flemming: initial commit
This commit is contained in:
parent
58e12507d2
commit
e52897cd14
11
README.rst
11
README.rst
|
@ -8,3 +8,14 @@ https://reciproka.dev/reciproka/reciproka-ops
|
|||
|
||||
.. _Colmena: https://colmena.cli.rs/
|
||||
.. _Reciproka Kolektivo: https://reciproka.co/
|
||||
|
||||
.. toctree::
|
||||
|
||||
Building for aarch64 Targets
|
||||
----------------------------
|
||||
|
||||
If you don't have your own ``aarch64`` build server, you can apply to use the
|
||||
`aarch64 build box`_ provided by the `Nix Community`_.
|
||||
|
||||
.. _aarch64 build box: https://github.com/NixOS/aarch64-build-box
|
||||
.. _Nix Community: https://github.com/nix-community
|
||||
|
|
80
hardware/pi3B.nix
Normal file
80
hardware/pi3B.nix
Normal file
|
@ -0,0 +1,80 @@
|
|||
# Configuration common to all Raspberry Pi 3 Model B devices
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"bcm2835_dma" # Allows early (earlier) mode setting
|
||||
"i2c_bcm2835" # Allows early (earlier) mode setting
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"vc4" # Allows early (earlier) mode setting
|
||||
];
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
|
||||
kernelParams = [
|
||||
"cma=32M" # Needed for the virtual console to work on the RPi 3
|
||||
"console=ttyS0,115200n8" # Enable the serial console
|
||||
"console=tty0"
|
||||
];
|
||||
loader = {
|
||||
generic-extlinux-compatible = {
|
||||
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
|
||||
};
|
||||
grub = {
|
||||
enable = false; # NixOS wants to enable GRUB by default.
|
||||
};
|
||||
raspberryPi = {
|
||||
enable = false;
|
||||
version = 3;
|
||||
uboot.enable = true;
|
||||
firmwareConfig = ''
|
||||
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
|
||||
hdmi_force_hotplug=1 # Enable headless booting
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# File systems configuration for using the installer's partition layout
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot/firmware" = {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
# Alternatively, this could be removed from the configuration.
|
||||
# The filesystem is not needed at runtime, it could be treated
|
||||
# as an opaque blob instead of a discrete FAT32 filesystem.
|
||||
options = ["nofail" "noauto"];
|
||||
};
|
||||
};
|
||||
|
||||
# !!! Adding a swap file is optional, but strongly recommended!
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/swapfile";
|
||||
size = 1024;
|
||||
}
|
||||
];
|
||||
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
|
||||
};
|
||||
|
||||
networking = {
|
||||
enableB43Firmware = true; # If true, enable Pi wireless firmware
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true; # required by B34Firmare above
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi # Userland tools for the Raspberry Pi board
|
||||
];
|
||||
}
|
86
hardware/raspberry_pi_3_model_B.nix
Normal file
86
hardware/raspberry_pi_3_model_B.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
# Configuration common to all Raspberry Pi 3 Model B devices
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"bcm2835_dma" # Allows early (earlier) mode setting
|
||||
"i2c_bcm2835" # Allows early (earlier) mode setting
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"vc4" # Allows early (earlier) mode setting
|
||||
];
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
|
||||
kernelParams = [
|
||||
"cma=320M" # Needed for the virtual console to work on the RPi 3
|
||||
"console=ttyS0,115200n8" # Enable the serial console
|
||||
"console=tty0"
|
||||
];
|
||||
loader = {
|
||||
generic-extlinux-compatible = {
|
||||
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
|
||||
};
|
||||
grub = {
|
||||
enable = false; # NixOS wants to enable GRUB by default.
|
||||
};
|
||||
raspberryPi = {
|
||||
enable = false;
|
||||
version = 3;
|
||||
uboot.enable = true;
|
||||
firmwareConfig = ''
|
||||
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
|
||||
display_auto_detect=1 # Enable auto detection of screen resolution
|
||||
gpu_mem=128
|
||||
hdmi_force_hotplug=1 # Enable headless booting
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# File systems configuration for using the installer's partition layout
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot/firmware" = {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
# Alternatively, this could be removed from the configuration.
|
||||
# The filesystem is not needed at runtime, it could be treated
|
||||
# as an opaque blob instead of a discrete FAT32 filesystem.
|
||||
options = ["nofail" "noauto"];
|
||||
};
|
||||
#"/var" = {
|
||||
# device = "/dev/disk/by-label/var";
|
||||
# fsType = "ext4";
|
||||
#};
|
||||
};
|
||||
|
||||
# !!! Adding a swap file is optional, but strongly recommended!
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/swapfile";
|
||||
size = 1024;
|
||||
}
|
||||
];
|
||||
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
|
||||
};
|
||||
|
||||
networking = {
|
||||
enableB43Firmware = true; # If true, enable Pi wireless firmware
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true; # required by B34Firmare above
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi # Userland tools for the Raspberry Pi board
|
||||
];
|
||||
}
|
14
modules/piCommon/default.nix
Normal file
14
modules/piCommon/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Configuration common to all my servers
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
environment = {
|
||||
# Set the system-wide environment
|
||||
systemPackages = with pkgs; [
|
||||
usbutils # Tools for working with USB devices, such as lsusb
|
||||
];
|
||||
};
|
||||
}
|
26
networks/pi3B_rack.nix
Normal file
26
networks/pi3B_rack.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
# NixOps configuration for the Raspberry Pi 3B Rack
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
../hardware/raspberry_pi_3_model_B.nix
|
||||
../profiles/host_common.nix
|
||||
../profiles/server_common.nix
|
||||
];
|
||||
|
||||
# Ensure the right package architecture is used
|
||||
nixpkgs.localSystem = {
|
||||
system = "aarch64-linux";
|
||||
config = "aarch64-unknown-linux-gnu";
|
||||
allowUnfree = true;
|
||||
};
|
||||
|
||||
systemd.network.networks.eth0.ipv6SendRAConfig = {
|
||||
EmitDNS = true;
|
||||
Managed = true;
|
||||
OtherInformation = true;
|
||||
};
|
||||
|
||||
documentation = {
|
||||
nixos.enable = false; # Save some space by disabling the manual
|
||||
};
|
||||
}
|
25
nixos/hosts/flemming/default.nix
Normal file
25
nixos/hosts/flemming/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
# NixOS configuration for flemming
|
||||
#
|
||||
# Andy Flemming, AKA Slackbastard is the psuedonym of an Australian anarchist
|
||||
# who hosts Yeah Nah Pasaran on radio 3CR and documents fascism and its
|
||||
# grave diggers in Australia
|
||||
#
|
||||
# https://en.wikipedia.org/wiki/Andy_Fleming_(activist)
|
||||
# https://slackbastard.anarchobase.com/
|
||||
# https://www.3cr.org.au/yeahnahpasaran
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
../../../networks/pi3B_rack.nix
|
||||
];
|
||||
|
||||
# Comment out deployment when building the SD Image.
|
||||
deployment.targetHost = "10.42.0.202";
|
||||
networking.hostName = "flemming"; # Define your hostname.
|
||||
|
||||
system.stateVersion = "23.11"; # The version of NixOS originally installed
|
||||
}
|
|
@ -32,6 +32,12 @@ in {
|
|||
overlays = [];
|
||||
};
|
||||
};
|
||||
flemming = {
|
||||
imports = [
|
||||
./nixos/hosts/flemming
|
||||
ragenix.nixosModules.default
|
||||
];
|
||||
};
|
||||
toscano = {
|
||||
imports = [
|
||||
./nixos/hosts/toscano/configuration.nix
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBabmpl
|
||||
K3V2ZWV4c2pXcmtHYlhPaWVTd0Z2UnUrRTU0UHJxSlNGVGxrMEFZCjdsNW1IQTZY
|
||||
VWR5MG9YbjlHVGk1OEFEbGthNXVsbkpHbnlyN0lOU3dxOWsKLT4gc3NoLWVkMjU1
|
||||
MTkgZjVUaEFnIDIwdjFwUmc5dEhGdTd3WFdLMlJzN2NqQ1R1YWV2RXBwbTE5OU0x
|
||||
Y3hHMDAKcFhOYjdDcncwTnplamd3UTlaWVFiMXBHTlpuNFVSa01iaER4amlhdHdR
|
||||
MAotPiBRLWdyZWFzZSBjCkRMREtPUVdTeER4WWhjcjJOWSsvUkxtK2JTUnRhblB4
|
||||
KzFxMW5BVGp5U2hmdGtOZ1FDbFkrdUpNR1JuKzRLTWUKVTZCZk5nRTRUcnUzWURp
|
||||
MVplUGhTQjBrQU1UNwotLS0gSm52ejc3TXRBdlYrS0pRamQzeHo4N0pvcktHMDEv
|
||||
RzdXakJMVlZrYzNtMAp8HicX1xAaiwdoitp+OGbp3imWarnmMynCZxHsdPGmDIYG
|
||||
CEYqJ9JJVXAtzUL7kIE7uQOSZvgp4MvWahk5a0ITQkJDLbXef1mxhavGI6SYkhKP
|
||||
4fYc4GN7xAcxTRvb/oBP67lhc8Pt1W+h6BLphYMYbMM7XT/zHAVCUBrCCKTW2Swc
|
||||
NgJYUgwf7rI+hg/AKeXDXWYyidcYMrvb+L7jiIwZ6Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBXZGxN
|
||||
eVRsL3QyT1BPc1dOWmt4Z213czlHV1gwV0JldkRQREZ1YkZtRjNnCm9yMlpSV1dK
|
||||
R2szbEtnQ2tUOXJzWGMyUk9BQldkbjVCa1RwejJ6U01JdGsKLT4gc3NoLWVkMjU1
|
||||
MTkgUWQwZXBRIFJ0TmhHZHVqam1wWkFRbUFHSWFEYk9CbzVmWnYwUWtjZ3hsQ3Z5
|
||||
Y1JYRDgKajR1a3Nnay9SeFlId2ZDTDd6VVNlZXRpY0h3cTh0R3ExUWRRcGovbVl3
|
||||
cwotPiBzc2gtZWQyNTUxOSBmNVRoQWcgN3BhVlk2Q0Z4RksvL1dLUmhCZFd1VUNs
|
||||
ZmtqREtpMDAzWkRyMGZML016cwpKKzloVUxLWWcxcjZOQ2czaSt1b1hqTkFrSUc2
|
||||
bUJUV2crYUl3TVhQUzBzCi0+IDxSI243aidNLWdyZWFzZSBPIVk1J2QKa3RGampV
|
||||
dlBKMitIV0ltUGhDNFcwK0c5dGFOSHJaRjlRZUppNXJPbmFFZnkwZkZKOHBmMk9P
|
||||
ZmV2L1NZbzF5Kwo3Vlk5Ci0tLSA3MkZtc2V5QXRBLzg3eTNGZkRTZVo4K1hQbkR5
|
||||
cDUwakRsMjBXWms1U0YwCuls+HqLpYE1XR6thkvMuUi/HALGGLyrzLhgDQp/2fDd
|
||||
qf27fBHxGH+LUVE/AtkcEuYvqRGOV92MFHP42wARbzTHPoT+JEtbJH9pghCRHE8l
|
||||
Zi52BJ+9Erk+AGvDyS02ziP5bstBs2uWt9y143tjuZAPLEcKAeWaPmUzxpj+zd4w
|
||||
3/5keHREdbw9xhJiXYYz55K26V/vyqHm9fz5tP32GhN0
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBzblFC
|
||||
eUZrZEw3R24weVJ2TUw3QWZ6WDNYS1NDZVpGTktnakk4M2FnVEhFCjUxK1BucVBu
|
||||
Vm52cXhyK1RyRFdTd2w1WU9NWDUranZTRkhzOHIwbXVHTlkKLT4gc3NoLWVkMjU1
|
||||
MTkgZjVUaEFnIERNWExUWk95Wk1udHYxWm1vKzAwR29kUC9JeUJoMVI3MUx3UmFG
|
||||
aDFCakkKSitsbEtsVzQ5eDAzZ0VUOXIrUkNsSkFFRXJGbEUyVTZNKzcwcTBhWnYy
|
||||
RQotPiBsbS1ncmVhc2UgLTwpJyAxTmtRMgp5OVpBSDh2azhrYjI1cmNjVmdKdlh0
|
||||
d2ZJZwotLS0gSGRZZ2k2ZDhqc3E1clBkOVZ4K3FjZUtGUG1XZ1ozVDRpZkd3ZkhG
|
||||
d3ZuYwocfVjJedKaGHSUGZE2tTu5W47y68PW51+NdYxQOT65fyZD9/Vxi+7HiFqM
|
||||
0xrmCMh3IsOvPa60vuY=
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyB1VGRL
|
||||
OHRURUVFSjhzMmRmQWI1MnNrMUJDNlVEeHYrTTNQN0syV0xNSHlFCnBLSFNIMUpw
|
||||
akZZenB4WWNwRWZ1WHh3ZmZURkZDUmR3WVFHMC9QZXZSZTQKLT4gc3NoLWVkMjU1
|
||||
MTkgZjVUaEFnIDIvUmk5NTZ2N29zRTE4MG9NRjk2VEtZbHdMZ3U4bHpVMnFCbHgr
|
||||
NXlXMUkKcmtkVE4rRnRyWGRDd1RVK2djVlkxRnArQWJSOTJRTEIySjRKZUtvYWtB
|
||||
dwotPiBhdi1ncmVhc2UgeFlgICp7MXZ4ClBBVUUzQTVKMDFZMVFUdlRvUE9GaXFv
|
||||
clBVUlcvTDhmMVpCWHdjenJpTlIrNlJ6MDJZZTFEWE5QN3Y1dUFFZDMKYWdRaWor
|
||||
Nk1lSzZoZFlGSG1WVTVxTVRJdjlmNFdGK3k2RnMKLS0tIE5Dcmh2THcvWmNCbXVS
|
||||
V3lIbHB6UVlnUm10TjhRMURvbEFVdVhURVM0UGcKQ9Mo+lNHm5eeutxfecchV7Yb
|
||||
593Y2GZGoxQTzIWXoWZkzPkeDxLOpUk+OTkgnNclDJ9xPXyanTSS
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBoaDBJ
|
||||
M2E4THRwVmtpWTMwMGpKZ2owdC9aci9zMVZGSzdRYk1Xb2VoUmxzCjVveDgzUUc5
|
||||
SG1OUEVPb0pFTm5VdG93a2lBbVF3OXh1eGNsL1dZWGY1T3MKLT4gc3NoLWVkMjU1
|
||||
MTkgZjVUaEFnIDhFWHNoaFFkeVJ3NXBKc3oxVXdzeWtEc1NqSjAvRDZMWG9XSFVR
|
||||
UnVzMlEKMEJVOU45OUhVd0FEWTIrLzV2WnN6VmVJWjRHM0xRUk5YdFdNS0J1YVBD
|
||||
NAotPiB4WyMtZ3JlYXNlIFBBaTM8IDsgSDIgTChDaFRtcUcKSUlkVHFnRDA5cWIy
|
||||
Mjk4THJPREpRTW5FZ2RVR3lhTWFTOXhPaHdldVRBYWd2WE1Pc0IzbFZFQ0Q2RTAz
|
||||
Q2MySgpYUUNDNE9GM2JrUVpWbE1kenFLVGtDaFFGZjFvTFhYbWY0ZlI0MTlLVXFW
|
||||
d2d5dUdtL2hoSXcKLS0tIHZZMWk2amdIZHpCVzNtSUFvTyt0V3IyVm9NWWVyc3lG
|
||||
WDZpYmNtUkkzTDAKUHVWJeK+gcL0T5tHLBFQQP0EKHtO3Y2MFfNti/dtUhMoOnl0
|
||||
cKi+siTFVAR6hasO8eM+NYgDg0mCt5ThQfAQyr0c2VoPyNu1ITJKwZZndk52y6nv
|
||||
g95L4myoHPlJOKEb2pzSyDYKQZw4kUB4JKC5i7zy7a0TsMzVXUjZRDuOvWxcvXw8
|
||||
QbjtYbRJUZ+pFN445/awGVcZyMIE6KhrazU+WSU=
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBaeFBB
|
||||
cWc4V2pHNU40Q0xMRXgxRVdFZWRRZTh5NDhPNlhDZEd3Tk4zc0c4CmJrSTFoanBw
|
||||
dG9pYmJIVCs2TzkxazJjV1ptRzlSZkRmU2NGT0dtWkZHR0kKLT4gc3NoLWVkMjU1
|
||||
MTkgUWQwZXBRIFdBWmljU0F0U3UrWXEyZnl2MGY5VThxVmE1QkwyMmswRVRFRGFl
|
||||
YnpYMDQKekZQOTFQeStBUTNTSW1ibUdHM05YSDBxUFY4dGVhTkpHejUwTklCTUpM
|
||||
YwotPiBzc2gtZWQyNTUxOSBmNVRoQWcgSzAzMGFvVERReU1nRVhvdHdVK0FzajJj
|
||||
VFZ3aXY1aWl1UW5ReDl4VHBrMApJYm9iRlVQUGNPWlpxcy9MTExhcnZrT0J6UDE0
|
||||
WUtTTUduOFlPNVFZTUs0Ci0+IHhxKC1ncmVhc2UgWl9vNyA7NilCVVshWSBEcEgv
|
||||
RGBpIGgmWAoxVjVrRHVndzI4MmJhN3EwQVEKLS0tIFJabHFPdmtseWhyaTBjV1o0
|
||||
Zm1LVEJZY0F0NFJuZUk0anhGdTRkVlFOMmcKRtPfpCjUf05Jnow5FU3OvZc3FLGm
|
||||
R462mLJoaBg4qhPr7+kxYRrGy2T0yoZLdglOJV4rHwvYWpNglY1o2Jo+I/mG1yAd
|
||||
F+afAb9mQVYreWyQuj7t71Vm1VUdQrsG85lFxdbLbS7ZzITCOrjejgoj6wMPwAgl
|
||||
iPHgOccOAPoiDQTSOdGEm3H4k8we/HSfpW7cPowwExtQCK7PSs30XeJsg4o=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
# Used by ragenix nix only.
|
||||
# Ensure that $RULES has been set via direnv
|
||||
# Edit a key: `agenix -i ~/.ssh/id_ed25519 -e secrets/someKey.age`
|
||||
# run `ragenix -r -i /path/to/your/key` after modifying any keys below
|
||||
#
|
||||
# Re-keying is required after adding new hosts or keys:
|
||||
# run `ragenix -r -i /path/to/your/key`
|
||||
let
|
||||
fiscalvelvetpoet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so";
|
||||
ops = [fiscalvelvetpoet];
|
||||
users = [fiscalvelvetpoet];
|
||||
|
||||
flemming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK16f3Fjj0BY9vjtXahezMAP3I329hHEQXCceRTkr+Yu";
|
||||
toscano = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWcukRkNUQUbgXQle8q9xszDZOnDf3BVpPSFgycJVVE";
|
||||
systems = [toscano];
|
||||
systems = [flemming toscano];
|
||||
in {
|
||||
"root.age".publicKeys = ops ++ systems;
|
||||
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;
|
||||
|
|
Loading…
Reference in a new issue