From 3e1fe36c42a2d1f346652936936c22f75780af1a Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 11 Apr 2024 10:58:25 +0200 Subject: [PATCH] Add new Nix On Droid `janeway` host --- flake.lock | 191 +++++++++++++++++++++++++++++++++++++- flake.nix | 1 + hosts/default.nix | 15 +-- hosts/janeway/default.nix | 58 ++++++++++++ hosts/module.nix | 72 ++++++++++++++ 5 files changed, 322 insertions(+), 15 deletions(-) create mode 100644 hosts/janeway/default.nix diff --git a/flake.lock b/flake.lock index c93a45c..687fbbd 100644 --- a/flake.lock +++ b/flake.lock @@ -587,7 +587,7 @@ "hercules-ci-effects_3": { "inputs": { "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1701009247, @@ -624,6 +624,27 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "homeManager": { "inputs": { "nixpkgs": [ @@ -725,6 +746,52 @@ "type": "github" } }, + "nix-formatter-pack": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd", + "nmt": "nmt" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-on-droid": { + "inputs": { + "home-manager": "home-manager_2", + "nix-formatter-pack": "nix-formatter-pack", + "nixpkgs": "nixpkgs_7", + "nixpkgs-docs": "nixpkgs-docs", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", + "nmd": "nmd_2" + }, + "locked": { + "lastModified": 1710434231, + "narHash": "sha256-yrWnsG28518tbIapJWiluweHORuuIwAQrA8lga0Sqlw=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "2d93311c4f3f300154d2085e4b4b1d550237da92", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-on-droid", + "type": "github" + } + }, "nixDarwin": { "inputs": { "nixpkgs": [ @@ -800,6 +867,38 @@ "type": "github" } }, + "nixpkgs-docs": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-for-bootstrap": { + "locked": { + "lastModified": 1708105575, + "narHash": "sha256-sS4AItZeUnAei6v8FqxNlm+/27MPlfoGym/TZP0rmH0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", + "type": "github" + } + }, "nixpkgs-kernel": { "locked": { "lastModified": 1656239181, @@ -1051,6 +1150,21 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1708172716, + "narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5d874ac46894c896119bce68e758e9e80bdb28f1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1697723726, "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=", @@ -1066,7 +1180,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1678470307, "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=", @@ -1082,6 +1196,60 @@ "type": "github" } }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_2": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmt": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "nur": { "locked": { "lastModified": 1712062467, @@ -1199,7 +1367,7 @@ "fan-control": "fan-control", "flake-parts": "flake-parts_8", "kernel-src": "kernel-src", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nixpkgs-kernel": "nixpkgs-kernel", "panfork": "panfork", "tow-boot": "tow-boot", @@ -1232,6 +1400,7 @@ "homeManagerGitWorkspace": "homeManagerGitWorkspace", "homeManagerSwayNC": "homeManagerSwayNC", "nix-fast-build": "nix-fast-build", + "nix-on-droid": "nix-on-droid", "nixDarwin": "nixDarwin", "nixThePlanet": "nixThePlanet", "nixosHardware": "nixosHardware", @@ -1244,6 +1413,22 @@ "treefmt-nix": "treefmt-nix_3" } }, + "scss-reset": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, "slimlock": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 377e1ff..70ca18e 100644 --- a/flake.nix +++ b/flake.nix @@ -55,6 +55,7 @@ url = "github:LnL7/nix-darwin"; inputs.nixpkgs.follows = "nixpkgsUnstable"; }; + nix-on-droid.url = "github:nix-community/nix-on-droid"; }; outputs = inputs @ {flakeParts, ...}: diff --git a/hosts/default.nix b/hosts/default.nix index 3459702..9448dc0 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -8,8 +8,9 @@ imports = [./module.nix]; fleet = { - darwinHosts.archer = { - }; + darwinHosts.archer = {}; + + nixOnDroidHosts.janeway = {}; hosts = { # thinkpad = { @@ -164,14 +165,4 @@ }; }; }; - - flake.nixosConfigurations = - lib.mapAttrs - config.fleet._mkNixosConfiguration - config.fleet.hosts; - - flake.darwinConfigurations = - lib.mapAttrs - config.fleet._mkDarwinConfiguration - config.fleet.darwinHosts; } diff --git a/hosts/janeway/default.nix b/hosts/janeway/default.nix new file mode 100644 index 0000000..54c0975 --- /dev/null +++ b/hosts/janeway/default.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + pkgs, + ... +}: let + sshdTmpDirectory = "${config.user.home}/sshd-tmp"; + sshdDirectory = "${config.user.home}/sshd"; + pathToPubKey = "/mnt/sdcard/Download/picard_host_key.pub"; + port = 8022; +in { + # Backup etc files instead of failing to activate generation if a file already exists in /etc + environment.etcBackupExtension = ".bak"; + + # Read the changelog before changing this value + system.stateVersion = "23.11"; + + # Set up nix for flakes + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + # Set your time zone + time.timeZone = "Europe/Rome"; + + build.activation.sshd = '' + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" + $DRY_RUN_CMD cat ${pathToPubKey} > "${config.user.home}/.ssh/authorized_keys" + + if [[ ! -d "${sshdDirectory}" ]]; then + $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" + + $VERBOSE_ECHO "Generating host keys..." + $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" + + $VERBOSE_ECHO "Writing sshd_config..." + $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" + + $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" + fi + ''; + + environment.packages = [ + pkgs.vim + pkgs.bottom + pkgs.helix + pkgs.stress + pkgs.openssh + pkgs.git + (pkgs.writeScriptBin "sshd-start" '' + #!${pkgs.runtimeShell} + + echo "Starting sshd in non-daemonized way on port ${toString port}" + ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D + '') + ]; +} diff --git a/hosts/module.nix b/hosts/module.nix index a1da41a..507d279 100644 --- a/hosts/module.nix +++ b/hosts/module.nix @@ -48,6 +48,42 @@ in { }; })); }; + nixOnDroidHosts = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + description = "Host name"; + type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; + default = name; + }; + system = lib.mkOption { + description = "NixOS architecture (a.k.a. system)"; + type = lib.types.str; + default = "aarch64-linux"; + }; + nixpkgs = lib.mkOption { + description = "Used nixpkgs"; + type = lib.types.anything; + default = inputs.nixpkgsUnstable; + }; + extraModules = lib.mkOption { + description = "Extra NixOS modules"; + type = lib.types.listOf lib.types.deferredModule; + default = []; + }; + overlays = lib.mkOption { + description = "Enabled Nixpkgs overlays"; + type = lib.types.listOf (lib.mkOptionType { + name = "nixpkgs-overlay"; + description = "nixpkgs overlay"; + check = lib.isFunction; + merge = lib.mergeOneOption; + }); + default = []; + }; + }; + })); + }; hosts = lib.mkOption { description = "Host configuration"; type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { @@ -243,5 +279,41 @@ in { ]; }; }; + + _mkNixOnDroidConfiguration = lib.mkOption { + description = "Function returning a proper nix-on-droid configuration"; + type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type + internal = true; + default = hostname: config: + inputs.nix-on-droid.lib.nixOnDroidConfiguration { + modules = [ + ({ + lib, + pkgs, + ... + }: { + nixpkgs.overlays = config.overlays; + }) + "${self.outPath}/hosts/${hostname}" + ]; + }; + }; + }; + + config = { + flake.nixosConfigurations = + lib.mapAttrs + config.fleet._mkNixosConfiguration + config.fleet.hosts; + + flake.darwinConfigurations = + lib.mapAttrs + config.fleet._mkDarwinConfiguration + config.fleet.darwinHosts; + + flake.nixOnDroidConfigurations = + lib.mapAttrs + config.fleet._mkNixOnDroidConfiguration + config.fleet.nixOnDroidHosts; }; }