";
|
||||||
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
# Might fill emptiness?
|
||||||
|
boot.consoleLogLevel = 6; # KERN_INFO
|
||||||
|
|
||||||
# TODO qwerty-fr for console
|
# TODO qwerty-fr for console
|
||||||
|
|
||||||
# Enable CUPS to print documents
|
# Enable CUPS to print documents
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
|
||||||
|
initialHashedPassword = "$y$j9T$e64bjL7iyVlniEKwKbM9g0$cCn74za0r6L9QMO20Fdxz3/SX0yvhz3Xd6.2BhtbRL1"; # Not a real password
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
|
||||||
];
|
];
|
||||||
|
|
|
@ -4,13 +4,35 @@
|
||||||
# First commit before 23.05 release date:
|
# First commit before 23.05 release date:
|
||||||
"${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/468a7a108108908c7a35d6549f1e1f0236a9448a.tar.gz"}/pine64/pinebook-pro"
|
"${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/468a7a108108908c7a35d6549f1e1f0236a9448a.tar.gz"}/pine64/pinebook-pro"
|
||||||
./os/loader.nix
|
./os/loader.nix
|
||||||
|
./pindakaas_disko.nix
|
||||||
];
|
];
|
||||||
# nixos-hardware use latest kernel by default. This obviously runs quickly out of sync with zfs packages.
|
boot = {
|
||||||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
# nixos-hardware use latest kernel by default. It has been set a while ago, we maybe don't need it anymore?
|
||||||
|
kernelPackages = pkgs.linuxPackages;
|
||||||
|
|
||||||
|
# Pinebook supports UEFI, at least when tow-boot is installed on the SPI
|
||||||
|
loader = {
|
||||||
|
# EFI Variables don't work (no generation appears in systemd-boot)
|
||||||
|
efi.canTouchEfiVariables = false;
|
||||||
|
|
||||||
|
# systemd-boot crashes after booting, so GRUB it is
|
||||||
|
grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
networking.hostName = "pindakaas";
|
networking.hostName = "pindakaas";
|
||||||
|
|
||||||
frogeye.extra = false; # FIXME Not working yet
|
# DEBUG Barebones is faster
|
||||||
frogeye.desktop.xorg = true;
|
frogeye.dev.ansible = false;
|
||||||
frogeye.dev.docker = true;
|
frogeye.dev.python = false;
|
||||||
|
|
||||||
|
# frogeye.extra = false; # FIXME Not working yet
|
||||||
|
# frogeye.desktop.xorg = true;
|
||||||
|
# frogeye.dev.docker = true;
|
||||||
}
|
}
|
||||||
|
|
78
pindakaas_disko.nix
Normal file
78
pindakaas_disko.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
pindakaas_sd = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
# Needs enough to store multiple kernel generations
|
||||||
|
size = "512M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# FIXME Hang on Linux boot, for some reason
|
||||||
|
# luks = {
|
||||||
|
# size = "100%";
|
||||||
|
# content = {
|
||||||
|
# type = "luks";
|
||||||
|
# name = "pindakaas_sd";
|
||||||
|
# # disable settings.keyFile if you want to use interactive password entry
|
||||||
|
# #passwordFile = "/tmp/secret.key"; # Interactive
|
||||||
|
# settings = {
|
||||||
|
# # Not having SSDs die fast is more important than crypto
|
||||||
|
# # nerds that could potentially discover which filesystem I
|
||||||
|
# # use from TRIM patterns
|
||||||
|
# allowDiscards = true;
|
||||||
|
# # keyFile = "/tmp/secret.key";
|
||||||
|
# fallbackToPassword = true; # TEST
|
||||||
|
# };
|
||||||
|
# # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
|
||||||
|
# content = {
|
||||||
|
# type = "btrfs";
|
||||||
|
# extraArgs = [ "-f" ];
|
||||||
|
# subvolumes = {
|
||||||
|
# "/nixos" = {
|
||||||
|
# mountpoint = "/";
|
||||||
|
# mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
# };
|
||||||
|
# "/home" = {
|
||||||
|
# mountpoint = "/home";
|
||||||
|
# mountOptions = [ "compress=zstd" "relatime" ];
|
||||||
|
# };
|
||||||
|
# "/nix" = {
|
||||||
|
# mountpoint = "/nix";
|
||||||
|
# mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
# };
|
||||||
|
# # Maybe later
|
||||||
|
# # "/swap" = {
|
||||||
|
# # mountpoint = "/.swapvol";
|
||||||
|
# # swap.swapfile.size = "20M";
|
||||||
|
# # };
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue