From 74fd7e80c4dee64a7990b99db8274b310c748a4a Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Tue, 19 Mar 2024 08:16:39 +1100 Subject: [PATCH] feat: add rpi4 image build --- .taskfiles/nix/Taskfile.yaml | 6 ++ flake.lock | 115 +++++++++++++++++++++++- flake.nix | 72 ++++++++++----- nixos/hosts/images/sd-image/default.nix | 68 ++++++++++++++ nixos/hosts/nixosvm/default.nix | 3 + 5 files changed, 241 insertions(+), 23 deletions(-) create mode 100644 nixos/hosts/images/sd-image/default.nix diff --git a/.taskfiles/nix/Taskfile.yaml b/.taskfiles/nix/Taskfile.yaml index e29a04e..a0cd6e4 100644 --- a/.taskfiles/nix/Taskfile.yaml +++ b/.taskfiles/nix/Taskfile.yaml @@ -43,3 +43,9 @@ tasks: .prompt_to_continue: internal: true prompt: Do you want to continue applying this configuration? + + build-image-rpi4: + desc: Build basic machine build-image + silent: true + cmds: + - nix build .#images.rpi4 diff --git a/flake.lock b/flake.lock index fbf453e..e5cbfd5 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,44 @@ { "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1708091384, + "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1673956053, @@ -18,7 +56,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1681202837, @@ -34,9 +72,30 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -56,6 +115,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1710622004, + "narHash": "sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "968952f950a59dee9ed1e8799dda38c6dfa1bad3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1710283656, @@ -106,7 +181,10 @@ }, "root": { "inputs": { + "deploy-rs": "deploy-rs", + "home-manager": "home-manager", "nix-vscode-extensions": "nix-vscode-extensions", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" @@ -147,6 +225,39 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4848ee3..c1e1e5e 100644 --- a/flake.nix +++ b/flake.nix @@ -5,13 +5,24 @@ # Nixpkgs and unstable nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # home-manager + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # sops-nix sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # deploy-rs + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # VSCode community extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; @@ -34,31 +45,50 @@ # "x86_64-darwin" ]; in - with inputs; { + with inputs; rec { # Use nixpkgs-fmt for 'nix fmt' formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt); - # Each subdirectory in ./machines is a host. Add them all to - # nixosConfigurations. Host configurations need a file called - # configuration.nix that will be read first - nixosConfigurations = builtins.listToAttrs (map - (x: { - name = x; - value = nixpkgs.lib.nixosSystem { - # Make inputs and the flake itself accessible as module parameters. - # Technically, adding the inputs is redundant as they can be also - # accessed with flake-self.inputs.X, but adding them individually - # allows to only pass what is needed to each module. - specialArgs = { flake-self = self; } // inputs; - - system = "x86_64-linux"; - - modules = [ - (./nixos/hosts + "/${x}/default.nix") + nixosConfigurations = + let + defaultModules = + # (builtins.attrValues nixosModules) ++ + [ sops-nix.nixosModules.sops ]; + specialArgs = { + inherit inputs outputs; }; - }) - (builtins.attrNames (builtins.readDir ./nixos/hosts))); + in + { + nixosvm = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = defaultModules ++ [ + ./nixos/hosts/nixosvm + ]; + }; + # isoimage = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; + # inherit specialArgs; + # modules = defaultModules ++ [ + # "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix" + # { isoImage.squashfsCompression = "gzip -Xcompression-level 1"; } + # ./nixos/iso + # ]; + # }; + + # nix build .#images.rpi4 + rpi4 = nixpkgs.lib.nixosSystem { + inherit specialArgs; + + modules = defaultModules ++ [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + ./nixos/hosts/images/sd-image + ]; + }; + }; + images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage; }; + } diff --git a/nixos/hosts/images/sd-image/default.nix b/nixos/hosts/images/sd-image/default.nix new file mode 100644 index 0000000..2423d64 --- /dev/null +++ b/nixos/hosts/images/sd-image/default.nix @@ -0,0 +1,68 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + + ]; + + nixpkgs = { + + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + boot = { + initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + # ttyAMA0 is the serial console broken out to the GPIO + kernelParams = [ + "8250.nr_uarts=1" + "console=ttyAMA0,115200" + "console=tty1" + ]; + loader = { + grub.enable = false; + raspberryPi = { + version = 4; + }; + }; + }; + + # https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4 + hardware = { + raspberry-pi."4".apply-overlays-dtmerge.enable = true; + deviceTree = { + enable = true; + filter = "*rpi-4-*.dtb"; + }; + }; + + console.enable = false; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; + + networking = { + hostName = "nixos"; + wireless.enable = false; + networkmanager.enable = false; + }; + services.openssh.enable = true; + + # Free up to 1GiB whenever there is less than 100MiB left. + nix.extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + nixpkgs.hostPlatform = "aarch64-linux"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1.... username@tld" + ]; + system.stateVersion = "23.11"; + +} diff --git a/nixos/hosts/nixosvm/default.nix b/nixos/hosts/nixosvm/default.nix index b4fa5f4..8356a9b 100644 --- a/nixos/hosts/nixosvm/default.nix +++ b/nixos/hosts/nixosvm/default.nix @@ -27,9 +27,12 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation networking.hostName = "nixosvm"; # Define your hostname. + + # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.