From 17591f82d4d1e6555e163732a69d622ecdf0bb85 Mon Sep 17 00:00:00 2001 From: Spotlight Date: Mon, 3 Feb 2025 20:54:38 -0600 Subject: [PATCH] cornflower: Initialize This is a Raspberry Pi 4B. --- flake.lock | 24 ++--- flake.nix | 18 ++++ hosts/linux/cornflower/configuration.nix | 98 +++++++++++++++++++ .../cornflower/hardware-configuration.nix | 34 +++++++ 4 files changed, 162 insertions(+), 12 deletions(-) create mode 100644 hosts/linux/cornflower/configuration.nix create mode 100644 hosts/linux/cornflower/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index 92b3c1f..be78727 100644 --- a/flake.lock +++ b/flake.lock @@ -92,11 +92,11 @@ ] }, "locked": { - "lastModified": 1738192575, - "narHash": "sha256-2DFgkx6GgLqYyTR/wtEk+EiMiAuFZo7D4LfKjTDKLTc=", + "lastModified": 1738610386, + "narHash": "sha256-yb6a5efA1e8xze1vcdN2HBxqYr340EsxFMrDUHL3WZM=", "owner": "nix-community", "repo": "home-manager", - "rev": "697ba1319fdc58c94dc94cd7908df554dc48d970", + "rev": "066ba0c5cfddbc9e0dddaec73b1561ad38aa8abe", "type": "github" }, "original": { @@ -127,11 +127,11 @@ ] }, "locked": { - "lastModified": 1738033138, - "narHash": "sha256-qlIM8A3bdL9c6PexhpS+QyZLO9y/8a3V75HVyJgDE5Q=", + "lastModified": 1738277753, + "narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "349a74c66c596ef97ee97b4d80a3ca61227b6120", + "rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9", "type": "github" }, "original": { @@ -142,11 +142,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738142207, - "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=", + "lastModified": 1738410390, + "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9d3ae807ebd2981d593cddd0080856873139aa40", + "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", "type": "github" }, "original": { @@ -171,11 +171,11 @@ "rust-overlay": { "flake": false, "locked": { - "lastModified": 1738117527, - "narHash": "sha256-GFviGfaezjGLFUlxdv3zyC7rSZvTXqwcG/YsF6MDkOw=", + "lastModified": 1686795910, + "narHash": "sha256-jDa40qRZ0GRQtP9EMZdf+uCbvzuLnJglTUI2JoHfWDc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6a3dc6ce4132bd57359214d986db376f2333c14d", + "rev": "5c2b97c0a9bc5217fc3dfb1555aae0fb756d99f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index de4c6a7..a647382 100644 --- a/flake.nix +++ b/flake.nix @@ -176,6 +176,24 @@ ]; }; + # Raspberry Pi 4B + nixosConfigurations.cornflower = nixpkgs.lib.nixosSystem { + modules = [ + ./hosts/linux/cornflower/configuration.nix + + home-manager.nixosModules.home-manager + { + nixpkgs.overlays = [ self.overlays.default ]; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users.spotlight = import ./home/home.nix; + extraSpecialArgs = { desktop = false; gpg = false; }; + }; + } + ]; + }; + # We define a default Darwin configuration via nix-darwin. darwinConfigurations."spotlights-macbook-air" = nix-darwin.lib.darwinSystem { modules = [ diff --git a/hosts/linux/cornflower/configuration.nix b/hosts/linux/cornflower/configuration.nix new file mode 100644 index 0000000..6e3cd17 --- /dev/null +++ b/hosts/linux/cornflower/configuration.nix @@ -0,0 +1,98 @@ +# TODO(spotlightishere): Find a better way to disable desktop-specific components +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + boot.loader = { + # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) + grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + generic-extlinux-compatible.enable = true; + }; + + # We want to ensure flakes, new Nix commands, + # and Garnix are available across all installs. + nix.settings = { + experimental-features = [ "flakes" "nix-command" ]; + trusted-users = [ "spotlight" ]; + builders-use-substitutes = true; + + # Include Garnix + substituters = [ "https://cache.garnix.io" ]; + trusted-public-keys = [ "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; + }; + + # We generally want these network preferences across all installs. + networking = { + hostName = "cornflower"; + domain = "host.fox-int.cloud"; + networkmanager = { + enable = true; + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Raspberry_Pi_4#Networking + wifi.powersave = false; + }; + + nameservers = [ + # Quad9 + "2620:fe::fe" + "9.9.9.9" + # Cloudflare + "2606:4700:4700::1111" + "1.1.1.1" + ]; + }; + + # Similarly, enforce baseline localisation. + time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + # We'd like Bonjour available. + services = { + avahi = { + enable = true; + # Enable .local resolution + nssmdns4 = true; + }; + openssh = { + enable = true; + openFirewall = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + }; + + # Our user! + users.users.spotlight = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQQO+c8ygVzRt55Z9qekqItSjYiw381cFPOqX+vGAGT MacBook Air 2020 macOS" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/gyX9b80oml6z3UGOxVMJk/NS8R5w9NEITJcKb0MnU MacBook Air 2020 NixOS" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICpZtyCO6581/FdJHqSTXiFZ2XcxmUudP3sw7jjTzLiN Termius" + ]; + shell = pkgs.zsh; + }; + + # At a minimum, we'd like ZSH available. + programs.zsh.enable = true; + + # Common utilities across most Linux installs. + environment.systemPackages = with pkgs; [ + htop + git + neofetch + tmux + usbutils + vim + wget + ]; + + # Please do not change this without reviewing release notes upstream. + system.stateVersion = "25.05"; # Did you read the comment? +} + diff --git a/hosts/linux/cornflower/hardware-configuration.nix b/hosts/linux/cornflower/hardware-configuration.nix new file mode 100644 index 0000000..17434d2 --- /dev/null +++ b/hosts/linux/cornflower/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +}