Compare commits
263 commits
bb31fc5d4e
...
98286aded0
Author | SHA1 | Date | |
---|---|---|---|
|
98286aded0 | ||
|
439505d770 | ||
|
47fefe9dda | ||
|
ce9585cbec | ||
|
39b79979ea | ||
|
ddb3615228 | ||
|
c23b2c2fd7 | ||
|
fc1bca17ec | ||
|
2253256b80 | ||
|
f4294d5b0e | ||
|
579c08a40b | ||
|
772d4bd626 | ||
|
9d76d4dc70 | ||
|
6b168872b4 | ||
|
8e016d2518 | ||
|
d247d5b016 | ||
|
abf1508008 | ||
|
2840630923 | ||
|
16f5829aea | ||
|
b0950ae01e | ||
|
2dcda9dca1 | ||
|
d7ac48b002 | ||
|
2d643b3bd8 | ||
|
16ee3cf264 | ||
|
03295ef302 | ||
|
5282622603 | ||
|
ce1b8610ca | ||
|
155ed22f1e | ||
|
945435f260 | ||
|
10d7b49f3a | ||
|
9eb38a6c79 | ||
|
91ff58c836 | ||
|
314a6624df | ||
|
c0a1970842 | ||
|
e0b1b7a27b | ||
|
9c2f9dfdd2 | ||
|
c3ad8ac3db | ||
|
a109468d08 | ||
|
76e0baf45c | ||
|
0eb7a6ed38 | ||
|
f8cb25ac86 | ||
|
4208a062f3 | ||
|
a0984f37b3 | ||
|
a5ec9c28f0 | ||
|
e3df076d8b | ||
|
9d817c0a58 | ||
|
eef8ff7ee3 | ||
|
30deb5d6c6 | ||
|
f1c6b2c021 | ||
|
736f95e57c | ||
|
c4a90d5e9a | ||
|
2b309194fb | ||
|
8d49507190 | ||
|
604300d2f9 | ||
|
010d6ce6ab | ||
|
009ed49f89 | ||
|
6d65cadad9 | ||
|
251448dd13 | ||
|
6e7ffe29bd | ||
|
dbac9dbe88 | ||
|
2e8b7b4f49 | ||
|
0f6d1843e0 | ||
|
7d406a02f2 | ||
|
816a72a04a | ||
|
9bfb739894 | ||
|
a57fdcd63d | ||
|
e673ca2574 | ||
|
67874e09f5 | ||
|
f792d1c9f5 | ||
|
59b116ac40 | ||
|
3e61f8fcb2 | ||
|
884661e76f | ||
|
3816de9632 | ||
|
59ab496824 | ||
|
10f57e5fa7 | ||
|
021d37f3f6 | ||
|
6cb8d5be9a | ||
|
4dace15a62 | ||
|
fb543493f4 | ||
|
7ab4d53138 | ||
|
b6a74ca89b | ||
|
c3cbab909c | ||
|
7846c249ae | ||
|
fe19be208d | ||
|
7545035b96 | ||
|
ce88732678 | ||
|
1dcfa5a8d2 | ||
|
d7e2590026 | ||
|
c33f3787b1 | ||
|
479eeb2748 | ||
|
a1138a14b6 | ||
|
e8027502d9 | ||
|
9d393910ee | ||
|
162f828a15 | ||
|
5acd990b10 | ||
|
b8693e7376 | ||
|
697890b2c3 | ||
|
09af7bcc9a | ||
|
c3c580a025 | ||
|
026277fb39 | ||
|
494a5caf9f | ||
|
792f40b96c | ||
|
1c0a30e532 | ||
|
a4c223ecdd | ||
|
52a22564bd | ||
|
1cbba1eaef | ||
|
8c359e2766 | ||
|
c2b83a0f7e | ||
|
fb979e4875 | ||
|
5d3ec33307 | ||
|
b5ec97aa69 | ||
|
8657f05a2f | ||
|
ca1b006bea | ||
|
52aa90abd9 | ||
|
29fa933692 | ||
|
3dcdeb35d1 | ||
|
25a0e9f1bd | ||
|
9c8830b7bd | ||
|
074acdebdf | ||
|
be87114194 | ||
|
aa07754190 | ||
|
d1ce0a2c64 | ||
|
f49f494a08 | ||
|
b3233da7c3 | ||
|
8525242e14 | ||
|
0851482585 | ||
|
8d81a295b7 | ||
|
9a7db51da7 | ||
|
3e4d901842 | ||
|
58793e54fa | ||
|
efae283e3b | ||
|
26277ae395 | ||
|
6281b1c832 | ||
|
aca343d8c7 | ||
|
3a327b8919 | ||
|
8a95484880 | ||
|
b4e5d66442 | ||
|
11e023fd3c | ||
|
c90f32c6b3 | ||
|
87dfd12394 | ||
|
e370e71c37 | ||
|
09b7fcf6fc | ||
|
04f960b766 | ||
|
2e76ac8dff | ||
|
ae3c899fea | ||
|
602e54277b | ||
|
50bd5ab5e1 | ||
|
a95b144973 | ||
|
7f224b4f85 | ||
|
218c7dd837 | ||
|
516abb1842 | ||
|
8640d82ade | ||
|
e06b022625 | ||
|
695484a4b4 | ||
|
eaf48216b8 | ||
|
94a40b2e76 | ||
|
836989a34b | ||
|
70d54fd6e1 | ||
|
5131a6dfe4 | ||
|
2b10c24a9c | ||
|
085fe707be | ||
|
44f6f4d7d4 | ||
|
5ddf6715f2 | ||
|
14bfc82371 | ||
|
0a004802f5 | ||
|
58993bb8d5 | ||
|
af1ccf7936 | ||
|
c04c72e7ae | ||
|
a98748fa49 | ||
|
315b25e01a | ||
|
2fbe779809 | ||
|
5ebd1e4726 | ||
|
7a89a3349d | ||
|
d635779d46 | ||
|
fd7b38b865 | ||
|
d75e6eedc9 | ||
|
b3dbc020e5 | ||
|
bff53d40ae | ||
|
e47b1fead6 | ||
|
567f4cc8a9 | ||
|
7da667505e | ||
|
6f26c849ef | ||
|
84e0bb016a | ||
|
66a7fe9d2d | ||
|
411770a08f | ||
|
0932c8e50c | ||
|
82841a770d | ||
|
fcefcc6c9f | ||
|
817f089a8e | ||
|
27f5946f71 | ||
|
713d0bd48f | ||
|
894db06c68 | ||
|
e1e4d62d54 | ||
|
95ed1c4760 | ||
|
38d2b30fe6 | ||
|
124c26481e | ||
|
269eb7606a | ||
|
cad9343948 | ||
|
4a917b59ac | ||
|
049dff1afa | ||
|
130675bb0a | ||
|
a87b150e50 | ||
|
b786ff5c6e | ||
|
42dd571966 | ||
|
432e048aea | ||
|
85a3d84407 | ||
|
96fe999669 | ||
|
3a3e1e97d0 | ||
|
e8ec0ac47b | ||
|
5687c809dc | ||
|
73567ed5ee | ||
|
822315cd0b | ||
|
ef9b79b08c | ||
|
d0df3a55f0 | ||
|
c3fa8be13a | ||
|
1e8c3b2725 | ||
|
0d0ab7cd0a | ||
|
c3e77f7e91 | ||
|
bc786ee79f | ||
|
3aa36d7168 | ||
|
f126616150 | ||
|
8b3ff41b76 | ||
|
53b64b4217 | ||
|
3aa491f2cf | ||
|
0b4af260ef | ||
|
d74bf5467b | ||
|
658930dc14 | ||
|
39987b7ad5 | ||
|
440b871426 | ||
|
e5ea1eadaa | ||
|
53581a1eef | ||
|
cc4db94479 | ||
|
6e38ba3da6 | ||
|
3d749bdbb2 | ||
|
55a0ff4003 | ||
|
c7d07fe4aa | ||
|
55db631805 | ||
|
60160a5b26 | ||
|
457c03b2e0 | ||
|
0ac21f9a9e | ||
|
acdc6b4b92 | ||
|
af785f606d | ||
|
460d179c55 | ||
|
901d79bc21 | ||
|
e67a081af6 | ||
|
ecf9dd79c0 | ||
|
f194c9d444 | ||
|
d050115127 | ||
|
0f90e75cfc | ||
|
a26f637481 | ||
|
0fadd7696c | ||
|
adc70178b1 | ||
|
5403d98cda | ||
|
b422aac13b | ||
|
0b06913b58 | ||
|
9596fd3f03 | ||
|
92df320bed | ||
|
408f44bdf3 | ||
|
9b13851911 | ||
|
2e834c9dec | ||
|
4b7fc508d5 | ||
|
2516e25dfc | ||
|
f104a0f01e |
124 changed files with 8997 additions and 584 deletions
23
.ci.sdImages.sh
Executable file
23
.ci.sdImages.sh
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -a
|
||||
source /run/agenix/ci-secrets
|
||||
set +a
|
||||
|
||||
cat ci-secrets.nix | envsubst > ci-secrets.nix.tmp
|
||||
mv ci-secrets.nix.tmp ci-secrets.nix
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
set -x
|
||||
|
||||
while read hostOutput; do
|
||||
echo "${hostOutput}"
|
||||
nix build --no-link ".#nixosConfigurations.${hostOutput}.config.system.build.sdImage"
|
||||
done < <(nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
|
||||
with import <nixpkgs> { };
|
||||
(lib.strings.concatStringsSep "\n"
|
||||
(lib.mapAttrsToList (n: v: n)
|
||||
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system && v.pkgs.system == "aarch64-linux" && n != builtins.getEnv "HOSTNAME")
|
||||
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations)))
|
||||
')
|
31
.ci.sh
31
.ci.sh
|
@ -1,18 +1,23 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -a
|
||||
source /run/agenix/ci-secrets
|
||||
set +a
|
||||
|
||||
cat ci-secrets.nix | envsubst > ci-secrets.nix.tmp
|
||||
mv ci-secrets.nix.tmp ci-secrets.nix
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
export NIX_CONFIG="use-xdg-base-directories = true"
|
||||
set -x
|
||||
|
||||
nix profile install nixpkgs#nixos-rebuild
|
||||
|
||||
~/.local/state/nix/profile/bin/nixos-rebuild build --flake ".#ciTest"
|
||||
|
||||
# for hostOutput in $(nix eval --raw --impure --expr '
|
||||
# with import <nixpkgs> { };
|
||||
# (lib.mapAttrsToList (name: value: value)
|
||||
# (builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations)[0]'
|
||||
# ); do
|
||||
# ~/.local/state/nix/profile/bin/nixos-rebuild build --flake ".#${hostOutput}"
|
||||
# done
|
||||
#
|
||||
while read hostOutput; do
|
||||
echo "${hostOutput}"
|
||||
nixos-rebuild build --verbose --flake ".#${hostOutput}"
|
||||
done < <(nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
|
||||
with import <nixpkgs> { };
|
||||
(lib.strings.concatStringsSep "\n"
|
||||
(lib.mapAttrsToList (n: v: n)
|
||||
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
|
||||
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations)))
|
||||
'; echo "")
|
||||
|
|
28
.forgejo/workflows/ci.yml
Normal file
28
.forgejo/workflows/ci.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
x86_64-linux:
|
||||
if: |
|
||||
!contains(github.event.head_commit.message, '[skip-ci arm64]')
|
||||
&& !contains(github.event.head_commit.message, '[skip-ci]')
|
||||
runs-on: self-hosted-x86_64-linux
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: build hosts configuration
|
||||
run: ./.ci.sh
|
||||
|
||||
aarch64-linux:
|
||||
if: |
|
||||
!contains(github.event.head_commit.message, '[skip-ci arm64]')
|
||||
&& !contains(github.event.head_commit.message, '[skip-ci]')
|
||||
runs-on: self-hosted-aarch64-linux
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: build hosts configuration
|
||||
run: ./.ci.sh
|
64
.github/workflows/ci.yml
vendored
64
.github/workflows/ci.yml
vendored
|
@ -1,21 +1,59 @@
|
|||
name: CI
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
run-x86_64-linux:
|
||||
name: Run x86_64 Linux
|
||||
runs-on: ubuntu-22.04
|
||||
get-hosts:
|
||||
if: "!contains(github.event.head_commit.message, '[skip-ci]')"
|
||||
runs-on: self-hosted-x86_64-linux
|
||||
outputs:
|
||||
matrix: ${{ steps.hosts_out.outputs.matrix }}
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
with:
|
||||
logger: pretty
|
||||
log-directives: nix_installer=trace
|
||||
backtrace: full
|
||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||
- run: ./.ci.sh
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- id: hosts_out
|
||||
name: set hosts var
|
||||
run: |
|
||||
{
|
||||
echo -n "matrix="
|
||||
nix eval --raw --impure --expr '
|
||||
let
|
||||
f = configs: builtins.groupBy (n: configs.${n}.pkgs.system) (builtins.attrNames configs);
|
||||
in
|
||||
builtins.toJSON (f (builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations)'
|
||||
echo ""
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
x86_64-linux:
|
||||
if: |
|
||||
!contains(github.event.head_commit.message, '[skip-ci x64]')
|
||||
&& !contains(github.event.head_commit.message, '[skip-ci]')
|
||||
runs-on: self-hosted-x86_64-linux
|
||||
needs: [get-hosts]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
host: ${{ fromJson(needs.get-hosts.outputs.matrix).x86_64-linux }}
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: build host configuration ${{ matrix.host }}
|
||||
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
|
||||
|
||||
aarch64-linux:
|
||||
if: |
|
||||
!contains(github.event.head_commit.message, '[skip-ci arm64]')
|
||||
&& !contains(github.event.head_commit.message, '[skip-ci]')
|
||||
runs-on: self-hosted-aarch64-linux
|
||||
needs: [get-hosts]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
host: ${{ fromJson(needs.get-hosts.outputs.matrix).aarch64-linux }}
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: build host configuration ${{ matrix.host }}
|
||||
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
|
||||
|
|
73
README.md
Normal file
73
README.md
Normal file
|
@ -0,0 +1,73 @@
|
|||
# My personal NixOS infrastructure configurations
|
||||
|
||||
This repository contains configurations for Most™ of my NixOS machines.
|
||||
|
||||
All of the host configurations are deployable using
|
||||
[deploy-rs](https://github.com/serokell/deploy-rs),
|
||||
[colmena](https://colmena.cli.rs/), and plain old `nixos-rebuild`. See
|
||||
`deploy.nodes` and `colmena` crimes in flake outputs for details how. Initial
|
||||
host deploment, sadly, needs to happen manually (for now at least). Secrets are
|
||||
managed using [agenix](https://github.com/ryantm/agenix), instead of any
|
||||
deployment-tool-native secret manager.
|
||||
|
||||
## General usage
|
||||
### Adding new module
|
||||
```
|
||||
$ echo -e "{ config, lib, pkgs, inputs, ... }:\n\n{\n}" > modules/new-module.nix
|
||||
```
|
||||
|
||||
### Adding new host
|
||||
```
|
||||
$ mkdir nixos/newhost
|
||||
$ echo -e "{ config, lib, pkgs, inputs, ... }:\n\n{\n}" > nixos/newhost/default.nix
|
||||
$ echo '{"publicKey": "…", "targetHost": "…", "system": "aarch64-linux"}' | jq -rM > nixos/newhost/meta.json
|
||||
```
|
||||
|
||||
### Exploring generated configurations
|
||||
Colmena has a nice feature here called `colmena repl`. Go out there and explore
|
||||
`nodes` and its attributes.
|
||||
|
||||
### Before you commit
|
||||
To keep things clean, uniform, and working at least on some basic level,
|
||||
remember to:
|
||||
```
|
||||
$ nix flake check --no-build
|
||||
$ nix fmt
|
||||
```
|
||||
Small bit of warning: `nix fmt`, with formatters as configured (`deadnix`
|
||||
specifically) *will* remove unused variables and such. Might be annoying when
|
||||
things are work-in-progress.
|
||||
|
||||
### Deploying new configurations
|
||||
There are multiple options here. You can use `nixos-rebuild` either locally:
|
||||
```
|
||||
$ sudo nixos-rebuild switch --flake .#microlith
|
||||
```
|
||||
remotely:
|
||||
```
|
||||
$ nixos-rebuild switch --target-host root@zorigami --build-host root@zorigami --flake .#zorigami
|
||||
```
|
||||
remotely using `deploy-rs`:
|
||||
```
|
||||
$ deploy .#scylla
|
||||
```
|
||||
or using `colmena`:
|
||||
```
|
||||
$ colmena apply --on khas
|
||||
```
|
||||
All of these *should* generally work, though I prefer to use `deploy-rs` on my
|
||||
router (because of magic rollback) when deploying bigger changes, and `colmena`
|
||||
in most cases, because it's faster. And if the changes you're about to deploy
|
||||
had a chance to be built by "CI", most stuff shouldn't need to be built locally.
|
||||
|
||||
Warnings about `colmena` and `deploy` being unknown flake outputs are known, and
|
||||
will stay here at least until
|
||||
[schemas](https://determinate.systems/posts/flake-schemas) get implemented for
|
||||
these.
|
||||
|
||||
## General notes
|
||||
Feel free to use this as a basis for your own configuration flakes, but while I
|
||||
keep things here working for me, the general state might not reflect best
|
||||
practices. Use caution, and if you feel like you don't really understand
|
||||
something (and there are some code crimes commited here), don't feel obliged to
|
||||
use it just because it's already here.
|
1
ci-secrets.nix
Normal file
1
ci-secrets.nix
Normal file
|
@ -0,0 +1 @@
|
|||
{ wifi = "$__SECRET_wifi_secrets"; }
|
639
flake.lock
639
flake.lock
|
@ -4,14 +4,15 @@
|
|||
"inputs": {
|
||||
"darwin": [],
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs",
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696775529,
|
||||
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
|
||||
"lastModified": 1716561646,
|
||||
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
|
||||
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -23,11 +24,11 @@
|
|||
"base16-schemes": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1689473676,
|
||||
"narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=",
|
||||
"lastModified": 1696158499,
|
||||
"narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-schemes",
|
||||
"rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789",
|
||||
"rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -36,31 +37,59 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1604995301,
|
||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"colmena": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"stable": "stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711386353,
|
||||
"narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"ref": "main",
|
||||
"repo": "colmena",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"lanzaboote",
|
||||
"flake-compat"
|
||||
],
|
||||
"flake-utils": [
|
||||
"lanzaboote",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": [
|
||||
"lanzaboote",
|
||||
"rust-overlay"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688772518,
|
||||
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
|
||||
"lastModified": 1711299236,
|
||||
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
|
||||
"rev": "880573f80d09e18a11713f402b9e6172a085449f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -71,16 +100,16 @@
|
|||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695052866,
|
||||
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
|
||||
"lastModified": 1715699772,
|
||||
"narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
|
||||
"rev": "b3ea6f333f9057b77efd9091119ba67089399ced",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -92,11 +121,11 @@
|
|||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -108,11 +137,43 @@
|
|||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -129,11 +190,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688466019,
|
||||
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
|
||||
"lastModified": 1709336216,
|
||||
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
|
||||
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -143,15 +204,12 @@
|
|||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -162,14 +220,14 @@
|
|||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -178,6 +236,57 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flakey-profile": {
|
||||
"locked": {
|
||||
"lastModified": 1712898590,
|
||||
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -187,11 +296,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660459072,
|
||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||
"lastModified": 1709087332,
|
||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -208,11 +317,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682203081,
|
||||
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
|
||||
"lastModified": 1703113217,
|
||||
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
|
||||
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -223,14 +332,16 @@
|
|||
},
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696940889,
|
||||
"narHash": "sha256-p2Wic74A1tZpFcld1wSEbFQQbrZ/tPDuLieCnspamQo=",
|
||||
"lastModified": 1717052710,
|
||||
"narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6bba64781e4b7c1f91a733583defbd3e46b49408",
|
||||
"rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -239,12 +350,48 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1708968331,
|
||||
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"jovian-nixos": {
|
||||
"inputs": {
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717012808,
|
||||
"narHash": "sha256-Wn0fbjqmpIiuPUWnvxu85a9sPYtSd/2tcPDhAYW54RM=",
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"rev": "a8e6557f29fa0cbcc2c54d15f9664c14ae2a3e98",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
|
@ -252,11 +399,11 @@
|
|||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696410458,
|
||||
"narHash": "sha256-ohrrFywK7WIHEGWosBVRFZF5D2q2AeIGFGp9mMZRc40=",
|
||||
"lastModified": 1716805126,
|
||||
"narHash": "sha256-yqJWx74e16Gk4pwW5DWfI4orTKeWezKFNbW7eaojpLw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"rev": "ac43ac3024f814fcf3a3bab41873019109521442",
|
||||
"rev": "2eb19b872bc0a5f336b9b934ba96ea029e4da8c2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -265,17 +412,62 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"microvm": {
|
||||
"lix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1714955862,
|
||||
"narHash": "sha256-REWlo2RYHfJkxnmZTEJu3Cd/2VM+wjjpPy7Xi4BdDTQ=",
|
||||
"ref": "refs/tags/2.90-beta.1",
|
||||
"rev": "b6799ab0374a8e1907a48915d3187e07da41d88c",
|
||||
"revCount": 15501,
|
||||
"type": "git",
|
||||
"url": "https://git@git.lix.systems/lix-project/lix"
|
||||
},
|
||||
"original": {
|
||||
"ref": "refs/tags/2.90-beta.1",
|
||||
"type": "git",
|
||||
"url": "https://git@git.lix.systems/lix-project/lix"
|
||||
}
|
||||
},
|
||||
"lix-module": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flakey-profile": "flakey-profile",
|
||||
"lix": [
|
||||
"lix"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696981517,
|
||||
"narHash": "sha256-1VQt+o9hRdjiWBaN73HKchfltAHzszoIGt35ZT9JStE=",
|
||||
"lastModified": 1717036776,
|
||||
"narHash": "sha256-joKTxvywYlKspGGKOIXho6oRbggOPyayEqAyuZCavO0=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "b4b38e6b5fe18da9464f291ae5fbf2ea9acb9ccb",
|
||||
"revCount": 86,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
}
|
||||
},
|
||||
"microvm": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"spectrum": "spectrum"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716754174,
|
||||
"narHash": "sha256-L2Vni6dGDFWXWwY0rqkQWtZXt+qYQKUZr+Fj+EpI97Q=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "2c28afc481d47c551ab71d96130d938cdde59933",
|
||||
"rev": "fa4262c3c9197e7d62185858907f2e5acff3258d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -290,11 +482,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695388192,
|
||||
"narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=",
|
||||
"lastModified": 1707825078,
|
||||
"narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=",
|
||||
"owner": "misterio77",
|
||||
"repo": "nix-colors",
|
||||
"rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c",
|
||||
"rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -305,16 +497,16 @@
|
|||
},
|
||||
"nix-formatter-pack": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nmd": "nmd",
|
||||
"nmt": "nmt"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694984852,
|
||||
"narHash": "sha256-A1x55uLb2LT9evsTWYc1U9+iki1AmE5ROxOuCKPf3JE=",
|
||||
"lastModified": 1715807870,
|
||||
"narHash": "sha256-lutvG1LFGSpXsGA7U4TWfdfq6p71WdSlhw3vM4W/Opk=",
|
||||
"owner": "Gerschtli",
|
||||
"repo": "nix-formatter-pack",
|
||||
"rev": "23795a4daf29ce784b3edc13b9776c7b445c453b",
|
||||
"rev": "ab5feb867e5d074918852de6134500a82a09dc48",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -323,16 +515,40 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-github-actions": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"jovian-nixos",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690328911,
|
||||
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"ref": "matrix-name",
|
||||
"repo": "nix-github-actions",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-index-database": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_6"
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696736548,
|
||||
"narHash": "sha256-Dg0gJ9xVXud55sAbXspMapFYZOpVAldQQo7MFp91Vb0=",
|
||||
"lastModified": 1716772633,
|
||||
"narHash": "sha256-Idcye44UW+EgjbjCoklf2IDF+XrehV6CVYvxR1omst4=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "2902dc66f64f733bfb45754e984e958e9fe7faf9",
|
||||
"rev": "ff80cb4a11bb87f3ce8459be6f16a25ac86eb2ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -341,13 +557,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1716987116,
|
||||
"narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "8251761f93d6f5b91cee45ac09edb6e382641009",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "master",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1677676435,
|
||||
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
|
||||
"lastModified": 1703013332,
|
||||
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
|
||||
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -359,11 +591,11 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1694911725,
|
||||
"narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=",
|
||||
"lastModified": 1697935651,
|
||||
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "819180647f428a3826bfc917a54449da1e532ce0",
|
||||
"rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -374,27 +606,27 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1685801374,
|
||||
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
|
||||
"lastModified": 1710695816,
|
||||
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
|
||||
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1671417167,
|
||||
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
|
||||
"lastModified": 1702272962,
|
||||
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
|
||||
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -405,38 +637,6 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1696604326,
|
||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1696019113,
|
||||
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1669933672,
|
||||
"narHash": "sha256-9nzaATSTmEMpTrx+7j3vVwQkcpu9JMkQ1M08iPtu7m4=",
|
||||
|
@ -452,34 +652,18 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1696604326,
|
||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
||||
"owner": "nixos",
|
||||
"lastModified": 1716991893,
|
||||
"narHash": "sha256-Eoyi4cFspfDadhSs4d0eSsLkL9kZYiM2Tg17bFSm750=",
|
||||
"owner": "arachnist",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
||||
"rev": "7869e74e5aa899302d2d36b23b62550c6a29c54c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_7": {
|
||||
"locked": {
|
||||
"lastModified": 1696879762,
|
||||
"narHash": "sha256-Ud6bH4DMcYHUDKavNMxAhcIpDGgHMyL/yaDEAVSImQY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f99e5f03cc0aa231ab5950a15ed02afec45ed51a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"owner": "arachnist",
|
||||
"ref": "ar-patchset-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -534,11 +718,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689668210,
|
||||
"narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=",
|
||||
"lastModified": 1710923068,
|
||||
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "eb433bff05b285258be76513add6f6c57b441775",
|
||||
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -550,14 +734,21 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"colmena": "colmena",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"home-manager": "home-manager_2",
|
||||
"impermanence": "impermanence",
|
||||
"jovian-nixos": "jovian-nixos",
|
||||
"lanzaboote": "lanzaboote",
|
||||
"lix": "lix",
|
||||
"lix-module": "lix-module",
|
||||
"microvm": "microvm",
|
||||
"nix-colors": "nix-colors",
|
||||
"nix-formatter-pack": "nix-formatter-pack",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixpkgs": "nixpkgs_7"
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
|
@ -572,11 +763,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694657451,
|
||||
"narHash": "sha256-cRZa9ZmUi0EFKcmzpsOXLVhiMQD8XLrku8v+U1YiGm8=",
|
||||
"lastModified": 1711246447,
|
||||
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "7c4f46f0b3597e3c4663285e6794194e55574879",
|
||||
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -585,6 +776,61 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714720456,
|
||||
"narHash": "sha256-e0WFe1BHqX23ADpGBc4ZRu38Mg+GICCZCqyS6EWCbHc=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "41059fc548088e49e3ddb3a2b4faeb5de018e60f",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"spectrum": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1708358594,
|
||||
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
|
||||
"revCount": 614,
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
}
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1696039360,
|
||||
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
@ -615,13 +861,94 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"systems_3": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_4": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_5": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_6": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
188
flake.nix
188
flake.nix
|
@ -2,13 +2,21 @@
|
|||
description = "Nibylandia configurations";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs.url = "github:arachnist/nixpkgs/ar-patchset-unstable";
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
nix-colors.url = "github:misterio77/nix-colors";
|
||||
nix-formatter-pack.url = "github:Gerschtli/nix-formatter-pack";
|
||||
nix-index-database.url = "github:Mic92/nix-index-database";
|
||||
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
microvm.url = "github:astro/microvm.nix";
|
||||
microvm.inputs.nixpkgs.follows = "nixpkgs";
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
colmena = {
|
||||
url = "github:zhaofengli/colmena/main";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.darwin.follows = "";
|
||||
|
@ -17,12 +25,31 @@
|
|||
url = "github:nix-community/lanzaboote";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
simple-nixos-mailserver = {
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
jovian-nixos = {
|
||||
url = "github:Jovian-Experiments/Jovian-NixOS";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
lix = {
|
||||
url =
|
||||
"git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
|
||||
flake = false;
|
||||
};
|
||||
lix-module = {
|
||||
url = "git+https://git.lix.systems/lix-project/nixos-module";
|
||||
inputs.lix.follows = "lix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nix-formatter-pack, nix-index-database, deploy-rs
|
||||
, agenix, lanzaboote, microvm, ... }:
|
||||
outputs = { self, nixpkgs, deploy-rs, ... }@inputs:
|
||||
let
|
||||
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
forAllSystems = nixpkgs.lib.genAttrs systems;
|
||||
pkgsForDeploy =
|
||||
forAllSystems (system: import nixpkgs { inherit system; });
|
||||
deployPkgs = forAllSystems (system:
|
||||
|
@ -39,9 +66,11 @@
|
|||
})
|
||||
];
|
||||
});
|
||||
inherit (nixpkgs) lib;
|
||||
meta = import ./meta.nix;
|
||||
in {
|
||||
formatter = forAllSystems (system:
|
||||
nix-formatter-pack.lib.mkFormatter {
|
||||
inputs.nix-formatter-pack.lib.mkFormatter {
|
||||
inherit nixpkgs system;
|
||||
|
||||
config = {
|
||||
|
@ -57,140 +86,49 @@
|
|||
};
|
||||
});
|
||||
|
||||
nixosModules = with self.nixosModules; {
|
||||
nibylandia-boot.imports = [ ./modules/boot.nix ];
|
||||
overlays = import ./overlays;
|
||||
|
||||
nibylandia-secureboot.imports = [
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
nixosModules = lib.mapAttrs' (name: value:
|
||||
lib.nameValuePair (builtins.replaceStrings [ ".nix" ] [ "" ] name) {
|
||||
imports = [ (./modules/. + "/${name}") ];
|
||||
}) (builtins.readDir ./modules);
|
||||
|
||||
({ config, lib, ... }: {
|
||||
age.secrets = {
|
||||
secureboot-cert.file = ./secrets/secureboot-cert.age;
|
||||
secureboot-key.file = ./secrets/secureboot-key.age;
|
||||
};
|
||||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
publicKeyFile = config.age.secrets.secureboot-cert.path;
|
||||
privateKeyFile = config.age.secrets.secureboot-key.path;
|
||||
};
|
||||
|
||||
nibylandia-boot.uefi.enable = lib.mkForce false;
|
||||
})
|
||||
];
|
||||
|
||||
nibylandia-common.imports = [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
agenix.nixosModules.default
|
||||
|
||||
microvm.nixosModules.host
|
||||
|
||||
nibylandia-boot
|
||||
|
||||
({ pkgs, ... }: {
|
||||
environment.systemPackages =
|
||||
[ agenix.packages.${pkgs.system}.default ];
|
||||
})
|
||||
|
||||
./modules/common.nix
|
||||
];
|
||||
|
||||
nibylandia-graphical.imports = [
|
||||
nibylandia-common
|
||||
|
||||
./modules/graphical.nix
|
||||
];
|
||||
|
||||
nibylandia-laptop.imports = [ ./modules/laptop.nix ];
|
||||
|
||||
nibylandia-gaming.imports = [ ./modules/gaming.nix ];
|
||||
};
|
||||
|
||||
nixosConfigurations = with self.nixosModules; {
|
||||
ciTest = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
nixosConfigurations = builtins.mapAttrs (name: value:
|
||||
nixpkgs.lib.nixosSystem {
|
||||
inherit (value) system;
|
||||
modules = [
|
||||
nibylandia-common
|
||||
|
||||
(./nixos/. + "/${name}")
|
||||
inputs.lix-module.nixosModules.default
|
||||
{
|
||||
nibylandia-boot.uefi.enable = true;
|
||||
fileSystems."/" = {
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [ "defaults" "size=8G" "mode=755" ];
|
||||
};
|
||||
}
|
||||
nixpkgs.system = value.system;
|
||||
} # need to set this explicitly for colmena
|
||||
];
|
||||
};
|
||||
extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
|
||||
specialArgs = { inherit inputs; };
|
||||
}) meta.hosts;
|
||||
|
||||
scylla = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
nibylandia-common
|
||||
|
||||
./nixos/scylla
|
||||
];
|
||||
};
|
||||
|
||||
khas = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
nibylandia-graphical
|
||||
nibylandia-laptop
|
||||
nibylandia-secureboot
|
||||
nibylandia-gaming
|
||||
|
||||
./nixos/khas
|
||||
];
|
||||
};
|
||||
|
||||
microlith = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
nibylandia-graphical
|
||||
nibylandia-gaming
|
||||
nibylandia-secureboot
|
||||
|
||||
./nixos/microlith
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
deploy.nodes.scylla = {
|
||||
deploy.nodes = builtins.mapAttrs (name: value: {
|
||||
fastConnection = false;
|
||||
remoteBuild = true;
|
||||
hostname = "i.am-a.cat";
|
||||
hostname = value.config.deployment.targetHost;
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "root";
|
||||
path = deployPkgs.aarch64-linux.deploy-rs.lib.activate.nixos
|
||||
self.nixosConfigurations.scylla;
|
||||
path =
|
||||
deployPkgs.${value.config.nixpkgs.system}.deploy-rs.lib.activate.nixos
|
||||
value;
|
||||
};
|
||||
};
|
||||
}) self.nixosConfigurations;
|
||||
|
||||
deploy.nodes.khas = {
|
||||
fastConnection = false;
|
||||
remoteBuild = true;
|
||||
hostname = "khas";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "root";
|
||||
path = deployPkgs.x86_64-linux.deploy-rs.lib.activate.nixos
|
||||
self.nixosConfigurations.khas;
|
||||
colmena = {
|
||||
meta = {
|
||||
nixpkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
|
||||
nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs)
|
||||
self.nixosConfigurations;
|
||||
specialArgs.lib = lib;
|
||||
};
|
||||
};
|
||||
|
||||
deploy.nodes.microlith = {
|
||||
fastConnection = false;
|
||||
remoteBuild = true;
|
||||
hostname = "microlith.nibylandia.lan";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "root";
|
||||
path = deployPkgs.x86_64-linux.deploy-rs.lib.activate.nixos
|
||||
self.nixosConfigurations.microlith;
|
||||
};
|
||||
};
|
||||
} // builtins.mapAttrs (_: v: { imports = v._module.args.modules; })
|
||||
self.nixosConfigurations;
|
||||
|
||||
checks = builtins.mapAttrs
|
||||
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||
|
|
16
meta.nix
Normal file
16
meta.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
let
|
||||
ar_khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
|
||||
ar_microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
|
||||
defaultDomain = "tail412c1.ts.net";
|
||||
in {
|
||||
hosts = builtins.mapAttrs (name: value:
|
||||
{
|
||||
targetHost = name + "." + defaultDomain;
|
||||
}
|
||||
// builtins.fromJSON (builtins.readFile (./nixos/. + "/${name}/meta.json")))
|
||||
(builtins.readDir ./nixos);
|
||||
|
||||
users.ar = [ ar_khas ar_microlith ];
|
||||
}
|
|
@ -1,8 +1,8 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.nibylandia-boot;
|
||||
let cfg = config.boot;
|
||||
in {
|
||||
options.nibylandia-boot = {
|
||||
options.boot = {
|
||||
uefi.enable = lib.mkEnableOption "Boot via UEFI";
|
||||
ryzen.enable = lib.mkEnableOption "Enable AMD Ryzen-specific options";
|
||||
};
|
||||
|
|
74
modules/ci-runners.nix
Normal file
74
modules/ci-runners.nix
Normal file
|
@ -0,0 +1,74 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
gitea-runner-directory = "/var/lib/gitea-runner";
|
||||
meta = import ../meta.nix;
|
||||
ci-packages = with pkgs; [
|
||||
bash
|
||||
coreutils
|
||||
curl
|
||||
gawk
|
||||
git-lfs
|
||||
nixFlakes
|
||||
gitFull
|
||||
gnused
|
||||
nodejs
|
||||
wget
|
||||
jq
|
||||
nixos-rebuild
|
||||
envsubst
|
||||
];
|
||||
ci-labels = [
|
||||
"nixos-${pkgs.system}:host"
|
||||
"nixos:host"
|
||||
"self-hosted-${pkgs.system}"
|
||||
"self-hosted"
|
||||
];
|
||||
in {
|
||||
age.secrets = {
|
||||
gitea-runner-token.file =
|
||||
../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
||||
github-runner-token.file =
|
||||
../secrets/github-runner-token-${config.networking.hostName}.age;
|
||||
ci-secrets = { # for printer host sd images
|
||||
file = ../secrets/ci-secrets.age;
|
||||
mode = "444";
|
||||
};
|
||||
};
|
||||
|
||||
services.github-runners."nix-${config.networking.hostName}" = {
|
||||
enable = true;
|
||||
extraLabels = ci-labels;
|
||||
tokenFile = config.age.secrets.github-runner-token.path;
|
||||
url = "https://github.com/arachnist/nibylandia";
|
||||
|
||||
extraPackages = ci-packages;
|
||||
};
|
||||
|
||||
services.gitea-actions-runner.instances.nix = {
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
tokenFile = config.age.secrets.gitea-runner-token.path;
|
||||
labels = ci-labels;
|
||||
url = "https://code.hackerspace.pl";
|
||||
settings = {
|
||||
cache.enabled = true;
|
||||
host.workdir_parent = "${gitea-runner-directory}/action-cache-dir";
|
||||
};
|
||||
|
||||
hostPackages = ci-packages;
|
||||
};
|
||||
|
||||
systemd.services.gitea-runner-nix.environment = {
|
||||
XDG_CONFIG_HOME = gitea-runner-directory;
|
||||
XDG_CACHE_HOME = "${gitea-runner-directory}/.cache";
|
||||
};
|
||||
|
||||
nix.sshServe = {
|
||||
enable = true;
|
||||
protocol = "ssh";
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeC/Nr7STpYEZ50p7X+XrFdeaIfib60tt2QN4Kvxscr"
|
||||
] ++ meta.users.ar;
|
||||
};
|
||||
}
|
|
@ -1,7 +1,25 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
|
||||
let secrets = import ../secrets.nix;
|
||||
let meta = import ../meta.nix;
|
||||
in {
|
||||
imports = with inputs; [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
agenix.nixosModules.default
|
||||
|
||||
microvm.nixosModules.host
|
||||
|
||||
self.nixosModules.boot
|
||||
];
|
||||
|
||||
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||||
|
||||
deployment = {
|
||||
allowLocalDeployment = true;
|
||||
buildOnTarget = true;
|
||||
};
|
||||
|
||||
age.secrets.nix-store.file = ../secrets/nix-store.age;
|
||||
|
||||
boot.binfmt.emulatedSystems =
|
||||
lib.lists.remove pkgs.system [ "x86_64-linux" "aarch64-linux" ];
|
||||
programs.command-not-found.enable = false;
|
||||
|
@ -31,52 +49,75 @@ in {
|
|||
terminal = "screen256-color";
|
||||
clock24 = true;
|
||||
};
|
||||
ssh.knownHosts = builtins.mapAttrs (name: value: {
|
||||
inherit (value) publicKey;
|
||||
extraHostNames = [ value.targetHost ];
|
||||
}) meta.hosts;
|
||||
bash.enableCompletion = true;
|
||||
mosh.enable = true;
|
||||
};
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
useRoutingFeatures = lib.mkDefault "client";
|
||||
permitCertUid = "ar";
|
||||
};
|
||||
|
||||
deployment.targetHost =
|
||||
lib.mkDefault meta.hosts.${config.networking.hostName}.targetHost;
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
settings = {
|
||||
trusted-users = [ "ar" "root" ];
|
||||
substituters = (if config.networking.hostName != "scylla" then
|
||||
[
|
||||
"ssh://nix-ssh@scylla.tail412c1.ts.net?trusted=1&ssh-key=${config.age.secrets.nix-store.path}"
|
||||
]
|
||||
else
|
||||
[ ]) ++ (if config.networking.hostName != "zorigami" then
|
||||
[
|
||||
"ssh://nix-ssh@zorigami.tail412c1.ts.net?trusted=1&ssh-key=${config.age.secrets.nix-store.path}"
|
||||
]
|
||||
else
|
||||
[ ]);
|
||||
trusted-substituters = config.nix.settings.substituters;
|
||||
extra-substituters = [ "https://cache.lix.systems" ];
|
||||
trusted-public-keys =
|
||||
[ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.allowBroken = true;
|
||||
nixpkgs.overlays = [ inputs.self.overlays.nibylandia ];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
deploy-rs
|
||||
file
|
||||
git
|
||||
go
|
||||
libarchive
|
||||
lm_sensors
|
||||
lshw
|
||||
lsof
|
||||
pciutils
|
||||
pry
|
||||
pv
|
||||
strace
|
||||
usbutils
|
||||
wget
|
||||
zip
|
||||
config.boot.kernelPackages.perf
|
||||
# config.boot.kernelPackages.perf
|
||||
age
|
||||
sshfs
|
||||
dig
|
||||
dstat
|
||||
htop
|
||||
iperf
|
||||
whois
|
||||
xxd
|
||||
tcpdump
|
||||
traceroute
|
||||
age
|
||||
cfssl
|
||||
gomuks
|
||||
bind
|
||||
nmap
|
||||
jq
|
||||
dnsutils
|
||||
tailscale
|
||||
nix-top
|
||||
];
|
||||
|
||||
documentation = {
|
||||
|
@ -87,7 +128,7 @@ in {
|
|||
nixos.enable = true;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = secrets.ar;
|
||||
users.users.root.openssh.authorizedKeys.keys = meta.users.ar;
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
|
@ -114,7 +155,7 @@ in {
|
|||
"networkmanager"
|
||||
];
|
||||
hashedPassword = lib.mkDefault null;
|
||||
openssh.authorizedKeys.keys = secrets.ar;
|
||||
openssh.authorizedKeys.keys = meta.users.ar;
|
||||
};
|
||||
|
||||
console.keyMap = "us";
|
||||
|
@ -128,4 +169,33 @@ in {
|
|||
];
|
||||
};
|
||||
time.timeZone = "Europe/Warsaw";
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
netdevs.virbr0.netdevConfig = {
|
||||
Kind = "bridge";
|
||||
Name = "virbr0";
|
||||
};
|
||||
networks.virbr0 = {
|
||||
matchConfig.Name = "virbr0";
|
||||
# Hand out IP addresses to MicroVMs.
|
||||
# Use `networkctl status virbr0` to see leases.
|
||||
networkConfig = {
|
||||
DHCPServer = true;
|
||||
IPv6SendRA = true;
|
||||
};
|
||||
addresses = [
|
||||
{ addressConfig.Address = "10.0.0.1/24"; }
|
||||
{ addressConfig.Address = "fd12:3456:789a::1/64"; }
|
||||
];
|
||||
ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; }];
|
||||
};
|
||||
networks.microvm-eth0 = {
|
||||
matchConfig.Name = "vm-*";
|
||||
networkConfig.Bridge = "virbr0";
|
||||
};
|
||||
};
|
||||
|
||||
services.chrony.enable = true;
|
||||
services.timesyncd.enable = false;
|
||||
}
|
||||
|
|
|
@ -4,5 +4,5 @@
|
|||
remotePlay.openFirewall = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ yuzu-early-access ryujinx ];
|
||||
# environment.systemPackages = with pkgs; [ ryujinx ];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,34 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
|
||||
let
|
||||
flakes = lib.filterAttrs (name: value: value ? outputs) inputs;
|
||||
nixRegistry = builtins.mapAttrs (name: v: { flake = v; }) flakes;
|
||||
# rfkill block 0; rmmod btusb btintel; systemctl restart bluetooth.service; modprobe btintel; modprobe btusb; systemctl restart bluetooth.service; rfkill unblock 0
|
||||
bt-unfuck = with pkgs;
|
||||
writeScriptBin "bt-unfuck" ''
|
||||
#!${runtimeShell}
|
||||
${util-linux}/bin/rfkill block 0
|
||||
${kmod}/bin/rmmod btusb btintel
|
||||
${systemd}/bin/systemctl restart bluetooth.service
|
||||
for mod in btintel btusb; do
|
||||
${kmod}/bin/modprobe $mod
|
||||
done
|
||||
${systemd}/bin/systemctl restart bluetooth.service
|
||||
${util-linux}/bin/rfkill unblock 0
|
||||
'';
|
||||
in {
|
||||
imports = [ inputs.self.nixosModules.common inputs.home-manager.nixosModule ];
|
||||
|
||||
nix.registry = nixRegistry;
|
||||
|
||||
home-manager.users.ar = {
|
||||
home.username = "ar";
|
||||
home.homeDirectory = "/home/ar";
|
||||
home.stateVersion = config.system.stateVersion;
|
||||
};
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
|
||||
{
|
||||
boot = {
|
||||
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
|
||||
extraModprobeConfig = ''
|
||||
|
@ -23,8 +51,14 @@
|
|||
pulse.enable = true;
|
||||
};
|
||||
|
||||
home-manager.users.ar.services.easyeffects.enable = true;
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.networkmanager.wifi.backend = "wpa_supplicant";
|
||||
systemd.network.wait-online.enable = false;
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
||||
lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online" ];
|
||||
|
||||
hardware.glasgow.enable = true;
|
||||
hardware.nitrokey.enable = true;
|
||||
hardware.steam-hardware.enable = true;
|
||||
|
@ -37,27 +71,47 @@
|
|||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
security.wrappers.bt-unfuck = {
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
source = "${bt-unfuck}/bin/bt-unfuck";
|
||||
};
|
||||
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
desktopManager.plasma5 = {
|
||||
enable = true;
|
||||
runUsingSystemd = true;
|
||||
};
|
||||
displayManager = {
|
||||
sddm = {
|
||||
enable = true;
|
||||
# sadly, not working correctly on khas?
|
||||
# wayland.enable = true;
|
||||
settings.Wayland.SessionDir =
|
||||
"/run/current-system/sw/share/wayland-sessions";
|
||||
settings.X11.SessionDir = lib.mkForce "";
|
||||
};
|
||||
defaultSession = "plasmawayland";
|
||||
};
|
||||
xkb.layout = "pl";
|
||||
xkb.options = "ctrl:nocaps";
|
||||
};
|
||||
|
||||
layout = "pl";
|
||||
xkbOptions = "ctrl:nocaps";
|
||||
libinput.enable = true;
|
||||
services.libinput.enable = true;
|
||||
services.displayManager = {
|
||||
sddm = {
|
||||
enable = lib.mkDefault true;
|
||||
wayland.enable = true;
|
||||
settings.Wayland.SessionDir =
|
||||
"/run/current-system/sw/share/wayland-sessions";
|
||||
settings.X11.SessionDir = lib.mkForce "";
|
||||
};
|
||||
defaultSession = "plasma";
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader.timeout = 0;
|
||||
consoleLogLevel = 0;
|
||||
initrd.verbose = false;
|
||||
initrd.systemd.enable = true;
|
||||
plymouth.enable = true;
|
||||
plymouth.theme = "breeze";
|
||||
kernelParams = [
|
||||
"quiet"
|
||||
"splash"
|
||||
"rd.systemd.show_status=false"
|
||||
"rd.udev.log_level=3"
|
||||
"udev.log_priority=3"
|
||||
];
|
||||
};
|
||||
|
||||
fonts = {
|
||||
|
@ -79,7 +133,7 @@
|
|||
};
|
||||
|
||||
i18n.inputMethod = {
|
||||
enabled = "ibus";
|
||||
enabled = lib.mkDefault "ibus";
|
||||
ibus.engines = with pkgs.ibus-engines; [ uniemoji ];
|
||||
};
|
||||
|
||||
|
@ -90,7 +144,7 @@
|
|||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
nssmdns4 = true;
|
||||
};
|
||||
|
||||
services.flatpak.enable = true;
|
||||
|
@ -99,6 +153,7 @@
|
|||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
pinentryPackage = pkgs.pinentry-qt;
|
||||
};
|
||||
adb.enable = true;
|
||||
fuse.userAllowOther = true;
|
||||
|
@ -107,19 +162,26 @@
|
|||
kdeconnect.enable = true;
|
||||
sway.enable = true;
|
||||
hyprland.enable = true;
|
||||
};
|
||||
|
||||
nixpkgs.config = {
|
||||
firefox = {
|
||||
enablePlasmaBrowserIntegration = true;
|
||||
enableBrowserpass = true;
|
||||
enable = true;
|
||||
#nativeMessagingHosts.packages = with pkgs; [
|
||||
# browserpass
|
||||
# plasma-browser-integration
|
||||
#];
|
||||
};
|
||||
joypixels.acceptLicense = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixpkgs.config = { joypixels.acceptLicense = true; };
|
||||
|
||||
environment.sessionVariables = { MOZ_ENABLE_WAYLAND = "1"; };
|
||||
|
||||
environment.systemPackages = [
|
||||
inputs.agenix.packages.${pkgs.system}.default
|
||||
inputs.nixpkgs.legacyPackages.${pkgs.system}.colmena
|
||||
] ++ (with pkgs; [
|
||||
krfb # for kdeconnect virtual display
|
||||
chromium
|
||||
electrum
|
||||
# electrum
|
||||
ffmpeg-full
|
||||
firefox
|
||||
imagemagick
|
||||
|
@ -127,14 +189,10 @@
|
|||
kate
|
||||
keybase-gui
|
||||
kolourpaint
|
||||
nixfmt
|
||||
nixfmt-classic
|
||||
okular
|
||||
paprefs
|
||||
pavucontrol
|
||||
(signal-desktop.overrideAttrs (old: {
|
||||
preFixup = (old.preFixup or "")
|
||||
+ " gappsWrapperArgs+=(\n --add-flags --use-tray-icon\n )\n";
|
||||
}))
|
||||
solvespace
|
||||
spotify
|
||||
youtube-dl
|
||||
|
@ -154,6 +212,7 @@
|
|||
element-desktop
|
||||
oneko
|
||||
cinny-desktop
|
||||
neochat
|
||||
vagrant
|
||||
vokoscreen-ng
|
||||
appimage-run
|
||||
|
@ -161,13 +220,28 @@
|
|||
scrcpy
|
||||
krita
|
||||
vlc
|
||||
# mastodon-update-script
|
||||
libreoffice-qt
|
||||
tokodon
|
||||
kdePackages.tokodon
|
||||
|
||||
glasgow
|
||||
freecad
|
||||
|
||||
easyeffects
|
||||
|
||||
nixd
|
||||
clang-tools
|
||||
python3Packages.python-lsp-server
|
||||
yaml-language-server
|
||||
|
||||
(signal-desktop.overrideAttrs (old: {
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(
|
||||
--add-flags "--enable-features=UseOzonePlatform"
|
||||
--add-flags "--ozone-platform=wayland"
|
||||
)
|
||||
'' + old.preFixup;
|
||||
}))
|
||||
|
||||
(vscode-with-extensions.override {
|
||||
vscodeExtensions = with vscode-extensions; [
|
||||
bbenoist.nix
|
||||
|
@ -191,5 +265,20 @@
|
|||
})
|
||||
|
||||
prusa-slicer
|
||||
];
|
||||
# TODO: investigate later
|
||||
# orca-slicer
|
||||
# super-slicer-beta
|
||||
|
||||
deploy-rs
|
||||
go
|
||||
pry
|
||||
sshfs
|
||||
dig
|
||||
whois
|
||||
cfssl
|
||||
gomuks
|
||||
bind
|
||||
nmap
|
||||
waypipe
|
||||
]);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
_:
|
||||
|
||||
{
|
||||
services.power-profiles-daemon.enable = true;
|
||||
|
|
102
modules/monitoring.nix
Normal file
102
modules/monitoring.nix
Normal file
|
@ -0,0 +1,102 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.nibylandia.monitoring-server;
|
||||
grafana = config.services.grafana.settings.server;
|
||||
filterValidPrometheus =
|
||||
filterAttrsListRecursive (n: v: !(n == "_module" || v == null));
|
||||
filterAttrsListRecursive = pred: x:
|
||||
if lib.isAttrs x then
|
||||
lib.listToAttrs (lib.concatMap (name:
|
||||
let v = x.${name};
|
||||
in if pred name v then
|
||||
[ (lib.nameValuePair name (filterAttrsListRecursive pred v)) ]
|
||||
else
|
||||
[ ]) (lib.attrNames x))
|
||||
else if lib.isList x then
|
||||
map (filterAttrsListRecursive pred) x
|
||||
else
|
||||
x;
|
||||
writePrettyJSON = name: x:
|
||||
pkgs.runCommandLocal name { } ''
|
||||
echo '${builtins.toJSON x}' | ${pkgs.jq}/bin/jq . > $out
|
||||
'';
|
||||
vmConfig = {
|
||||
scrape_configs =
|
||||
filterValidPrometheus config.services.prometheus.scrapeConfigs;
|
||||
};
|
||||
generatedPrometheusYml = writePrettyJSON "prometheus.yml" vmConfig;
|
||||
getEnabled = x:
|
||||
lib.concatMap (name:
|
||||
let v = x.${name};
|
||||
in if builtins.typeOf v == "set" && v.enable then [ v ] else [ ])
|
||||
(lib.attrNames x);
|
||||
# TODO: add some magic to configure endpoints for all the other exporters
|
||||
localExporterEndpoints =
|
||||
map (x: x.listenAddress + ":" + builtins.toString x.port)
|
||||
(getEnabled config.services.prometheus.exporters);
|
||||
in {
|
||||
options = {
|
||||
nibylandia.monitoring-server = {
|
||||
domain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "External domain for monitoring services";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
services.victoriametrics = {
|
||||
enable = true;
|
||||
retentionPeriod = 12;
|
||||
listenAddress = "127.0.0.1:8428";
|
||||
extraOptions = [
|
||||
"-selfScrapeInterval=10s"
|
||||
"-promscrape.config=${generatedPrometheusYml}"
|
||||
];
|
||||
};
|
||||
|
||||
services.grafana.enable = true;
|
||||
|
||||
services.grafana.settings = {
|
||||
server = {
|
||||
http_addr = "127.0.0.1";
|
||||
inherit (cfg) domain;
|
||||
};
|
||||
database = {
|
||||
user = "grafana";
|
||||
type = "postgres";
|
||||
host = "/run/postgresql";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql.ensureDatabases = [ "grafana" ];
|
||||
services.postgresql.ensureUsers = [{
|
||||
name = "grafana";
|
||||
ensureDBOwnership = true;
|
||||
}];
|
||||
|
||||
services.prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus.scrapeConfigs = [{
|
||||
job_name = "local_exporters";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{ targets = localExporterEndpoints; }];
|
||||
}];
|
||||
services.nginx.virtualHosts.${cfg.domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass =
|
||||
"http://${grafana.http_addr}:${builtins.toString grafana.http_port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
17
modules/secureboot.nix
Normal file
17
modules/secureboot.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ config, lib, inputs, ... }:
|
||||
|
||||
{
|
||||
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
|
||||
age.secrets = {
|
||||
secureboot-cert.file = ../secrets/secureboot-cert.age;
|
||||
secureboot-key.file = ../secrets/secureboot-key.age;
|
||||
};
|
||||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
publicKeyFile = config.age.secrets.secureboot-cert.path;
|
||||
privateKeyFile = config.age.secrets.secureboot-key.path;
|
||||
};
|
||||
|
||||
boot.uefi.enable = lib.mkForce false;
|
||||
}
|
587
nixos/akamanto/default.nix
Normal file
587
nixos/akamanto/default.nix
Normal file
|
@ -0,0 +1,587 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
let
|
||||
ci-secrets = import ../../ci-secrets.nix;
|
||||
klipperScreenConfig = builtins.toFile "KlipperConfig.conf" ''
|
||||
[printer Kodak]
|
||||
moonraker_host: localhost
|
||||
moonraker_port: 7125
|
||||
'';
|
||||
cageScript = pkgs.writeScriptBin "klipperCageScript" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
${pkgs.wlr-randr}/bin/wlr-randr --output Unknown-1 --transform 180
|
||||
sounds=( /home/ar/startup-sounds/* )
|
||||
${pkgs.mpv}/bin/mpv ''${sounds[ $RANDOM % ''${#sounds[@]}]} &
|
||||
${pkgs.klipperscreen}/bin/KlipperScreen --configfile ${klipperScreenConfig}
|
||||
'';
|
||||
klipperHostMcu = "${
|
||||
pkgs.klipper-firmware.override {
|
||||
firmwareConfig = ./klipper-rpi.cfg;
|
||||
klipper = klipperOld;
|
||||
}
|
||||
}/klipper.elf";
|
||||
klipperOld = pkgs.klipper.overrideAttrs (old: {
|
||||
version = "unstable-dc6182f3";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "KevinOConnor";
|
||||
repo = "klipper";
|
||||
rev =
|
||||
"dc6182f3b339b990c8a68940f02a210e332be269"; # 266e96621c0133e1192bbaec5addb6bcf443a203 broke shit in weird ways
|
||||
sha256 = "sha256-0uoq5bvL/4L9oa/JY54qHMRw5vE7V//HxLFMOEqGUjA=";
|
||||
};
|
||||
});
|
||||
in {
|
||||
# https://en.wikipedia.org/wiki/Aka_Manto
|
||||
networking.hostName = "akamanto";
|
||||
deployment.buildOnTarget = lib.mkForce false;
|
||||
deployment.tags = [ "reachable-hs" ];
|
||||
|
||||
imports = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image.nix" ]
|
||||
++ (with inputs.self.nixosModules; [ common ]);
|
||||
|
||||
nixpkgs.overlays = [ inputs.self.overlays.rpi5 ];
|
||||
|
||||
sdImage = {
|
||||
compressImage = false;
|
||||
firmwareSize = 1024;
|
||||
imageName =
|
||||
"${config.sdImage.imageBaseName}-${pkgs.stdenv.hostPlatform.system}-${config.networking.hostName}.img";
|
||||
populateFirmwareCommands = ''
|
||||
storePath() {
|
||||
local path="$1"
|
||||
echo ''${path/\/nix\/store\/}
|
||||
}
|
||||
|
||||
cp -v ${pkgs.rpi5-uefi}/* firmware
|
||||
cp -v ${pkgs.rpi5-dtb}/* firmware
|
||||
|
||||
mkdir -p firmware/kernels
|
||||
touch firmware/nixos-sd-system-image
|
||||
|
||||
kernelFile=$(storePath ${config.boot.kernelPackages.kernel})-${config.system.boot.loader.kernelFile}
|
||||
initrdFile=$(storePath ${config.system.build.initialRamdisk})-${config.system.boot.loader.initrdFile}
|
||||
|
||||
cp ${
|
||||
config.boot.kernelPackages.kernel + "/"
|
||||
+ config.system.boot.loader.kernelFile
|
||||
} \
|
||||
firmware/kernels/$kernelFile
|
||||
|
||||
cp ${
|
||||
config.system.build.initialRamdisk + "/"
|
||||
+ config.system.boot.loader.initrdFile
|
||||
} \
|
||||
firmware/kernels/$initrdFile
|
||||
|
||||
mkdir -p firmware/EFI/boot
|
||||
|
||||
# making our own efi program; grub-install tries to probe for things
|
||||
MODULES=( fat part_gpt part_msdos normal boot linux configfile efifwsetup
|
||||
ls search search_label search_fs_uuid search_fs_file echo serial test
|
||||
loadenv ext2 reboot help cat )
|
||||
${pkgs.grub2_efi}/bin/grub-mkimage --directory=${pkgs.grub2_efi}/lib/grub/arm64-efi \
|
||||
-o firmware/EFI/boot/bootaa64.efi \
|
||||
-p /EFI/boot -O arm64-efi ''${MODULES[@]}
|
||||
|
||||
cat <<EOF > firmware/EFI/boot/grub.cfg
|
||||
search --set=drive1 --file /nixos-sd-system-image
|
||||
|
||||
set timeout=10
|
||||
set default="0"
|
||||
|
||||
menuentry '${config.system.nixos.distroName} ${config.system.nixos.label}' {
|
||||
linux (\$drive1)/kernels/$kernelFile init=${config.system.build.toplevel}/init ${
|
||||
toString config.boot.kernelParams
|
||||
}
|
||||
initrd (\$drive1)/kernels/$initrdFile
|
||||
}
|
||||
EOF
|
||||
'';
|
||||
populateRootCommands = ''
|
||||
mkdir -p ./files/boot
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.enableRedistributableFirmware = lib.mkForce false;
|
||||
hardware.firmware = with pkgs; [ raspberrypiWirelessFirmware wireless-regdb ];
|
||||
|
||||
boot = {
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi5;
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
kernelParams = [
|
||||
"fbcon=rotate:2"
|
||||
"8250.nr_uarts=11"
|
||||
"console=ttyAMA10,115200"
|
||||
"console=tty0"
|
||||
];
|
||||
initrd.availableKernelModules = lib.mkForce [
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"vc4"
|
||||
"pcie_brcmstb" # required for the pcie bus to work
|
||||
"reset-raspberrypi" # required for vl805 firmware to load
|
||||
];
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
device = "nodev";
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = lib.mkForce {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
options = [ "x-initrd.mount" ];
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."wifi-secrets".text = ci-secrets.wifi;
|
||||
|
||||
microvm.host.enable = false;
|
||||
|
||||
systemd.network.enable = lib.mkForce false;
|
||||
networking = {
|
||||
useDHCP = true;
|
||||
wireless = {
|
||||
enable = true;
|
||||
environmentFile = "/etc/wifi-secrets";
|
||||
networks."hackerspace.pl-guests".psk = "@HSWAW_WIFI@";
|
||||
networks."hackerspace.pl-guests-5G".psk = "@HSWAW_WIFI@";
|
||||
};
|
||||
};
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
userServices = true;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.root.hashedPassword =
|
||||
"$y$j9T$.1ogQkT5J95hEFkgp9esc0$rneVdOpPwPDsgAckJsXJmzgVEENPkFWHWKgca2mVz6D";
|
||||
users.mutableUsers = false;
|
||||
users.users.ar = {
|
||||
extraGroups = [ "video" "dialout" "plugdev" "pipewire" ];
|
||||
};
|
||||
|
||||
documentation = {
|
||||
enable = lib.mkForce false;
|
||||
} // builtins.listToAttrs (map (x: {
|
||||
name = x;
|
||||
value = { enable = lib.mkForce false; };
|
||||
}) [ "man" "info" "nixos" "doc" "dev" ]);
|
||||
|
||||
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
|
||||
services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
|
||||
# strictly for shits and giggles
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
package = pkgs.bluez;
|
||||
};
|
||||
services.udisks2 = { enable = true; };
|
||||
|
||||
# diet
|
||||
boot.binfmt.emulatedSystems = lib.mkForce [ ];
|
||||
environment.systemPackages = [
|
||||
# avoid warnings
|
||||
(pkgs.glibcLocales.override {
|
||||
allLocales = false;
|
||||
locales = [ "en_US.UTF-8/UTF-8" "en_CA.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
|
||||
})
|
||||
|
||||
# strictly unnecessary
|
||||
(pkgs.v4l-utils.override { withGUI = false; })
|
||||
] ++ (with pkgs;
|
||||
# lib.mkForce
|
||||
[
|
||||
# strictly required
|
||||
coreutils
|
||||
nix
|
||||
systemd
|
||||
|
||||
# shell's required and not automatically pulled in
|
||||
zsh
|
||||
bashInteractive
|
||||
|
||||
# avoid warnings
|
||||
gnugrep
|
||||
|
||||
# nice-to-haves
|
||||
procps
|
||||
openssh
|
||||
findutils
|
||||
iproute2
|
||||
util-linux
|
||||
usbutils
|
||||
neovim
|
||||
tmux
|
||||
uhubctl
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
|
||||
# strictly unnecessary
|
||||
mpv
|
||||
alsa-utils
|
||||
bluez
|
||||
pipewire
|
||||
]);
|
||||
programs.nix-index.enable = lib.mkForce false;
|
||||
services.journald.extraConfig = ''
|
||||
Storage=volatile
|
||||
'';
|
||||
systemd.coredump.enable = false;
|
||||
services.lvm.enable = lib.mkForce false;
|
||||
# strictly printer stuff below
|
||||
|
||||
systemd.services.klipper-mcu-rpi = {
|
||||
description = "Klipper 3D host mcu";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "klipper.service" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
User = "klipper";
|
||||
RuntimeDirectory = "klipper-mcu";
|
||||
StateDirectory = "klipper";
|
||||
SupplementaryGroups = [ "dialout" "pipewire" ];
|
||||
OOMScoreAdjust = "-999";
|
||||
CPUSchedulingPolicy = "rr";
|
||||
CPUSchedulingPriority = 99;
|
||||
IOSchedulingClass = "realtime";
|
||||
IOSchedulingPriority = 0;
|
||||
ExecStart = "${klipperHostMcu} -I /run/klipper-mcu/mcu-rpi";
|
||||
ReadWritePaths = "/dev/gpiochip0";
|
||||
};
|
||||
};
|
||||
systemd.services.klipper.serviceConfig = {
|
||||
SupplementaryGroups = [ "dialout" "pipewire" ];
|
||||
ReadWritePaths = "/var/lib/moonraker/config";
|
||||
};
|
||||
## uncomment if you need manual config changes
|
||||
#systemd.services.klipper.serviceConfig = {
|
||||
# ExecStart = lib.mkForce [
|
||||
# ""
|
||||
# "${pkgs.klipper}/bin/klippy --input-tty=/run/klipper/tty --api-server=/run/klipper/api /var/lib/moonraker/config/klipper.cfg"
|
||||
# ];
|
||||
# ReadWritePaths = "/var/lib/moonraker/config/";
|
||||
#};
|
||||
services.klipper = {
|
||||
enable = true;
|
||||
mutableConfig = true;
|
||||
mutableConfigFolder = "/var/lib/moonraker/config";
|
||||
firmwares = {
|
||||
mcu = {
|
||||
enableKlipperFlash = false;
|
||||
enable = true;
|
||||
configFile = ./klipper-octopus.cfg;
|
||||
serial =
|
||||
"/dev/serial/by-id/usb-Klipper_stm32f429xx_400048000251313133383438-if00";
|
||||
package = pkgs.klipper-firmware.override {
|
||||
gcc-arm-embedded = pkgs.gcc-arm-embedded-11;
|
||||
klipper = klipperOld;
|
||||
};
|
||||
};
|
||||
};
|
||||
# imported using:
|
||||
# sed -r -e 's/^([^:]*):/\1=/' -e 's/=(.{1,})$/="\1"/' -e '/^\[.*[ ]/s/\[(.*)\]/["\1"]/' klipper-printer.cfg > klipper-printer.toml
|
||||
# + some small fixes
|
||||
# + nix repl :p fromTOML (builtins.readFile ( ./. + "/klipper-printer.toml"))
|
||||
settings = {
|
||||
printer = {
|
||||
kinematics = "corexy";
|
||||
max_accel = "2000";
|
||||
max_velocity = "300";
|
||||
max_z_accel = "100";
|
||||
max_z_velocity = "5";
|
||||
};
|
||||
mcu = {
|
||||
serial =
|
||||
"/dev/serial/by-id/usb-Klipper_stm32f429xx_400048000251313133383438-if00";
|
||||
};
|
||||
"mcu rpi" = { serial = "/run/klipper-mcu/mcu-rpi"; };
|
||||
virtual_sdcard = { path = "/var/lib/moonraker/gcodes"; };
|
||||
|
||||
pause_resume = { };
|
||||
display_status = { };
|
||||
exclude_object = { };
|
||||
force_move = { enable_force_move = "true"; };
|
||||
|
||||
idle_timeout = {
|
||||
timeout = 1800;
|
||||
gcode = [ "TURN_OFF_HEATERS" ];
|
||||
};
|
||||
|
||||
save_variables = {
|
||||
filename = "/var/lib/moonraker/config/variables.cfg";
|
||||
};
|
||||
|
||||
bed_mesh = {
|
||||
horizontal_move_z = "5";
|
||||
mesh_max = "210, 200";
|
||||
mesh_min = "5, 5";
|
||||
probe_count = "5, 5";
|
||||
speed = "120";
|
||||
};
|
||||
|
||||
"bed_mesh default" = {
|
||||
version = 1;
|
||||
x_count = 5;
|
||||
y_count = 5;
|
||||
mesh_x_pps = 2;
|
||||
mesh_y_pps = 2;
|
||||
algo = "lagrange";
|
||||
tension = 0.2;
|
||||
min_x = 5.0;
|
||||
max_x = 210.0;
|
||||
min_y = 5.0;
|
||||
max_y = 200.0;
|
||||
# klippy is, apparently, very specific about bed mesh formatting
|
||||
points = "\n" + lib.concatStringsSep "\n" (map (s: " " + s)
|
||||
(map (l: lib.concatStringsSep ", " l) [
|
||||
[ "-0.747500" "-0.752500" "-0.776250" "-0.851250" "-0.990625" ]
|
||||
[ "-0.590000" "-0.582500" "-0.588750" "-0.688750" "-0.839375" ]
|
||||
[ "-0.376875" "-0.362500" "-0.388750" "-0.464375" "-0.623750" ]
|
||||
[ "-0.184375" "-0.220000" "-0.208750" "-0.221250" "-0.361875" ]
|
||||
[ "0.128125" "0.078750" "0.065000" "0.038750" "-0.075625" ]
|
||||
]));
|
||||
};
|
||||
|
||||
probe = {
|
||||
pin = "P1.25";
|
||||
z_offset = "-0.300";
|
||||
};
|
||||
safe_z_home = { home_xy_position = "110, 110"; };
|
||||
|
||||
"temperature_sensor ambient" = {
|
||||
sensor_pin = "P0.26";
|
||||
sensor_type = "ATC Semitec 104GT-2";
|
||||
};
|
||||
|
||||
"temperature_sensor rpi" = { sensor_type = "temperature_host"; };
|
||||
|
||||
fan = { pin = "P2.4"; };
|
||||
"fan_generic exhaust" = { pin = "P2.6"; };
|
||||
|
||||
firmware_retraction = {
|
||||
retract_length = "5.5";
|
||||
retract_speed = "45";
|
||||
};
|
||||
|
||||
heater_bed = {
|
||||
control = "watermark";
|
||||
heater_pin = "P2.5";
|
||||
max_temp = "130";
|
||||
min_temp = "0";
|
||||
sensor_pin = "P0.25";
|
||||
sensor_type = "Honeywell 100K 135-104LAG-J01";
|
||||
};
|
||||
|
||||
extruder = {
|
||||
control = "pid";
|
||||
dir_pin = "!P0.5";
|
||||
enable_pin = "!P0.4";
|
||||
filament_diameter = "1.750";
|
||||
heater_pin = "P2.7";
|
||||
max_temp = "295";
|
||||
microsteps = "32";
|
||||
min_temp = "0";
|
||||
nozzle_diameter = "0.400";
|
||||
max_extrude_cross_section = "2.56";
|
||||
pid_Kd = "160";
|
||||
pid_Ki = "2.318";
|
||||
pid_Kp = "38.5";
|
||||
rotation_distance = "8.07";
|
||||
sensor_pin = "P0.23";
|
||||
sensor_type = "ATC Semitec 104GT-2";
|
||||
step_pin = "P2.0";
|
||||
};
|
||||
extruder1 = {
|
||||
control = "pid";
|
||||
dir_pin = "P0.11";
|
||||
enable_pin = "!P0.10";
|
||||
filament_diameter = "1.750";
|
||||
heater_pin = "P1.23";
|
||||
max_temp = "265";
|
||||
microsteps = "32";
|
||||
min_temp = "0";
|
||||
nozzle_diameter = "0.400";
|
||||
max_extrude_cross_section = "2.56";
|
||||
pid_Kd = "160";
|
||||
pid_Ki = "2.318";
|
||||
pid_Kp = "38.5";
|
||||
rotation_distance = "8.07";
|
||||
sensor_pin = "P0.24";
|
||||
sensor_type = "ATC Semitec 104GT-2";
|
||||
step_pin = "P2.1";
|
||||
};
|
||||
|
||||
stepper_x = {
|
||||
dir_pin = "!P0.22";
|
||||
enable_pin = "!P0.21";
|
||||
endstop_pin = "^P1.24";
|
||||
homing_positive_dir = "true";
|
||||
homing_speed = "80";
|
||||
microsteps = "32";
|
||||
position_endstop = "220";
|
||||
position_max = "220";
|
||||
position_min = "-15";
|
||||
rotation_distance = "40";
|
||||
step_pin = "P2.3";
|
||||
};
|
||||
stepper_y = {
|
||||
dir_pin = "!P0.20";
|
||||
enable_pin = "!P0.19";
|
||||
endstop_pin = "^P1.26";
|
||||
homing_positive_dir = "true";
|
||||
homing_speed = "80";
|
||||
microsteps = "32";
|
||||
position_endstop = "215";
|
||||
position_max = "215";
|
||||
rotation_distance = "40";
|
||||
step_pin = "P2.2";
|
||||
};
|
||||
stepper_z = {
|
||||
dir_pin = "P2.13";
|
||||
enable_pin = "!P4.29";
|
||||
endstop_pin = "^P1.29";
|
||||
homing_positive_dir = "true";
|
||||
homing_speed = "50";
|
||||
microsteps = "32";
|
||||
position_endstop = "235";
|
||||
position_max = "240";
|
||||
position_min = "-5";
|
||||
rotation_distance = "4";
|
||||
step_pin = "P2.8";
|
||||
};
|
||||
|
||||
"led caselight" = {
|
||||
red_pin = "rpi:gpio17";
|
||||
green_pin = "rpi:gpio27";
|
||||
blue_pin = "rpi:gpio22";
|
||||
hardware_pwm = false;
|
||||
cycle_time = "0.005";
|
||||
|
||||
initial_RED = "1.0";
|
||||
initial_GREEN = "0.0";
|
||||
initial_BLUE = "0.455";
|
||||
};
|
||||
|
||||
"gcode_macro CANCEL_PRINT" = {
|
||||
description = "Cancel the actual running print";
|
||||
gcode = [ "TURN_OFF_HEATERS" "CANCEL_PRINT_BASE" ];
|
||||
rename_existing = "CANCEL_PRINT_BASE";
|
||||
};
|
||||
"delayed_gcode bed_mesh_init" = {
|
||||
gcode = [ "BED_MESH_PROFILE LOAD=default" ];
|
||||
initial_duration = ".01";
|
||||
};
|
||||
"delayed_gcode t0_offset" = {
|
||||
gcode = [ "SET_GCODE_OFFSET X=0 Y=0 Z=-0.0" ];
|
||||
initial_duration = ".02";
|
||||
};
|
||||
} // lib.mapAttrs' (name: value:
|
||||
lib.nameValuePair
|
||||
("gcode_macro " + (builtins.replaceStrings [ ".gcode" ] [ "" ] name)) {
|
||||
gcode = lib.remove "" (lib.splitString "\n"
|
||||
(builtins.readFile (./klipper-macros/. + "/${name}")));
|
||||
}) (lib.attrsets.filterAttrs (n: v: n != ".gitkeep")
|
||||
(builtins.readDir ./klipper-macros/.));
|
||||
};
|
||||
|
||||
services.moonraker = {
|
||||
user = "root";
|
||||
enable = true;
|
||||
address = "0.0.0.0";
|
||||
allowSystemControl = true;
|
||||
settings = {
|
||||
octoprint_compat = { };
|
||||
history = { };
|
||||
authorization = {
|
||||
force_logins = false;
|
||||
cors_domains = [ "*.local" "*.waw.hackerspace.pl" ];
|
||||
trusted_clients = [
|
||||
"127.0.0.1/32"
|
||||
"10.8.0.0/23"
|
||||
"100.64.0.0/10"
|
||||
"2a0d:eb00:4242:0000:0000:0000:0000:0000/64"
|
||||
];
|
||||
};
|
||||
# causes issues for some reason
|
||||
# zeroconf = { mdns_hostname = "barbie-girl"; };
|
||||
machine = { provider = "systemd_cli"; };
|
||||
"webcam rpi" = {
|
||||
enabled = "True";
|
||||
service = "mjpegstreamer-adaptive";
|
||||
stream_url = "/webcam/stream";
|
||||
snapshot_url = "/webcam/snapshot";
|
||||
target_fps = "30";
|
||||
target_fps_idle = "30";
|
||||
aspect_ratio = "4:3";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.fluidd = {
|
||||
enable = false;
|
||||
nginx.locations."/webcam/".proxyPass = "http://127.0.0.1:8080/";
|
||||
};
|
||||
|
||||
services.mainsail = {
|
||||
enable = true;
|
||||
nginx.locations."/webcam/".proxyPass = "http://127.0.0.1:8080/";
|
||||
};
|
||||
|
||||
services.nginx.clientMaxBodySize = "1000m";
|
||||
services.nginx.recommendedProxySettings = true;
|
||||
|
||||
systemd.services.ustreamer = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
description = "uStreamer for video0";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart =
|
||||
"${pkgs.ustreamer}/bin/ustreamer --encoder=HW --persistent --rotate 180 --resolution 1296x972 --desired-fps 30";
|
||||
};
|
||||
};
|
||||
|
||||
# the proper way to do this, supposedly, would be to tie the touchscreen input to display output, eg. with:
|
||||
# ENV{WL_OUTPUT}="HDMI-A-1"
|
||||
# sadly, this doesn't work for us here, for some unbeknownst reason
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="gpiochip0", GROUP="dialout", MODE="0660"
|
||||
SUBSYSTEM=="input", ATTRS{idVendor}=="0eef", ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 0 -1 1"
|
||||
'';
|
||||
services.cage = {
|
||||
enable = true;
|
||||
user = "ar";
|
||||
program = "${cageScript}/bin/klipperCageScript";
|
||||
environment = {
|
||||
GDK_BACKEND = "wayland";
|
||||
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||
};
|
||||
extraArguments = [ "-d" ];
|
||||
};
|
||||
systemd.services."cage-tty1".serviceConfig.Restart = "always";
|
||||
}
|
0
nixos/akamanto/klipper-macros/.gitkeep
Normal file
0
nixos/akamanto/klipper-macros/.gitkeep
Normal file
13
nixos/akamanto/klipper-macros/LOAD_FILAMENT.gcode
Normal file
13
nixos/akamanto/klipper-macros/LOAD_FILAMENT.gcode
Normal file
|
@ -0,0 +1,13 @@
|
|||
M83 ; Put the extruder into relative mode
|
||||
G92 E0.0 ; Reset the extruder so that it thinks it is at position zero
|
||||
; 60cm total, really
|
||||
; faster
|
||||
{% for n in range(10) %}
|
||||
G1 E50 F700
|
||||
{% endfor %}
|
||||
; slower
|
||||
{% for n in range(2) %}
|
||||
G1 E50 F350
|
||||
{% endfor %}
|
||||
G92 E0.0
|
||||
M82 ; Put the extruder back into absolute mode.
|
15
nixos/akamanto/klipper-macros/PRIME_LINE.gcode
Normal file
15
nixos/akamanto/klipper-macros/PRIME_LINE.gcode
Normal file
|
@ -0,0 +1,15 @@
|
|||
G92 E0
|
||||
{% if (printer.toolhead.extruder) == "extruder" %}
|
||||
{% set prime_x = 3 %}
|
||||
{% else %}
|
||||
{% set prime_x = 4 %}
|
||||
{% endif %}
|
||||
M117 priming first line
|
||||
G1 X{ prime_x } Y3 Z0.3 F5000.0
|
||||
G1 E3 F3000
|
||||
G1 X{ prime_x } Y143.0 Z0.3 F3000.0 E20
|
||||
M117 priming second line
|
||||
G1 X{ prime_x + 2 } Y143.0 Z0.3 F5000.0
|
||||
G1 X{ prime_x + 2 } Y3 Z0.3 F3000 E40
|
||||
G92 E0
|
||||
G1 Z2.0 F3000
|
5
nixos/akamanto/klipper-macros/SWAP_EXTRUDER.gcode
Normal file
5
nixos/akamanto/klipper-macros/SWAP_EXTRUDER.gcode
Normal file
|
@ -0,0 +1,5 @@
|
|||
{% if (printer.toolhead.extruder) == "extruder" %}
|
||||
T1
|
||||
{% else %}
|
||||
T0
|
||||
{% endif %}
|
12
nixos/akamanto/klipper-macros/T0.gcode
Normal file
12
nixos/akamanto/klipper-macros/T0.gcode
Normal file
|
@ -0,0 +1,12 @@
|
|||
SET_GCODE_OFFSET X=0 Y=0 Z=0
|
||||
SAVE_GCODE_STATE
|
||||
{% if printer.toolhead.position.z + 6 < printer.toolhead.axis_minimum.z %}
|
||||
G91
|
||||
G1 Z5
|
||||
G90
|
||||
{% endif %}
|
||||
G1 X220 F10000
|
||||
RESTORE_GCODE_STATE MOVE=1 MOVE_SPEED=100
|
||||
SET_GCODE_OFFSET X=0 Y=0 Z=0
|
||||
ACTIVATE_EXTRUDER EXTRUDER=extruder
|
||||
M117 T0 active
|
12
nixos/akamanto/klipper-macros/T1.gcode
Normal file
12
nixos/akamanto/klipper-macros/T1.gcode
Normal file
|
@ -0,0 +1,12 @@
|
|||
SET_GCODE_OFFSET X=27.45 Y=-0.15 Z=1.6
|
||||
SAVE_GCODE_STATE
|
||||
{% if printer.toolhead.position.z + 6 < printer.toolhead.axis_minimum.z %}
|
||||
G91
|
||||
G1 Z5
|
||||
G90
|
||||
{% endif %}
|
||||
G1 X-37.45 F10000
|
||||
RESTORE_GCODE_STATE MOVE=1 MOVE_SPEED=100
|
||||
SET_GCODE_OFFSET X=27.45 Y=-0.15 Z=1.6
|
||||
ACTIVATE_EXTRUDER EXTRUDER=extruder1
|
||||
M117 T1 active
|
14
nixos/akamanto/klipper-macros/TC_DEMO.gcode
Normal file
14
nixos/akamanto/klipper-macros/TC_DEMO.gcode
Normal file
|
@ -0,0 +1,14 @@
|
|||
G90
|
||||
G1 X100 Y100 Z20 F6000
|
||||
T1
|
||||
T0
|
||||
T1
|
||||
T0
|
||||
T1
|
||||
T0
|
||||
T1
|
||||
T0
|
||||
T1
|
||||
T0
|
||||
T1
|
||||
T0
|
13
nixos/akamanto/klipper-macros/UNLOAD_FILAMENT.gcode
Normal file
13
nixos/akamanto/klipper-macros/UNLOAD_FILAMENT.gcode
Normal file
|
@ -0,0 +1,13 @@
|
|||
M83 ; Put the extruder into relative mode
|
||||
G92 E0.0 ; Reset the extruder so that it thinks it is at position zero
|
||||
; 60cm total, really
|
||||
; slower
|
||||
{% for n in range(2) %}
|
||||
G1 E-50 F350
|
||||
{% endfor %}
|
||||
; faster
|
||||
{% for n in range(10) %}
|
||||
G1 E-50 F700
|
||||
{% endfor %}
|
||||
G92 E0.0
|
||||
M82 ; Put the extruder back into absolute mode.
|
4
nixos/akamanto/klipper-macros/ZZ_T0_PRE_CALI.gcode
Normal file
4
nixos/akamanto/klipper-macros/ZZ_T0_PRE_CALI.gcode
Normal file
|
@ -0,0 +1,4 @@
|
|||
G91
|
||||
G1 Z5
|
||||
G90
|
||||
G1 X220 Y15 F10000
|
3
nixos/akamanto/klipper-macros/ZZ_T1_PRE_CALI.gcode
Normal file
3
nixos/akamanto/klipper-macros/ZZ_T1_PRE_CALI.gcode
Normal file
|
@ -0,0 +1,3 @@
|
|||
G91
|
||||
G1 Z5
|
||||
G90
|
113
nixos/akamanto/klipper-octopus.cfg
Normal file
113
nixos/akamanto/klipper-octopus.cfg
Normal file
|
@ -0,0 +1,113 @@
|
|||
CONFIG_LOW_LEVEL_OPTIONS=y
|
||||
# CONFIG_MACH_AVR is not set
|
||||
# CONFIG_MACH_ATSAM is not set
|
||||
# CONFIG_MACH_ATSAMD is not set
|
||||
# CONFIG_MACH_LPC176X is not set
|
||||
CONFIG_MACH_STM32=y
|
||||
# CONFIG_MACH_HC32F460 is not set
|
||||
# CONFIG_MACH_RP2040 is not set
|
||||
# CONFIG_MACH_PRU is not set
|
||||
# CONFIG_MACH_AR100 is not set
|
||||
# CONFIG_MACH_LINUX is not set
|
||||
# CONFIG_MACH_SIMU is not set
|
||||
CONFIG_BOARD_DIRECTORY="stm32"
|
||||
CONFIG_MCU="stm32f429xx"
|
||||
CONFIG_CLOCK_FREQ=168000000
|
||||
CONFIG_USBSERIAL=y
|
||||
CONFIG_FLASH_SIZE=0x80000
|
||||
CONFIG_FLASH_BOOT_ADDRESS=0x8000000
|
||||
CONFIG_RAM_START=0x20000000
|
||||
CONFIG_RAM_SIZE=0x20000
|
||||
CONFIG_STACK_SIZE=512
|
||||
CONFIG_FLASH_APPLICATION_ADDRESS=0x8008000
|
||||
CONFIG_STM32_SELECT=y
|
||||
# CONFIG_MACH_STM32F103 is not set
|
||||
# CONFIG_MACH_STM32F207 is not set
|
||||
# CONFIG_MACH_STM32F401 is not set
|
||||
# CONFIG_MACH_STM32F405 is not set
|
||||
# CONFIG_MACH_STM32F407 is not set
|
||||
CONFIG_MACH_STM32F429=y
|
||||
# CONFIG_MACH_STM32F446 is not set
|
||||
# CONFIG_MACH_STM32F765 is not set
|
||||
# CONFIG_MACH_STM32F031 is not set
|
||||
# CONFIG_MACH_STM32F042 is not set
|
||||
# CONFIG_MACH_STM32F070 is not set
|
||||
# CONFIG_MACH_STM32F072 is not set
|
||||
# CONFIG_MACH_STM32G070 is not set
|
||||
# CONFIG_MACH_STM32G071 is not set
|
||||
# CONFIG_MACH_STM32G0B0 is not set
|
||||
# CONFIG_MACH_STM32G0B1 is not set
|
||||
# CONFIG_MACH_STM32G431 is not set
|
||||
# CONFIG_MACH_STM32H723 is not set
|
||||
# CONFIG_MACH_STM32H743 is not set
|
||||
# CONFIG_MACH_STM32H750 is not set
|
||||
# CONFIG_MACH_STM32L412 is not set
|
||||
# CONFIG_MACH_N32G452 is not set
|
||||
# CONFIG_MACH_N32G455 is not set
|
||||
CONFIG_MACH_STM32F4=y
|
||||
CONFIG_MACH_STM32F4x5=y
|
||||
CONFIG_HAVE_STM32_USBOTG=y
|
||||
CONFIG_HAVE_STM32_CANBUS=y
|
||||
CONFIG_HAVE_STM32_USBCANBUS=y
|
||||
CONFIG_STM32_DFU_ROM_ADDRESS=0x1fff0000
|
||||
CONFIG_STM32_FLASH_START_8000=y
|
||||
# CONFIG_STM32_FLASH_START_20200 is not set
|
||||
# CONFIG_STM32_FLASH_START_C000 is not set
|
||||
# CONFIG_STM32_FLASH_START_10000 is not set
|
||||
# CONFIG_STM32_FLASH_START_4000 is not set
|
||||
# CONFIG_STM32_FLASH_START_0000 is not set
|
||||
CONFIG_STM32_CLOCK_REF_8M=y
|
||||
# CONFIG_STM32_CLOCK_REF_12M is not set
|
||||
# CONFIG_STM32_CLOCK_REF_16M is not set
|
||||
# CONFIG_STM32_CLOCK_REF_20M is not set
|
||||
# CONFIG_STM32_CLOCK_REF_24M is not set
|
||||
# CONFIG_STM32_CLOCK_REF_25M is not set
|
||||
# CONFIG_STM32_CLOCK_REF_INTERNAL is not set
|
||||
CONFIG_CLOCK_REF_FREQ=8000000
|
||||
CONFIG_STM32F0_TRIM=16
|
||||
CONFIG_STM32_USB_PA11_PA12=y
|
||||
# CONFIG_STM32_SERIAL_USART1 is not set
|
||||
# CONFIG_STM32_SERIAL_USART1_ALT_PB7_PB6 is not set
|
||||
# CONFIG_STM32_SERIAL_USART2 is not set
|
||||
# CONFIG_STM32_SERIAL_USART2_ALT_PD6_PD5 is not set
|
||||
# CONFIG_STM32_SERIAL_USART3 is not set
|
||||
# CONFIG_STM32_SERIAL_USART3_ALT_PD9_PD8 is not set
|
||||
# CONFIG_STM32_CANBUS_PA11_PA12 is not set
|
||||
# CONFIG_STM32_CANBUS_PA11_PB9 is not set
|
||||
# CONFIG_STM32_MMENU_CANBUS_PB8_PB9 is not set
|
||||
# CONFIG_STM32_MMENU_CANBUS_PI9_PH13 is not set
|
||||
# CONFIG_STM32_MMENU_CANBUS_PB5_PB6 is not set
|
||||
# CONFIG_STM32_MMENU_CANBUS_PB12_PB13 is not set
|
||||
# CONFIG_STM32_MMENU_CANBUS_PD0_PD1 is not set
|
||||
# CONFIG_STM32_USBCANBUS_PA11_PA12 is not set
|
||||
CONFIG_USB=y
|
||||
CONFIG_USB_VENDOR_ID=0x1d50
|
||||
CONFIG_USB_DEVICE_ID=0x614e
|
||||
CONFIG_USB_SERIAL_NUMBER_CHIPID=y
|
||||
CONFIG_USB_SERIAL_NUMBER="12345"
|
||||
|
||||
#
|
||||
# USB ids
|
||||
#
|
||||
# end of USB ids
|
||||
|
||||
CONFIG_WANT_GPIO_BITBANGING=y
|
||||
CONFIG_WANT_DISPLAYS=y
|
||||
CONFIG_WANT_SENSORS=y
|
||||
CONFIG_WANT_LIS2DW=y
|
||||
CONFIG_WANT_SOFTWARE_I2C=y
|
||||
CONFIG_WANT_SOFTWARE_SPI=y
|
||||
CONFIG_NEED_SENSOR_BULK=y
|
||||
CONFIG_CANBUS_FREQUENCY=1000000
|
||||
CONFIG_INITIAL_PINS=""
|
||||
CONFIG_HAVE_GPIO=y
|
||||
CONFIG_HAVE_GPIO_ADC=y
|
||||
CONFIG_HAVE_GPIO_SPI=y
|
||||
CONFIG_HAVE_GPIO_SDIO=y
|
||||
CONFIG_HAVE_GPIO_I2C=y
|
||||
CONFIG_HAVE_GPIO_HARD_PWM=y
|
||||
CONFIG_HAVE_STRICT_TIMING=y
|
||||
CONFIG_HAVE_CHIPID=y
|
||||
CONFIG_HAVE_STEPPER_BOTH_EDGE=y
|
||||
CONFIG_HAVE_BOOTLOADER_REQUEST=y
|
||||
CONFIG_INLINE_STEPPER_HACK=y
|
31
nixos/akamanto/klipper-rpi.cfg
Normal file
31
nixos/akamanto/klipper-rpi.cfg
Normal file
|
@ -0,0 +1,31 @@
|
|||
# CONFIG_LOW_LEVEL_OPTIONS is not set
|
||||
# CONFIG_MACH_AVR is not set
|
||||
# CONFIG_MACH_ATSAM is not set
|
||||
# CONFIG_MACH_ATSAMD is not set
|
||||
# CONFIG_MACH_LPC176X is not set
|
||||
# CONFIG_MACH_STM32 is not set
|
||||
# CONFIG_MACH_HC32F460 is not set
|
||||
# CONFIG_MACH_RP2040 is not set
|
||||
# CONFIG_MACH_PRU is not set
|
||||
# CONFIG_MACH_AR100 is not set
|
||||
CONFIG_MACH_LINUX=y
|
||||
# CONFIG_MACH_SIMU is not set
|
||||
CONFIG_BOARD_DIRECTORY="linux"
|
||||
CONFIG_CLOCK_FREQ=50000000
|
||||
CONFIG_LINUX_SELECT=y
|
||||
CONFIG_USB_VENDOR_ID=0x1d50
|
||||
CONFIG_USB_DEVICE_ID=0x614e
|
||||
CONFIG_USB_SERIAL_NUMBER="12345"
|
||||
CONFIG_WANT_GPIO_BITBANGING=y
|
||||
CONFIG_WANT_DISPLAYS=y
|
||||
CONFIG_WANT_SENSORS=y
|
||||
CONFIG_WANT_LIS2DW=y
|
||||
CONFIG_WANT_SOFTWARE_I2C=y
|
||||
CONFIG_WANT_SOFTWARE_SPI=y
|
||||
CONFIG_CANBUS_FREQUENCY=1000000
|
||||
CONFIG_HAVE_GPIO=y
|
||||
CONFIG_HAVE_GPIO_ADC=y
|
||||
CONFIG_HAVE_GPIO_SPI=y
|
||||
CONFIG_HAVE_GPIO_I2C=y
|
||||
CONFIG_HAVE_GPIO_HARD_PWM=y
|
||||
CONFIG_INLINE_STEPPER_HACK=y
|
51
nixos/akamanto/klipper-smoothie.cfg
Normal file
51
nixos/akamanto/klipper-smoothie.cfg
Normal file
|
@ -0,0 +1,51 @@
|
|||
# CONFIG_LOW_LEVEL_OPTIONS is not set
|
||||
# CONFIG_MACH_AVR is not set
|
||||
# CONFIG_MACH_ATSAM is not set
|
||||
# CONFIG_MACH_ATSAMD is not set
|
||||
CONFIG_MACH_LPC176X=y
|
||||
# CONFIG_MACH_STM32 is not set
|
||||
# CONFIG_MACH_HC32F460 is not set
|
||||
# CONFIG_MACH_RP2040 is not set
|
||||
# CONFIG_MACH_PRU is not set
|
||||
# CONFIG_MACH_AR100 is not set
|
||||
# CONFIG_MACH_LINUX is not set
|
||||
# CONFIG_MACH_SIMU is not set
|
||||
CONFIG_BOARD_DIRECTORY="lpc176x"
|
||||
CONFIG_MCU="lpc1769"
|
||||
CONFIG_CLOCK_FREQ=120000000
|
||||
CONFIG_USBSERIAL=y
|
||||
CONFIG_FLASH_SIZE=0x80000
|
||||
CONFIG_FLASH_BOOT_ADDRESS=0x0
|
||||
CONFIG_RAM_START=0x10000000
|
||||
CONFIG_RAM_SIZE=0x7fe0
|
||||
CONFIG_STACK_SIZE=512
|
||||
CONFIG_FLASH_APPLICATION_ADDRESS=0x4000
|
||||
CONFIG_LPC_SELECT=y
|
||||
# CONFIG_MACH_LPC1768 is not set
|
||||
CONFIG_MACH_LPC1769=y
|
||||
CONFIG_LPC_FLASH_START_4000=y
|
||||
# CONFIG_LPC_FLASH_START_0000 is not set
|
||||
CONFIG_LPC_USB=y
|
||||
# CONFIG_LPC_SERIAL_UART0_P03_P02 is not set
|
||||
CONFIG_USB=y
|
||||
CONFIG_USB_VENDOR_ID=0x1d50
|
||||
CONFIG_USB_DEVICE_ID=0x614e
|
||||
CONFIG_USB_SERIAL_NUMBER_CHIPID=y
|
||||
CONFIG_USB_SERIAL_NUMBER="12345"
|
||||
CONFIG_WANT_GPIO_BITBANGING=y
|
||||
CONFIG_WANT_DISPLAYS=y
|
||||
CONFIG_WANT_SENSORS=y
|
||||
CONFIG_WANT_LIS2DW=y
|
||||
CONFIG_WANT_SOFTWARE_I2C=y
|
||||
CONFIG_WANT_SOFTWARE_SPI=y
|
||||
CONFIG_CANBUS_FREQUENCY=1000000
|
||||
CONFIG_HAVE_GPIO=y
|
||||
CONFIG_HAVE_GPIO_ADC=y
|
||||
CONFIG_HAVE_GPIO_SPI=y
|
||||
CONFIG_HAVE_GPIO_I2C=y
|
||||
CONFIG_HAVE_GPIO_HARD_PWM=y
|
||||
CONFIG_HAVE_STRICT_TIMING=y
|
||||
CONFIG_HAVE_CHIPID=y
|
||||
CONFIG_HAVE_STEPPER_BOTH_EDGE=y
|
||||
CONFIG_HAVE_BOOTLOADER_REQUEST=y
|
||||
CONFIG_INLINE_STEPPER_HACK=y
|
4
nixos/akamanto/meta.json
Normal file
4
nixos/akamanto/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb4i+BmIb2wiT4y5uWsCOmSo1dRp6Ql36toUsRHN6pC",
|
||||
"system": "aarch64-linux"
|
||||
}
|
14
nixos/akamanto/moonraker-remove-config-path-warning.patch
Normal file
14
nixos/akamanto/moonraker-remove-config-path-warning.patch
Normal file
|
@ -0,0 +1,14 @@
|
|||
diff --git a/moonraker/components/file_manager/file_manager.py b/moonraker/components/file_manager/file_manager.py
|
||||
index 731547d..bc5c14b 100644
|
||||
--- a/moonraker/components/file_manager/file_manager.py
|
||||
+++ b/moonraker/components/file_manager/file_manager.py
|
||||
@@ -202,7 +202,8 @@ class FileManager:
|
||||
par_path = pathlib.Path(cfg_parent)
|
||||
if (
|
||||
par_path in cfg_path.parents or
|
||||
- par_path.resolve() in cfg_path.resolve().parents
|
||||
+ par_path.resolve() in cfg_path.resolve().parents or
|
||||
+ cfg_path.samefile("/etc/klipper.cfg")
|
||||
):
|
||||
self.server.remove_warning("klipper_config")
|
||||
else:
|
53
nixos/amanojaku/default.nix
Normal file
53
nixos/amanojaku/default.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "amanojaku";
|
||||
deployment.tags = [ "reachable-home" ];
|
||||
|
||||
imports = with inputs.self.nixosModules; [
|
||||
graphical
|
||||
laptop
|
||||
|
||||
inputs.jovian-nixos.nixosModules.default
|
||||
];
|
||||
|
||||
boot.uefi.enable = true;
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_jovian;
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/3ccaa83b-c3a3-478e-aa79-5310cf344c93";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/9C71-46C1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
services.displayManager.sddm.enable = lib.mkForce false;
|
||||
|
||||
hardware.pulseaudio.enable = lib.mkForce false;
|
||||
jovian.devices.steamdeck.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [ maliit-keyboard maliit-framework ];
|
||||
i18n.inputMethod.enabled = lib.mkForce "fcitx5";
|
||||
i18n.inputMethod.fcitx5 = {
|
||||
addons = with pkgs; [
|
||||
fcitx5-chinese-addons
|
||||
fcitx5-gtk
|
||||
libsForQt5.fcitx5-qt
|
||||
];
|
||||
};
|
||||
|
||||
jovian.steam = {
|
||||
enable = true;
|
||||
autoStart = true;
|
||||
desktopSession = "plasma";
|
||||
user = "ar";
|
||||
};
|
||||
|
||||
jovian.decky-loader.user = "ar";
|
||||
|
||||
age.secrets.ar-password.file = ../../secrets/amanojaku-ar.age;
|
||||
users.users.ar.hashedPasswordFile = config.age.secrets.ar-password.path;
|
||||
}
|
4
nixos/amanojaku/meta.json
Normal file
4
nixos/amanojaku/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4rFVYs5t4uBpZK9kmDQkr9ONLDE41jOCP/tMmM+SMb",
|
||||
"system": "x86_64-linux"
|
||||
}
|
431
nixos/kamaitachi/default.nix
Normal file
431
nixos/kamaitachi/default.nix
Normal file
|
@ -0,0 +1,431 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
let
|
||||
ci-secrets = import ../../ci-secrets.nix;
|
||||
klipperScreenConfig = builtins.toFile "KlipperConfig.conf" ''
|
||||
[printer Kodak]
|
||||
moonraker_host: localhost
|
||||
moonraker_port: 7125
|
||||
'';
|
||||
cageScript = pkgs.writeScriptBin "klipperCageScript" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
${pkgs.wlr-randr}/bin/wlr-randr --output HDMI-A-1 --transform 180
|
||||
sounds=( /home/ar/startup-sounds/* )
|
||||
${pkgs.mpv}/bin/mpv ''${sounds[ $RANDOM % ''${#sounds[@]}]} &
|
||||
${pkgs.klipperscreen}/bin/KlipperScreen --configfile ${klipperScreenConfig}
|
||||
'';
|
||||
klipperHostMcu = "${
|
||||
pkgs.klipper-firmware.override {
|
||||
firmwareConfig = ./klipper-rpi.cfg;
|
||||
klipper = klipperOld;
|
||||
}
|
||||
}/klipper.elf";
|
||||
klipperOld = pkgs.klipper.overrideAttrs (old: {
|
||||
version = "unstable-dc6182f3";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "KevinOConnor";
|
||||
repo = "klipper";
|
||||
rev =
|
||||
"dc6182f3b339b990c8a68940f02a210e332be269"; # 266e96621c0133e1192bbaec5addb6bcf443a203 broke shit in weird ways
|
||||
sha256 = "sha256-0uoq5bvL/4L9oa/JY54qHMRw5vE7V//HxLFMOEqGUjA=";
|
||||
};
|
||||
});
|
||||
in {
|
||||
# https://en.wikipedia.org/wiki/Kamaitachi
|
||||
networking.hostName = "kamaitachi";
|
||||
deployment.buildOnTarget = lib.mkForce false;
|
||||
deployment.tags = [ "reachable-home" ];
|
||||
|
||||
imports = with inputs.self.nixosModules; [
|
||||
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image.nix"
|
||||
common
|
||||
];
|
||||
|
||||
# don't want to pull in all of installer stuff, so we need to copy some things from sd-image-aarch64.nix:
|
||||
sdImage = {
|
||||
compressImage = false;
|
||||
imageName =
|
||||
"${config.sdImage.imageBaseName}-${pkgs.stdenv.hostPlatform.system}-${config.networking.hostName}.img";
|
||||
populateFirmwareCommands = let
|
||||
configTxt = pkgs.writeText "config.txt" ''
|
||||
[pi3]
|
||||
kernel=u-boot-rpi3.bin
|
||||
|
||||
[pi4]
|
||||
kernel=u-boot-rpi4.bin
|
||||
enable_gic=1
|
||||
armstub=armstub8-gic.bin
|
||||
|
||||
# Otherwise the resolution will be weird in most cases, compared to
|
||||
# what the pi3 firmware does by default.
|
||||
disable_overscan=1
|
||||
|
||||
# Supported in newer board revisions
|
||||
arm_boost=1
|
||||
|
||||
[all]
|
||||
# Boot in 64-bit mode.
|
||||
arm_64bit=1
|
||||
|
||||
# U-Boot needs this to work, regardless of whether UART is actually used or not.
|
||||
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
|
||||
# a requirement in the future.
|
||||
enable_uart=1
|
||||
|
||||
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
|
||||
# when attempting to show low-voltage or overtemperature warnings.
|
||||
avoid_warnings=1
|
||||
'';
|
||||
in ''
|
||||
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
|
||||
|
||||
# Add the config
|
||||
cp ${configTxt} firmware/config.txt
|
||||
|
||||
# Add pi3 specific files
|
||||
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
|
||||
|
||||
# Add pi4 specific files
|
||||
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
|
||||
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/
|
||||
'';
|
||||
populateRootCommands = ''
|
||||
mkdir -p ./files/boot
|
||||
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.enableRedistributableFirmware = lib.mkForce false;
|
||||
hardware.firmware = with pkgs; [ raspberrypiWirelessFirmware wireless-regdb ];
|
||||
boot = {
|
||||
# avoid building zfs
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
kernelParams = [ "console=ttyS1,115200n8" "fbcon=rotate:2" ];
|
||||
loader.grub.enable = false;
|
||||
loader.generic-extlinux-compatible.enable = true;
|
||||
};
|
||||
|
||||
environment.etc."wifi-secrets".text = ci-secrets.wifi;
|
||||
|
||||
microvm.host.enable = false;
|
||||
|
||||
systemd.network.enable = lib.mkForce false;
|
||||
networking = {
|
||||
useDHCP = true;
|
||||
wireless = {
|
||||
enable = true;
|
||||
environmentFile = "/etc/wifi-secrets";
|
||||
networks."hackerspace.pl-guests".psk = "@HSWAW_WIFI@";
|
||||
networks."hackerspace.pl-guests-5G".psk = "@HSWAW_WIFI@";
|
||||
networks."Nibylandia-5G".psk = "@NIBYLANDIA_WIFI@";
|
||||
networks."Nibylandia".psk = "@NIBYLANDIA_WIFI@";
|
||||
};
|
||||
};
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
userServices = true;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.root.hashedPassword =
|
||||
"$y$j9T$.1ogQkT5J95hEFkgp9esc0$rneVdOpPwPDsgAckJsXJmzgVEENPkFWHWKgca2mVz6D";
|
||||
users.mutableUsers = false;
|
||||
users.users.ar = {
|
||||
extraGroups = [ "video" "dialout" "plugdev" "pipewire" ];
|
||||
};
|
||||
|
||||
documentation = {
|
||||
enable = lib.mkForce false;
|
||||
} // builtins.listToAttrs (map (x: {
|
||||
name = x;
|
||||
value = { enable = lib.mkForce false; };
|
||||
}) [ "man" "info" "nixos" "doc" "dev" ]);
|
||||
|
||||
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
|
||||
services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
|
||||
# strictly for shits and giggles
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
package = pkgs.bluez;
|
||||
};
|
||||
services.udisks2 = { enable = true; };
|
||||
|
||||
# diet
|
||||
boot.binfmt.emulatedSystems = lib.mkForce [ ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
# strictly required
|
||||
coreutils
|
||||
nix
|
||||
systemd
|
||||
|
||||
# shell's required and not automatically pulled in
|
||||
zsh
|
||||
bashInteractive
|
||||
|
||||
# avoid warnings
|
||||
gnugrep
|
||||
(glibcLocales.override {
|
||||
allLocales = false;
|
||||
locales = [ "en_US.UTF-8/UTF-8" "en_CA.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
|
||||
})
|
||||
|
||||
# nice-to-haves
|
||||
procps
|
||||
openssh
|
||||
findutils
|
||||
iproute2
|
||||
util-linux
|
||||
usbutils
|
||||
neovim
|
||||
tmux
|
||||
uhubctl
|
||||
|
||||
# strictly unnecessary
|
||||
mpv
|
||||
alsa-utils
|
||||
bluez
|
||||
pipewire
|
||||
(v4l-utils.override { withGUI = false; })
|
||||
];
|
||||
programs.nix-index.enable = lib.mkForce false;
|
||||
services.journald.extraConfig = ''
|
||||
Storage=volatile
|
||||
'';
|
||||
systemd.coredump.enable = false;
|
||||
services.lvm.enable = lib.mkForce false;
|
||||
|
||||
# strictly plotter stuff below
|
||||
|
||||
systemd.services.klipper-mcu-rpi = {
|
||||
description = "Klipper 3D host mcu";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "klipper.service" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
User = "klipper";
|
||||
RuntimeDirectory = "klipper-mcu";
|
||||
StateDirectory = "klipper";
|
||||
SupplementaryGroups = [ "dialout" "pipewire" ];
|
||||
OOMScoreAdjust = "-999";
|
||||
CPUSchedulingPolicy = "rr";
|
||||
CPUSchedulingPriority = 99;
|
||||
IOSchedulingClass = "realtime";
|
||||
IOSchedulingPriority = 0;
|
||||
ExecStart = "${klipperHostMcu} -I /run/klipper-mcu/mcu-rpi";
|
||||
ReadWritePaths = "/dev/gpiochip0";
|
||||
};
|
||||
};
|
||||
systemd.services.klipper.serviceConfig = {
|
||||
SupplementaryGroups = [ "dialout" "pipewire" ];
|
||||
ReadWritePaths = "/var/lib/moonraker/config";
|
||||
};
|
||||
services.klipper = {
|
||||
enable = true;
|
||||
mutableConfig = false;
|
||||
firmwares = {
|
||||
mcu = {
|
||||
enableKlipperFlash = false;
|
||||
enable = true;
|
||||
configFile = ./klipper-skr-pico.cfg;
|
||||
serial = "/dev/ttyAMA0";
|
||||
package = pkgs.klipper-firmware.override {
|
||||
gcc-arm-embedded = pkgs.gcc-arm-embedded-11;
|
||||
klipper = klipperOld;
|
||||
};
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
printer = {
|
||||
kinematics = "corexy";
|
||||
max_accel = "1000";
|
||||
max_velocity = "100";
|
||||
max_z_accel = "30";
|
||||
max_z_velocity = "5";
|
||||
};
|
||||
mcu = { serial = "/dev/ttyAMA0"; };
|
||||
"mcu rpi" = { serial = "/run/klipper-mcu/mcu-rpi"; };
|
||||
virtual_sdcard = { path = "/var/lib/moonraker/gcodes"; };
|
||||
|
||||
pause_resume = { };
|
||||
display_status = { };
|
||||
exclude_object = { };
|
||||
force_move = { enable_force_move = "true"; };
|
||||
|
||||
save_variables = {
|
||||
filename = "/var/lib/moonraker/config/variables.cfg";
|
||||
};
|
||||
|
||||
"temperature_sensor rpi" = { sensor_type = "temperature_host"; };
|
||||
|
||||
"stepper_x" = {
|
||||
step_pin = "gpio11";
|
||||
dir_pin = "!gpio10";
|
||||
enable_pin = "!gpio12";
|
||||
microsteps = "16";
|
||||
rotation_distance = "40";
|
||||
endstop_pin = "^gpio4";
|
||||
position_endstop = "0";
|
||||
position_max = "235";
|
||||
homing_speed = "50";
|
||||
};
|
||||
"tmc2209 stepper_x" = {
|
||||
uart_pin = "gpio9";
|
||||
tx_pin = "gpio8";
|
||||
uart_address = "0";
|
||||
run_current = "0.580";
|
||||
stealthchop_threshold = "999999";
|
||||
};
|
||||
"stepper_y" = {
|
||||
step_pin = "gpio6";
|
||||
dir_pin = "!gpio5";
|
||||
enable_pin = "!gpio7";
|
||||
microsteps = "16";
|
||||
rotation_distance = "40";
|
||||
endstop_pin = "^gpio3";
|
||||
position_endstop = "0";
|
||||
position_max = "235";
|
||||
homing_speed = "50";
|
||||
};
|
||||
"tmc2209 stepper_y" = {
|
||||
uart_pin = "gpio9";
|
||||
tx_pin = "gpio8";
|
||||
uart_address = "2";
|
||||
run_current = "0.580";
|
||||
stealthchop_threshold = "999999";
|
||||
};
|
||||
"stepper_z" = {
|
||||
step_pin = "gpio19";
|
||||
dir_pin = "gpio28";
|
||||
enable_pin = "!gpio2";
|
||||
microsteps = "16";
|
||||
rotation_distance = "8";
|
||||
endstop_pin = "^gpio25";
|
||||
position_endstop = "0.0";
|
||||
position_max = "250";
|
||||
};
|
||||
"tmc2209 stepper_z" = {
|
||||
uart_pin = "gpio9";
|
||||
tx_pin = "gpio8";
|
||||
uart_address = "1";
|
||||
run_current = "0.580";
|
||||
stealthchop_threshold = "999999";
|
||||
};
|
||||
"neopixel board_neopixel" = {
|
||||
pin = "gpio24";
|
||||
chain_count = "1";
|
||||
color_order = "GRB";
|
||||
initial_RED = "0.3";
|
||||
initial_GREEN = "0.3";
|
||||
initial_BLUE = "0.3";
|
||||
};
|
||||
"delayed_gcode t0_offset" = {
|
||||
gcode = [ "SET_GCODE_OFFSET X=0 Y=0 Z=0" ];
|
||||
initial_duration = ".02";
|
||||
};
|
||||
} // lib.mapAttrs' (name: value:
|
||||
lib.nameValuePair
|
||||
("gcode_macro " + (builtins.replaceStrings [ ".gcode" ] [ "" ] name)) {
|
||||
gcode = lib.remove "" (lib.splitString "\n"
|
||||
(builtins.readFile (./klipper-macros/. + "/${name}")));
|
||||
}) (lib.attrsets.filterAttrs (n: v: n != ".gitkeep")
|
||||
(builtins.readDir ./klipper-macros/.));
|
||||
};
|
||||
|
||||
services.moonraker = {
|
||||
user = "root";
|
||||
enable = true;
|
||||
address = "0.0.0.0";
|
||||
allowSystemControl = true;
|
||||
settings = {
|
||||
octoprint_compat = { };
|
||||
history = { };
|
||||
authorization = {
|
||||
force_logins = false;
|
||||
cors_domains = [
|
||||
"*.local"
|
||||
"*.waw.hackerspace.pl"
|
||||
"*.nibylandia.lan"
|
||||
"*.tail412c1.ts.net"
|
||||
];
|
||||
trusted_clients = [
|
||||
"127.0.0.1/32"
|
||||
"10.8.0.0/23"
|
||||
"100.64.0.0/10"
|
||||
"2a0d:eb00:4242:0000:0000:0000:0000:0000/64"
|
||||
"192.168.24.0/24"
|
||||
"192.168.20.0/24"
|
||||
];
|
||||
};
|
||||
# causes issues for some reason
|
||||
# zeroconf = { mdns_hostname = "barbie-girl"; };
|
||||
machine = { provider = "systemd_cli"; };
|
||||
"webcam rpi" = {
|
||||
enabled = "True";
|
||||
service = "mjpegstreamer-adaptive";
|
||||
stream_url = "/webcam/stream";
|
||||
snapshot_url = "/webcam/snapshot";
|
||||
target_fps = "30";
|
||||
target_fps_idle = "30";
|
||||
aspect_ratio = "4:3";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.fluidd = {
|
||||
enable = false;
|
||||
nginx.locations."/webcam/".proxyPass = "http://127.0.0.1:8080/";
|
||||
};
|
||||
|
||||
services.mainsail = {
|
||||
enable = true;
|
||||
nginx.locations."/webcam/".proxyPass = "http://127.0.0.1:8080/";
|
||||
};
|
||||
|
||||
services.nginx.clientMaxBodySize = "1000m";
|
||||
services.nginx.recommendedProxySettings = true;
|
||||
|
||||
systemd.services.ustreamer = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
description = "uStreamer for video0";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart =
|
||||
"${pkgs.ustreamer}/bin/ustreamer --encoder=HW --persistent --rotate 90 --slowdown --resolution 1296x972 --desired-fps 30";
|
||||
};
|
||||
};
|
||||
|
||||
services.cage = {
|
||||
enable = true;
|
||||
user = "ar";
|
||||
program = "${cageScript}/bin/klipperCageScript";
|
||||
environment = {
|
||||
GDK_BACKEND = "wayland";
|
||||
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||
};
|
||||
extraArguments = [ "-d" ];
|
||||
};
|
||||
systemd.services."cage-tty1".serviceConfig.Restart = "always";
|
||||
}
|
0
nixos/kamaitachi/klipper-macros/.gitkeep
Normal file
0
nixos/kamaitachi/klipper-macros/.gitkeep
Normal file
31
nixos/kamaitachi/klipper-rpi.cfg
Normal file
31
nixos/kamaitachi/klipper-rpi.cfg
Normal file
|
@ -0,0 +1,31 @@
|
|||
# CONFIG_LOW_LEVEL_OPTIONS is not set
|
||||
# CONFIG_MACH_AVR is not set
|
||||
# CONFIG_MACH_ATSAM is not set
|
||||
# CONFIG_MACH_ATSAMD is not set
|
||||
# CONFIG_MACH_LPC176X is not set
|
||||
# CONFIG_MACH_STM32 is not set
|
||||
# CONFIG_MACH_HC32F460 is not set
|
||||
# CONFIG_MACH_RP2040 is not set
|
||||
# CONFIG_MACH_PRU is not set
|
||||
# CONFIG_MACH_AR100 is not set
|
||||
CONFIG_MACH_LINUX=y
|
||||
# CONFIG_MACH_SIMU is not set
|
||||
CONFIG_BOARD_DIRECTORY="linux"
|
||||
CONFIG_CLOCK_FREQ=50000000
|
||||
CONFIG_LINUX_SELECT=y
|
||||
CONFIG_USB_VENDOR_ID=0x1d50
|
||||
CONFIG_USB_DEVICE_ID=0x614e
|
||||
CONFIG_USB_SERIAL_NUMBER="12345"
|
||||
CONFIG_WANT_GPIO_BITBANGING=y
|
||||
CONFIG_WANT_DISPLAYS=y
|
||||
CONFIG_WANT_SENSORS=y
|
||||
CONFIG_WANT_LIS2DW=y
|
||||
CONFIG_WANT_SOFTWARE_I2C=y
|
||||
CONFIG_WANT_SOFTWARE_SPI=y
|
||||
CONFIG_CANBUS_FREQUENCY=1000000
|
||||
CONFIG_HAVE_GPIO=y
|
||||
CONFIG_HAVE_GPIO_ADC=y
|
||||
CONFIG_HAVE_GPIO_SPI=y
|
||||
CONFIG_HAVE_GPIO_I2C=y
|
||||
CONFIG_HAVE_GPIO_HARD_PWM=y
|
||||
CONFIG_INLINE_STEPPER_HACK=y
|
56
nixos/kamaitachi/klipper-skr-pico.cfg
Normal file
56
nixos/kamaitachi/klipper-skr-pico.cfg
Normal file
|
@ -0,0 +1,56 @@
|
|||
# CONFIG_LOW_LEVEL_OPTIONS is not set
|
||||
# CONFIG_MACH_AVR is not set
|
||||
# CONFIG_MACH_ATSAM is not set
|
||||
# CONFIG_MACH_ATSAMD is not set
|
||||
# CONFIG_MACH_LPC176X is not set
|
||||
# CONFIG_MACH_STM32 is not set
|
||||
# CONFIG_MACH_HC32F460 is not set
|
||||
CONFIG_MACH_RP2040=y
|
||||
# CONFIG_MACH_PRU is not set
|
||||
# CONFIG_MACH_AR100 is not set
|
||||
# CONFIG_MACH_LINUX is not set
|
||||
# CONFIG_MACH_SIMU is not set
|
||||
CONFIG_BOARD_DIRECTORY="rp2040"
|
||||
CONFIG_MCU="rp2040"
|
||||
CONFIG_CLOCK_FREQ=12000000
|
||||
CONFIG_SERIAL=y
|
||||
CONFIG_FLASH_SIZE=0x200000
|
||||
CONFIG_FLASH_BOOT_ADDRESS=0x10000100
|
||||
CONFIG_RAM_START=0x20000000
|
||||
CONFIG_RAM_SIZE=0x42000
|
||||
CONFIG_STACK_SIZE=512
|
||||
CONFIG_FLASH_APPLICATION_ADDRESS=0x10000100
|
||||
CONFIG_RP2040_SELECT=y
|
||||
CONFIG_RP2040_HAVE_STAGE2=y
|
||||
CONFIG_RP2040_FLASH_START_0100=y
|
||||
# CONFIG_RP2040_FLASH_START_4000 is not set
|
||||
CONFIG_RP2040_STAGE2_FILE="boot2_w25q080.S"
|
||||
CONFIG_RP2040_STAGE2_CLKDIV=2
|
||||
# CONFIG_RP2040_USB is not set
|
||||
CONFIG_RP2040_SERIAL_UART0=y
|
||||
# CONFIG_RP2040_CANBUS is not set
|
||||
# CONFIG_RP2040_USBCANBUS is not set
|
||||
CONFIG_RP2040_CANBUS_GPIO_RX=4
|
||||
CONFIG_RP2040_CANBUS_GPIO_TX=5
|
||||
CONFIG_SERIAL_BAUD=250000
|
||||
CONFIG_USB_VENDOR_ID=0x1d50
|
||||
CONFIG_USB_DEVICE_ID=0x614e
|
||||
CONFIG_USB_SERIAL_NUMBER="12345"
|
||||
CONFIG_WANT_GPIO_BITBANGING=y
|
||||
CONFIG_WANT_DISPLAYS=y
|
||||
CONFIG_WANT_SENSORS=y
|
||||
CONFIG_WANT_LIS2DW=y
|
||||
CONFIG_WANT_SOFTWARE_I2C=y
|
||||
CONFIG_WANT_SOFTWARE_SPI=y
|
||||
CONFIG_NEED_SENSOR_BULK=y
|
||||
CONFIG_CANBUS_FREQUENCY=1000000
|
||||
CONFIG_HAVE_GPIO=y
|
||||
CONFIG_HAVE_GPIO_ADC=y
|
||||
CONFIG_HAVE_GPIO_SPI=y
|
||||
CONFIG_HAVE_GPIO_I2C=y
|
||||
CONFIG_HAVE_GPIO_HARD_PWM=y
|
||||
CONFIG_HAVE_STRICT_TIMING=y
|
||||
CONFIG_HAVE_CHIPID=y
|
||||
CONFIG_HAVE_STEPPER_BOTH_EDGE=y
|
||||
CONFIG_HAVE_BOOTLOADER_REQUEST=y
|
||||
CONFIG_INLINE_STEPPER_HACK=y
|
4
nixos/kamaitachi/meta.json
Normal file
4
nixos/kamaitachi/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb4i+BmIb2wiT4y5uWsCOmSo1dRp6Ql36toUsRHN6pC",
|
||||
"system": "aarch64-linux"
|
||||
}
|
|
@ -1,8 +1,20 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "khas";
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
deployment.tags = [ "reachable-everywhere" ];
|
||||
|
||||
imports = with inputs.self.nixosModules; [
|
||||
./hardware-configuration.nix
|
||||
|
||||
graphical
|
||||
laptop
|
||||
secureboot
|
||||
gaming
|
||||
];
|
||||
|
||||
# boot.kernelParams = [ "nohz_full=1-15" ];
|
||||
|
||||
age.secrets.ar-password.file = ../../secrets/khas-ar.age;
|
||||
|
||||
users.users.ar.hashedPasswordFile = config.age.secrets.ar-password.path;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
{
|
||||
hardware.enableAllFirmware = true;
|
||||
nibylandia-boot.ryzen.enable = true;
|
||||
boot.ryzen.enable = true;
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
|
||||
|
@ -87,4 +87,10 @@
|
|||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_tpm" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/tailscale" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_tailscale" ];
|
||||
};
|
||||
}
|
||||
|
|
4
nixos/khas/meta.json
Normal file
4
nixos/khas/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAs/jPJBvAVB+BgkywNDSUqcuqzFaWTmBn5hTnKm1wjF",
|
||||
"system": "x86_64-linux"
|
||||
}
|
|
@ -1,8 +1,16 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "microlith";
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
deployment.tags = [ "reachable-home" ];
|
||||
|
||||
imports = with inputs.self.nixosModules; [
|
||||
./hardware-configuration.nix
|
||||
|
||||
graphical
|
||||
gaming
|
||||
secureboot
|
||||
];
|
||||
age.secrets.ar-password.file = ../../secrets/microlith-ar.age;
|
||||
|
||||
users.users.ar.hashedPasswordFile = config.age.secrets.ar-password.path;
|
||||
|
|
|
@ -13,6 +13,11 @@
|
|||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/steam" = {
|
||||
device = "/dev/disk/by-uuid/a2b3af5e-b15b-4023-8f8f-ea828b8df241";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."microlith".device =
|
||||
"/dev/disk/by-uuid/3b53f78f-4d3f-4b3b-b7c8-640fe450f122";
|
||||
|
||||
|
|
4
nixos/microlith/meta.json
Normal file
4
nixos/microlith/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDghNuH/3G+0BXwrBZWZXX0V3K0tfu/Q/AKokLXY5zTD",
|
||||
"system": "x86_64-linux"
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, inputs, ... }:
|
||||
|
||||
let
|
||||
keaJsonWithIncludes = name: value:
|
||||
|
@ -20,9 +20,16 @@ let
|
|||
${pkgs.bird2}/bin/birdc reload in all
|
||||
'';
|
||||
in {
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
deployment.tags = [ "reachable-everywhere" ];
|
||||
|
||||
nibylandia-boot.uefi.enable = true;
|
||||
imports = with inputs.self.nixosModules; [
|
||||
./hardware-configuration.nix
|
||||
|
||||
common
|
||||
ci-runners
|
||||
];
|
||||
|
||||
boot.uefi.enable = true;
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
@ -67,6 +74,7 @@ in {
|
|||
};
|
||||
|
||||
networking.hostName = "scylla";
|
||||
|
||||
networking.wireless.enable = false;
|
||||
|
||||
time.timeZone = "Europe/Warsaw";
|
||||
|
@ -424,6 +432,15 @@ in {
|
|||
before = [ "bird.service" ];
|
||||
};
|
||||
|
||||
services.tailscale = {
|
||||
useRoutingFeatures = "both";
|
||||
extraUpFlags = [
|
||||
"--advertise-exit-node"
|
||||
"--advertise-routes=172.20.0.0/14"
|
||||
"--advertise-routes=fd00::/8"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
dn42-roa = {
|
||||
after = [ "network.target" ];
|
||||
|
@ -435,6 +452,11 @@ in {
|
|||
|
||||
security.polkit.enable = true;
|
||||
virtualisation.libvirtd.enable = true;
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
dockerSocket.enable = true;
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
|
|
4
nixos/scylla/meta.json
Normal file
4
nixos/scylla/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg",
|
||||
"system": "aarch64-linux"
|
||||
}
|
282
nixos/stereolith/default.nix
Normal file
282
nixos/stereolith/default.nix
Normal file
|
@ -0,0 +1,282 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "stereolith";
|
||||
networking.hostId = "adcad022";
|
||||
|
||||
deployment.tags = [ "reachable-home" ];
|
||||
|
||||
imports = with inputs.self.nixosModules; [ common ];
|
||||
|
||||
boot.uefi.enable = true;
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
boot.kernelPackages = pkgs.linuxPackages;
|
||||
boot.zfs.package = pkgs.zfs_2_1;
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ zfs_2_1 ];
|
||||
|
||||
boot.enableContainers = true;
|
||||
boot.zfs.extraPools = [ config.networking.hostName ];
|
||||
boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = "1"; };
|
||||
|
||||
system.stateVersion = lib.mkForce "22.11";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/34409a0d-48ac-4dcb-8fe2-ac553b5b27f1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/3906-F639";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
nix.settings.max-jobs = 16;
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
wget
|
||||
tmux
|
||||
tcpdump
|
||||
sysstat
|
||||
samba
|
||||
];
|
||||
|
||||
programs = {
|
||||
neovim = {
|
||||
enable = true;
|
||||
withRuby = true;
|
||||
vimAlias = true;
|
||||
viAlias = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
mosh.enable = true;
|
||||
};
|
||||
|
||||
networking.useDHCP = false;
|
||||
networking.wireless.enable = false;
|
||||
networking.nameservers = [ "192.168.20.1" ];
|
||||
networking.interfaces.enp9s0.ipv4 = {
|
||||
addresses = [{
|
||||
address = "192.168.20.31";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
routes = [{
|
||||
address = "0.0.0.0";
|
||||
prefixLength = 0;
|
||||
via = "192.168.20.1";
|
||||
}];
|
||||
};
|
||||
systemd.network.wait-online.enable = false;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 80 443 1688 2005 2582 3000 ]
|
||||
++ (map (x: 9091 + x) (lib.range (0 - 2) 10))
|
||||
++ (map (x: 51413 + x) (lib.range (0 - 2) 10)) ++ [ 137 139 445 631 ]
|
||||
++ [ 1143 1025 8080 ] ++ [ 5201 ] ++ [ 4000 4001 4002 ] ++ [ 5001 5050 ];
|
||||
networking.firewall.allowedUDPPorts = [ 69 2005 51820 ]
|
||||
++ (map (x: 51413 + x) (lib.range (0 - 2) 10)) ++ [ 4000 4001 4002 ];
|
||||
|
||||
users.users.minecraft = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys = {
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOHWPbzvwXTftY1r0dXcYZxT9QBnQkwepdMn8PCAPlYvYwUObEj3rgYrYRFrtCRWZVrKAdqBxnH9/6S9w631Zs7tgqEeDHJsotZNZV3qip7qGjn9IqUHXqF95MUDJV21AeBAqQ1xalefwCkwf/vYLFn8dSnsnlfO+mtlHZOuBED+SB2U1eNrWY2e45v8m7PqSyTCbCu0F3wVcHGwRFsxWA598wf85UBRVcSWVcUydE9F+PCS9sGETkXiRUDcHWnup8uygs4xLa9RADubhdGkUbQE6m6yOjvHJWZ4ov59zJh+hmpszCwfmUw/k39T2TM7tbwUWxgc68qDyaMGQr/Wzd x10a94@Celestia"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeJ+LSo3YXE6Jk6pGKL5om/VOi7XE5OvHA2U73V0pJXHa1bA4ityICeNqec2w8TSWSwTihJ4oAM7YLShkERNTcd1NWNHgUYova9nJ/nItFxrxDpTQsqK315u4d7nE+go09c85cyomHbDDcNVg9kJeCUjF+dr82N7JZfYVdQystOslOROYtl94GHuFHVOQyBRGeSztmakYvK1+3WV8dby6TfYG1l6uf6qLCg7q64zR4xDDP0KgfcrsusBQ6qYnKhop1fUTaW9NtEOQP/MhFLDp2YQmTsNJDiKAQpwwYLexWq4UcziXbnRfD56CHFHbW7Hu6Ltu35cHFKR2r9y4TBwTV crendgrim@gmx.de"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt arachnist@monolith"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7WvV+4zRYrDoxXxLttLvIJkuzB3ZsHIUUmyc5Jp81F minecraft@orochi"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
commonHttpConfig = ''
|
||||
add_header X-Clacks-Overhead "GNU Terry Pratchett";
|
||||
'';
|
||||
|
||||
virtualHosts = {
|
||||
"default" = {
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
serverName = "_";
|
||||
locations."/".return = "410";
|
||||
locations."/tftp/" = { alias = "/stereolith/crap/tftp/"; };
|
||||
};
|
||||
"i.am-a.cat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/transmission/Downloads/" = {
|
||||
alias = "/stereolith/crap/transmission/Downloads/";
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
satisfy any;
|
||||
|
||||
allow 192.168.20.0/24;
|
||||
allow 192.168.24.0/24;
|
||||
allow 10.255.255.0/24;
|
||||
deny all;
|
||||
|
||||
auth_basic "crap";
|
||||
auth_basic_user_file "/etc/nginx/auth/crap";
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"drukarke.zajeba.li" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5001";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
satisfy any;
|
||||
|
||||
allow 192.168.20.0/24;
|
||||
allow 192.168.24.0/24;
|
||||
allow 10.255.255.0/24;
|
||||
deny all;
|
||||
|
||||
auth_basic "octoprint";
|
||||
auth_basic_user_file "/etc/nginx/auth/octoprint";
|
||||
|
||||
client_max_body_size 0;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"185.102.189.133" = {
|
||||
forceSSL = false;
|
||||
locations."/.well-known/pki-validation/" = {
|
||||
alias = "/stereolith/crap/pki-validation/";
|
||||
};
|
||||
};
|
||||
|
||||
"picture.cat" = {
|
||||
locations."/" = { root = "/stereolith/photo/_build"; };
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "ar@is-a.cat";
|
||||
};
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
startWhenNeeded = false;
|
||||
browsing = true;
|
||||
listenAddresses = [ "*:631" ];
|
||||
defaultShared = true;
|
||||
drivers = with pkgs; [ cups-dymo ];
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
package = pkgs.samba4Full;
|
||||
shares = {
|
||||
scan = {
|
||||
browseable = "yes";
|
||||
comment = "Scanner";
|
||||
"guest ok" = "yes";
|
||||
path = "/stereolith/scan";
|
||||
"read only" = false;
|
||||
};
|
||||
transmission = {
|
||||
browseable = "yes";
|
||||
comment = "Scanner";
|
||||
"guest ok" = "yes";
|
||||
path = "/stereolith/crap/transmission/Downloads";
|
||||
"read only" = false;
|
||||
"force user" = "transmission";
|
||||
"force group" = "transmission";
|
||||
};
|
||||
annscratch = {
|
||||
browseable = "yes";
|
||||
comment = "scratch";
|
||||
"guest ok" = "yes";
|
||||
path = "/stereolith/scratch/anna";
|
||||
"read only" = false;
|
||||
};
|
||||
photo = {
|
||||
browseable = "yes";
|
||||
comment = "photo";
|
||||
"guest ok" = "yes";
|
||||
path = "/stereolith/photo";
|
||||
"read only" = false;
|
||||
"force user" = "arachnist";
|
||||
"force group" = "users";
|
||||
};
|
||||
labelprinter = {
|
||||
path = "/var/spool/samba";
|
||||
printer = "labelprinter";
|
||||
browseable = "yes";
|
||||
comment = "Label Printer";
|
||||
"guest ok" = "yes";
|
||||
writable = "no";
|
||||
printable = "yes";
|
||||
public = "yes";
|
||||
"create mode" = 700;
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
load printers = yes
|
||||
printing = cups
|
||||
printcap name = cups
|
||||
'';
|
||||
};
|
||||
systemd.tmpfiles.rules = [ "d /var/spool/samba 1777 root root -" ];
|
||||
sound.enable = false;
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.xserver.enable = false;
|
||||
systemd.services.mdmonitor.enable = false;
|
||||
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
downloadDirPermissions = "775";
|
||||
settings = {
|
||||
rpc-port = 9091;
|
||||
peer-port = 51413;
|
||||
rpc-bind-address = "0.0.0.0";
|
||||
rpc-whitelist-enabled = false;
|
||||
rpc-host-whitelist-enabled = false;
|
||||
download-dir = "/stereolith/crap/transmission/Downloads";
|
||||
incomplete-dir = "/stereolith/crap/transmission/Downloads";
|
||||
dht-enabled = false;
|
||||
pex-enabled = false;
|
||||
};
|
||||
webHome = pkgs.flood-for-transmission;
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
octoprint = {
|
||||
image = "octoprint/octoprint";
|
||||
volumes = [ "octoprint:/octoprint" ];
|
||||
ports = [ "5001:80" ];
|
||||
extraOptions = [
|
||||
"--device=/dev/ttyACM0:/dev/ttyACM0"
|
||||
"--device=/dev/video0:/dev/video0"
|
||||
"--device=/dev/video1:/dev/video1"
|
||||
];
|
||||
environment = {
|
||||
ENABLE_MJPG_STREAMER = "true";
|
||||
MJPG_STREAMER_INPUT = "-r 1920x1080 -f 30";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
services.pykms.enable = true;
|
||||
}
|
4
nixos/stereolith/meta.json
Normal file
4
nixos/stereolith/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O",
|
||||
"system": "x86_64-linux"
|
||||
}
|
266
nixos/tsukumogami/default.nix
Normal file
266
nixos/tsukumogami/default.nix
Normal file
|
@ -0,0 +1,266 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
let
|
||||
ci-secrets = import ../../ci-secrets.nix;
|
||||
cageScript = pkgs.writeScriptBin "inventoryChromium" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
${pkgs.wlr-randr}/bin/wlr-randr --output HDMI-A-1 --transform 90
|
||||
${pkgs.chromium}/bin/chromium --kiosk https://inventory.hackerspace.pl
|
||||
'';
|
||||
in {
|
||||
# https://en.wikipedia.org/wiki/Tsukumogami
|
||||
networking.hostName = "tsukumogami";
|
||||
deployment.buildOnTarget = lib.mkForce false;
|
||||
deployment.tags = [ "reachable-hs" ];
|
||||
|
||||
imports = with inputs.self.nixosModules; [
|
||||
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image.nix"
|
||||
common
|
||||
];
|
||||
|
||||
# don't want to pull in all of installer stuff, so we need to copy some things from sd-image-aarch64.nix:
|
||||
sdImage = {
|
||||
compressImage = false;
|
||||
imageName =
|
||||
"${config.sdImage.imageBaseName}-${pkgs.stdenv.hostPlatform.system}-${config.networking.hostName}.img";
|
||||
populateFirmwareCommands = let
|
||||
# contents of these are used *only* for generating a microsd card image!
|
||||
configTxt = pkgs.writeText "config.txt" ''
|
||||
[pi3]
|
||||
kernel=u-boot-rpi3.bin
|
||||
|
||||
[pi02]
|
||||
kernel=u-boot-rpi3.bin
|
||||
|
||||
[pi4]
|
||||
kernel=u-boot-rpi4.bin
|
||||
enable_gic=1
|
||||
armstub=armstub8-gic.bin
|
||||
|
||||
# Otherwise the resolution will be weird in most cases, compared to
|
||||
# what the pi3 firmware does by default.
|
||||
disable_overscan=1
|
||||
|
||||
# Supported in newer board revisions
|
||||
arm_boost=1
|
||||
|
||||
[cm4]
|
||||
# Enable host mode on the 2711 built-in XHCI USB controller.
|
||||
# This line should be removed if the legacy DWC2 controller is required
|
||||
# (e.g. for USB device mode) or if USB support is not required.
|
||||
otg_mode=1
|
||||
|
||||
[all]
|
||||
# Boot in 64-bit mode.
|
||||
arm_64bit=1
|
||||
|
||||
# U-Boot needs this to work, regardless of whether UART is actually used or not.
|
||||
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
|
||||
# a requirement in the future.
|
||||
enable_uart=1
|
||||
|
||||
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
|
||||
# when attempting to show low-voltage or overtemperature warnings.
|
||||
avoid_warnings=1
|
||||
|
||||
hdmi_enable_4kp60=1
|
||||
|
||||
# avoid display issues
|
||||
hdmi_cvt=1920 1080 60 3 0 0 0
|
||||
hdmi_force_hotplug=1
|
||||
hdmi_group=2
|
||||
hdmi_mode=87
|
||||
|
||||
hdmi_drive=1
|
||||
hdmi_boost=7
|
||||
'';
|
||||
in ''
|
||||
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
|
||||
|
||||
# Add the config
|
||||
cp ${configTxt} firmware/config.txt
|
||||
|
||||
# Add pi3 specific files
|
||||
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
|
||||
|
||||
# Add pi4 specific files
|
||||
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
|
||||
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/
|
||||
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/
|
||||
'';
|
||||
populateRootCommands = ''
|
||||
mkdir -p ./files/boot
|
||||
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.enableRedistributableFirmware = lib.mkForce false;
|
||||
hardware.firmware = with pkgs; [ raspberrypiWirelessFirmware wireless-regdb ];
|
||||
boot = {
|
||||
# camera, kernel side
|
||||
# kernelModules = [ "bcm2835-v4l2" ];
|
||||
# avoid building zfs
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
kernelParams = [ "verbose" "loglevel=7" "cma=256M" "fbcon=rotate:1" ];
|
||||
loader.grub.enable = false;
|
||||
loader.generic-extlinux-compatible.enable = true;
|
||||
};
|
||||
|
||||
environment.etc."wifi-secrets".text = ci-secrets.wifi;
|
||||
|
||||
microvm.host.enable = false;
|
||||
|
||||
systemd.network.enable = lib.mkForce false;
|
||||
networking = {
|
||||
useDHCP = true;
|
||||
wireless = {
|
||||
enable = true;
|
||||
environmentFile = "/etc/wifi-secrets";
|
||||
networks."hackerspace.pl-guests".psk = "@HSWAW_WIFI@";
|
||||
networks."hackerspace.pl-guests-5G".psk = "@HSWAW_WIFI@";
|
||||
};
|
||||
};
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
userServices = true;
|
||||
};
|
||||
};
|
||||
|
||||
# dupa.8
|
||||
users.users.root.hashedPassword =
|
||||
"$y$j9T$yzZnq2/mg6OawoGAbzb0f0$yOyJmpjmFWfm7GF7eRriCO5wwjCWaJWZOH.6f9gVZ3/";
|
||||
users.mutableUsers = false;
|
||||
users.users.inventory = {
|
||||
group = "inventory";
|
||||
extraGroups = [ "video" "dialout" "plugdev" "pipewire" "users" "wheel" ];
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys =
|
||||
config.users.users.root.openssh.authorizedKeys.keys;
|
||||
};
|
||||
users.groups.inventory = { };
|
||||
|
||||
documentation = {
|
||||
enable = lib.mkForce false;
|
||||
} // builtins.listToAttrs (map (x: {
|
||||
name = x;
|
||||
value = { enable = lib.mkForce false; };
|
||||
}) [ "man" "info" "nixos" "doc" "dev" ]);
|
||||
|
||||
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
|
||||
services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
|
||||
# strictly for shits and giggles
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
services.udisks2 = { enable = true; };
|
||||
|
||||
# diet
|
||||
boot.binfmt.emulatedSystems = lib.mkForce [ ];
|
||||
environment.systemPackages = with pkgs;
|
||||
lib.mkForce [
|
||||
# strictly required
|
||||
coreutils
|
||||
nix
|
||||
systemd
|
||||
|
||||
# shell's required and not automatically pulled in
|
||||
zsh
|
||||
bashInteractive
|
||||
|
||||
# reaaaaally useful (on-screen keyboard)
|
||||
maliit-keyboard
|
||||
maliit-framework
|
||||
squeekboard
|
||||
|
||||
# we include these anyway
|
||||
wlr-randr
|
||||
chromium
|
||||
|
||||
# avoid warnings
|
||||
gnugrep
|
||||
(glibcLocales.override {
|
||||
allLocales = false;
|
||||
locales = [
|
||||
"en_US.UTF-8/UTF-8"
|
||||
"en_CA.UTF-8/UTF-8"
|
||||
"en_DK.UTF-8/UTF-8"
|
||||
"pl_PL.UTF-8/UTF-8"
|
||||
];
|
||||
})
|
||||
|
||||
# nice-to-haves
|
||||
procps
|
||||
openssh
|
||||
findutils
|
||||
iproute2
|
||||
util-linux
|
||||
usbutils
|
||||
neovim
|
||||
tmux
|
||||
|
||||
# strictly unnecessary
|
||||
mpv
|
||||
alsa-utils
|
||||
pipewire
|
||||
(v4l-utils.override { withGUI = false; })
|
||||
];
|
||||
programs.nix-index.enable = lib.mkForce false;
|
||||
services.journald.extraConfig = ''
|
||||
Storage=volatile
|
||||
'';
|
||||
systemd.coredump.enable = false;
|
||||
services.lvm.enable = lib.mkForce false;
|
||||
|
||||
# systemd.services.ustreamer = {
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# description = "uStreamer for video0";
|
||||
# serviceConfig = {
|
||||
# Type = "simple";
|
||||
# ExecStart =
|
||||
# "${pkgs.ustreamer}/bin/ustreamer --encoder=HW --persistent --rotate 90 --slowdown --resolution 1296x972 --desired-fps 30";
|
||||
# };
|
||||
# };
|
||||
|
||||
# the proper way to do this, supposedly, would be to tie the touchscreen input to display output, eg. with:
|
||||
# ENV{WL_OUTPUT}="HDMI-A-1"
|
||||
# sadly, this doesn't work for us here, for some unbeknownst reason
|
||||
# ENV{LIBINPUT_CALIBRATION_MATRIX}=“1 0 0 0 1 0” # default
|
||||
# ENV{LIBINPUT_CALIBRATION_MATRIX}=“0 -1 1 1 0 0” # 90 degree clockwise
|
||||
# ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 0 -1 1" # 180 degree clockwise
|
||||
# ENV{LIBINPUT_CALIBRATION_MATRIX}=“0 1 0 -1 0 1” # 270 degree clockwise
|
||||
# ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 1 0 0" # reflect along y axis
|
||||
# ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 0 1 0" # reflect along xgi axis
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="input", ATTRS{idVendor}=="0408", ENV{LIBINPUT_CALIBRATION_MATRIX}=“0 -1 1 1 0 0”
|
||||
'';
|
||||
services.cage = {
|
||||
enable = true;
|
||||
user = "inventory";
|
||||
program = "${cageScript}/bin/inventoryChromium";
|
||||
environment = {
|
||||
GDK_BACKEND = "wayland";
|
||||
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||
WLR_LIBINPUT_NO_DEVICES = "1";
|
||||
};
|
||||
extraArguments = [ "-d" ];
|
||||
};
|
||||
systemd.services."cage-tty1".serviceConfig.Restart = "always";
|
||||
}
|
4
nixos/tsukumogami/meta.json
Normal file
4
nixos/tsukumogami/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/Cl0F5WUxDTaQAlb+bYpQ0sCRuFQlf3MHJ4+3/KfYi",
|
||||
"system": "aarch64-linux"
|
||||
}
|
663
nixos/zorigami/default.nix
Normal file
663
nixos/zorigami/default.nix
Normal file
|
@ -0,0 +1,663 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
|
||||
{
|
||||
deployment.tags = [ "reachable-everywhere" ];
|
||||
|
||||
imports = [ inputs.simple-nixos-mailserver.nixosModule ]
|
||||
++ (with inputs.self.nixosModules; [
|
||||
common
|
||||
secureboot
|
||||
monitoring
|
||||
ci-runners
|
||||
|
||||
./hardware.nix
|
||||
]);
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages;
|
||||
|
||||
age.secrets.cassAuth = {
|
||||
file = ../../secrets/cassAuth.age;
|
||||
group = "nginx";
|
||||
mode = "440";
|
||||
};
|
||||
age.secrets.minecraftRestic.file = ../../secrets/norkclubMinecraftRestic.age;
|
||||
age.secrets.nextCloudAdmin = {
|
||||
file = ../../secrets/nextCloudAdmin.age;
|
||||
group = "nextcloud";
|
||||
mode = "440";
|
||||
};
|
||||
age.secrets.wgNibylandia.file = ../../secrets/wg/nibylandia_zorigami.age;
|
||||
|
||||
age.secrets.arMail.file = ../../secrets/mail/ar.age;
|
||||
age.secrets.apoMail.file = ../../secrets/mail/apo.age;
|
||||
age.secrets.madargonMail.file = ../../secrets/mail/madargon.age;
|
||||
age.secrets.enkiMail.file = ../../secrets/mail/enki.age;
|
||||
age.secrets.matrixMail.file = ../../secrets/mail/matrix.age;
|
||||
age.secrets.mastodonMail.file = ../../secrets/mail/mastodon.age;
|
||||
age.secrets.mastodonPlainMail = {
|
||||
group = "mastodon";
|
||||
mode = "440";
|
||||
file = ../../secrets/mail/mastodonPlain.age;
|
||||
};
|
||||
age.secrets.vaultwardenMail.file = ../../secrets/mail/vaultwarden.age;
|
||||
age.secrets.vaultwardenPlainMail = {
|
||||
group = "vaultwarden";
|
||||
mode = "440";
|
||||
file = ../../secrets/mail/vaultwardenPlain.age;
|
||||
};
|
||||
|
||||
age.secrets.minifluxCredentials.file = ../../secrets/miniflux.age;
|
||||
age.secrets.keycloakDatabase = {
|
||||
file = ../../secrets/keycloakDatabase.age;
|
||||
mode = "440";
|
||||
};
|
||||
age.secrets.keycloak.file = ../../secrets/mail/keycloak.age;
|
||||
age.secrets.mastodonActiveRecordSecrets.file =
|
||||
../../secrets/mastodon-activerecord.age;
|
||||
|
||||
age.secrets.notbotEnvironment.file = ../../secrets/notbotEnvironment.age;
|
||||
|
||||
age.secrets.synapseExtraConfig = {
|
||||
group = "matrix-synapse";
|
||||
mode = "440";
|
||||
file = ../../secrets/synapseExtraConfig.age;
|
||||
};
|
||||
age.secrets.acmeZorigamiZajebaLi.file =
|
||||
../../secrets/acme-zorigami-zajeba.li.age;
|
||||
age.secrets.automataDendritePrivateKey.file =
|
||||
../../secrets/automata.of-a.cat-matrix_key.pem.age;
|
||||
age.secrets.automataDendriteEnv.file =
|
||||
../../secrets/automata.of-a.cat-matrix_env.age;
|
||||
|
||||
nibylandia.monitoring-server = { domain = "monitoring.is-a.cat"; };
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
clientMaxBodySize = "4096m";
|
||||
appendHttpConfig = ''
|
||||
disable_symlinks off;
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "ar@is-a.cat";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ] ++ [ 25565 25566 ]
|
||||
++ [ 113 ];
|
||||
networking.firewall.allowedUDPPorts = [ 80 443 ]
|
||||
++ [ 19132 19133 25565 25566 ] ++ [ 51315 ];
|
||||
|
||||
nix.settings.max-jobs = 1;
|
||||
nix.settings.cores = 24;
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_13;
|
||||
};
|
||||
services.prometheus.exporters.postgres = {
|
||||
enable = true;
|
||||
runAsLocalSuperUser = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
};
|
||||
|
||||
systemd.services.notbot = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
description = "Notbot irc bot service";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "bot";
|
||||
EnvironmentFile = config.age.secrets.notbotEnvironment.path;
|
||||
ExecStart = ''
|
||||
${pkgs.notbot}/bin/notbot -nickname "notbot" -name "notbot" -user "bot" \
|
||||
-server "irc.libera.chat:6667" -password $NICKSERV_PASSWORD \
|
||||
-channels $CHANNELS -jitsi.channels $JITSI_CHANNELS -spaceapi.channels $SPACEAPI_CHANNELS
|
||||
'';
|
||||
};
|
||||
};
|
||||
users.users.bot = {
|
||||
isSystemUser = true;
|
||||
group = "bot";
|
||||
};
|
||||
users.groups.bot = { };
|
||||
|
||||
systemd.services.cass = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
description = "cass";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "ar";
|
||||
ExecStart = ''
|
||||
${pkgs.cass}/bin/cass -listen "127.0.0.1:8000" -file-store "/srv/www/arachnist.is-a.cat/c" -url-base "https://ar.is-a.cat/c/"'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.minecraft-overviewer = {
|
||||
script = ''
|
||||
${pkgs.python3Packages.minecraft-overviewer}/bin/overviewer.py -p 12 -c "/srv/minecraft-overviewer/survival/config.py"
|
||||
${pkgs.python3Packages.minecraft-overviewer}/bin/overviewer.py -p 12 -c "/srv/minecraft-overviewer/survival/config.py" --genpoi
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "minecraft";
|
||||
Group = "users";
|
||||
ProtectHome = "no";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.minecraft-overviewer = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
timerConfig = { OnCalendar = "hourly"; };
|
||||
};
|
||||
|
||||
systemd.timers.minecraft-backup = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
timerConfig = { OnCalendar = "*:0/15"; };
|
||||
};
|
||||
|
||||
users.users.minecraft = {
|
||||
isNormalUser = true;
|
||||
group = "users";
|
||||
openssh.authorizedKeys.keys =
|
||||
config.users.users.ar.openssh.authorizedKeys.keys ++ [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOHWPbzvwXTftY1r0dXcYZxT9QBnQkwepdMn8PCAPlYvYwUObEj3rgYrYRFrtCRWZVrKAdqBxnH9/6S9w631Zs7tgqEeDHJsotZNZV3qip7qGjn9IqUHXqF95MUDJV21AeBAqQ1xalefwCkwf/vYLFn8dSnsnlfO+mtlHZOuBED+SB2U1eNrWY2e45v8m7PqSyTCbCu0F3wVcHGwRFsxWA598wf85UBRVcSWVcUydE9F+PCS9sGETkXiRUDcHWnup8uygs4xLa9RADubhdGkUbQE6m6yOjvHJWZ4ov59zJh+hmpszCwfmUw/k39T2TM7tbwUWxgc68qDyaMGQr/Wzd x10a94@Celestia"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeJ+LSo3YXE6Jk6pGKL5om/VOi7XE5OvHA2U73V0pJXHa1bA4ityICeNqec2w8TSWSwTihJ4oAM7YLShkERNTcd1NWNHgUYova9nJ/nItFxrxDpTQsqK315u4d7nE+go09c85cyomHbDDcNVg9kJeCUjF+dr82N7JZfYVdQystOslOROYtl94GHuFHVOQyBRGeSztmakYvK1+3WV8dby6TfYG1l6uf6qLCg7q64zR4xDDP0KgfcrsusBQ6qYnKhop1fUTaW9NtEOQP/MhFLDp2YQmTsNJDiKAQpwwYLexWq4UcziXbnRfD56CHFHbW7Hu6Ltu35cHFKR2r9y4TBwTV crendgrim@gmx.de"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.minecraft-backup = {
|
||||
script = ''
|
||||
export PATH="/run/current-system/sw/bin"
|
||||
/home/minecraft/minecraft-backup/backup.sh -w rcon -i /home/minecraft/survival/world -r $BACKUP_DESTINATION -s $RCON_AUTH -m -1
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "minecraft";
|
||||
Group = "users";
|
||||
ProtectHome = "no";
|
||||
EnvironmentFile = config.age.secrets.minecraftRestic.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = "cloud.is-a.cat";
|
||||
autoUpdateApps.enable = true;
|
||||
autoUpdateApps.startAt = "05:00:00";
|
||||
|
||||
settings.overwriteprotocol = "https";
|
||||
|
||||
config = {
|
||||
adminuser = "admin";
|
||||
adminpassFile = config.age.secrets.nextCloudAdmin.path;
|
||||
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
dbname = "nextcloud";
|
||||
dbhost = "/run/postgresql";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql.ensureDatabases =
|
||||
[ "nextcloud" "matrix-synapse" "mastodon" "dendrite" ];
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "matrix-synapse";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "mastodon";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "dendrite";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services."nextcloud-setup" = {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "is-a.cat";
|
||||
domains = [ "is-a.cat" "i.am-a.cat" "rsg.enterprises" ];
|
||||
certificateScheme = "acme-nginx";
|
||||
enableManageSieve = true;
|
||||
fullTextSearch = {
|
||||
enable = true;
|
||||
memoryLimit = 2000;
|
||||
};
|
||||
localDnsResolver = false;
|
||||
monitoring.enable = false;
|
||||
borgbackup.enable = false;
|
||||
backup.enable = false;
|
||||
messageSizeLimit = 41943040;
|
||||
loginAccounts = {
|
||||
"ar@is-a.cat" = {
|
||||
aliases = [
|
||||
"arachnist@is-a.cat"
|
||||
"letsencrypt@is-a.cat"
|
||||
"gustaw.weldon@is-a.cat"
|
||||
"@rsg.enterprises"
|
||||
"@i.am-a.cat"
|
||||
"ari@is-a.cat"
|
||||
];
|
||||
|
||||
hashedPasswordFile = config.age.secrets.arMail.path;
|
||||
};
|
||||
"apo@is-a.cat".hashedPasswordFile = config.age.secrets.apoMail.path;
|
||||
"madargon@is-a.cat".hashedPasswordFile =
|
||||
config.age.secrets.madargonMail.path;
|
||||
"enkiusz@is-a.cat".hashedPasswordFile = config.age.secrets.enkiMail.path;
|
||||
"mastodon@is-a.cat".hashedPasswordFile =
|
||||
config.age.secrets.mastodonMail.path;
|
||||
"matrix@is-a.cat".hashedPasswordFile = config.age.secrets.matrixMail.path;
|
||||
"vaultwarden@is-a.cat".hashedPasswordFile =
|
||||
config.age.secrets.vaultwardenMail.path;
|
||||
};
|
||||
};
|
||||
services.dovecot2.sieve.extensions = [ "fileinto" ];
|
||||
|
||||
# automata.of-a.cat
|
||||
services.dendrite = {
|
||||
enable = true;
|
||||
httpPort = 8108;
|
||||
loadCredential = [
|
||||
"matrix-server-key:${config.age.secrets.automataDendritePrivateKey.path}"
|
||||
];
|
||||
environmentFile = config.age.secrets.automataDendriteEnv.path;
|
||||
|
||||
settings = let
|
||||
database_config = {
|
||||
connection_string = "postgresql:///dendrite?host=/run/postgresql";
|
||||
max_open_conns = 10;
|
||||
max_idle_conns = 5;
|
||||
};
|
||||
in {
|
||||
global = {
|
||||
server_name = "automata.of-a.cat";
|
||||
private_key = "$CREDENTIALS_DIRECTORY/matrix-server-key";
|
||||
jetstream.storage_path = "/var/lib/dendrite/";
|
||||
};
|
||||
|
||||
client_api = {
|
||||
registration_disabled = true;
|
||||
rate_limiting.enabled = false;
|
||||
registration_shared_secret = "\${REGISTRATION_SHARED_SECRET}";
|
||||
};
|
||||
|
||||
app_service_api.database = database_config;
|
||||
federation_api.database = database_config;
|
||||
key_server.database = database_config;
|
||||
media_api.database = database_config;
|
||||
mscs.database = database_config;
|
||||
room_server.database = database_config;
|
||||
sync_api.database = database_config;
|
||||
user_api.account_database = database_config;
|
||||
user_api.device_database = database_config;
|
||||
relay_api.device_database = database_config;
|
||||
};
|
||||
};
|
||||
|
||||
# is-a.cat
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server_name = "is-a.cat";
|
||||
|
||||
registrations_require_3pid = [ "email" ];
|
||||
allowed_local_3pids = [{
|
||||
medium = "email";
|
||||
pattern = "^[^@]+@is-a.cat$";
|
||||
}];
|
||||
enable_registration = true;
|
||||
registration_requires_token = true;
|
||||
withJemalloc = true;
|
||||
};
|
||||
extraConfigFiles = [ config.age.secrets.synapseExtraConfig.path ];
|
||||
};
|
||||
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
webProcesses = 4;
|
||||
streamingProcesses = 4;
|
||||
localDomain = "is-a.cat";
|
||||
configureNginx = true;
|
||||
smtp = {
|
||||
user = "mastodon@is-a.cat";
|
||||
passwordFile = config.age.secrets.mastodonPlainMail.path;
|
||||
fromAddress = "mastodon@is-a.cat";
|
||||
host = "is-a.cat";
|
||||
createLocally = false;
|
||||
authenticate = true;
|
||||
};
|
||||
extraConfig = {
|
||||
EMAIL_DOMAIN_ALLOWLIST = "is-a.cat";
|
||||
MAX_TOOT_CHARS = "20000";
|
||||
MAX_PINNED_TOOTS = "10";
|
||||
MAX_BIO_CHARS = "2000";
|
||||
MAX_PROFILE_FIELDS = "8";
|
||||
MAX_POLL_OPTIONS = "10";
|
||||
MAX_IMAGE_SIZE = "33554432";
|
||||
MAX_VIDEO_SIZE = "167772160";
|
||||
ALLOWED_PRIVATE_ADDRESSES = "127.1.33.7";
|
||||
GITHUB_REPOSITORY = "arachnist/mastodon/tree/meow";
|
||||
};
|
||||
extraEnvFiles = [ config.age.secrets.mastodonActiveRecordSecrets.path ];
|
||||
package = pkgs.glitch-soc;
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
config = {
|
||||
DOMAIN = "https://vaultwarden.is-a.cat";
|
||||
ROCKET_PORT = "8222";
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
databaseUrl = "postgresql://vaultwarden@%2Frun%2Fpostgresql/vaultwarden";
|
||||
|
||||
smtpHost = "is-a.cat";
|
||||
smtpFrom = "vaultwarden@is-a.cat";
|
||||
smtpUsername = "vaultwarden@is-a.cat";
|
||||
smtpSecurity = "force_tls";
|
||||
|
||||
signupsDomainsWhitelist = "is-a.cat";
|
||||
};
|
||||
environmentFile = config.age.secrets.vaultwardenPlainMail.path;
|
||||
};
|
||||
services.nginx.virtualHosts."vaultwarden.is-a.cat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${
|
||||
toString config.services.vaultwarden.config.ROCKET_PORT
|
||||
}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://localhost:3012";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://localhost:8812";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# need to figure out something fancy about network configuration
|
||||
networking.hostName = "zorigami";
|
||||
|
||||
systemd.network.wait-online.enable = false;
|
||||
networking.useDHCP = false;
|
||||
networking.tempAddresses = "disabled";
|
||||
networking.interfaces = {
|
||||
enp38s0.useDHCP = false;
|
||||
enp42s0f3u5u3c2.useDHCP = false;
|
||||
enp36s0f0 = {
|
||||
useDHCP = false;
|
||||
ipv4 = {
|
||||
addresses = [{
|
||||
address = "185.236.240.137";
|
||||
prefixLength = 31;
|
||||
}];
|
||||
routes = [{
|
||||
address = "0.0.0.0";
|
||||
prefixLength = 0;
|
||||
via = "185.236.240.136";
|
||||
}];
|
||||
};
|
||||
ipv6 = {
|
||||
addresses = [{
|
||||
address = "2a0d:eb00:8007::10";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
routes = [{
|
||||
address = "::";
|
||||
prefixLength = 0;
|
||||
via = "2a0d:eb00:8007::1";
|
||||
}];
|
||||
};
|
||||
};
|
||||
# funky crossconnects
|
||||
enp36s0f1 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "10.21.37.1";
|
||||
prefixLength = 27;
|
||||
}];
|
||||
};
|
||||
enp39s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "10.21.37.33";
|
||||
prefixLength = 27;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
"8.8.4.4"
|
||||
"1.1.1.1"
|
||||
"2606:4700:4700::1111"
|
||||
"2606:4700:4700::1001"
|
||||
"2001:4860:4860::8888"
|
||||
];
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv6.conf.all.accept_ra" = false;
|
||||
"net.ipv6.conf.default.accept_ra" = false;
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
};
|
||||
networking.wireguard.interfaces = {
|
||||
wg-nibylandia = {
|
||||
ips = [ "10.255.255.1/24" ];
|
||||
privateKeyFile = config.age.secrets.wgNibylandia.path;
|
||||
listenPort = 51315;
|
||||
|
||||
peers = [
|
||||
{
|
||||
publicKey = "g/XhdVYsegn7Pp58Y1HFNxp4jhmA8YjRDg8W8J6swCw=";
|
||||
endpoint = "i.am-a.cat:51315";
|
||||
allowedIPs =
|
||||
[ "10.255.255.2/32" "192.168.20.0/24" "192.168.24.0/24" ];
|
||||
persistentKeepalive = 15;
|
||||
}
|
||||
{
|
||||
publicKey = "ubxtr3zW9F/ofjaQFnj6XpYcrOvTdOSW5wv06+VEehU=";
|
||||
allowedIPs = [ "10.255.255.3/32" ];
|
||||
persistentKeepalive = 15;
|
||||
}
|
||||
{
|
||||
publicKey = "tVH3q1AJZKsitYmASdaogMCBwhMCd8oSuDY2POpiUiY=";
|
||||
allowedIPs = [ "10.255.255.4/32" ];
|
||||
persistentKeepalive = 15;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.kea.dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interfaces-config = {
|
||||
interfaces = [ "enp36s0f1/10.21.37.1" "enp39s0/10.21.37.33" ];
|
||||
};
|
||||
|
||||
subnet4 = [
|
||||
{
|
||||
subnet = "10.21.37.0/27";
|
||||
pools = [{ pool = "10.21.37.5 - 10.21.37.25"; }];
|
||||
reservations-out-of-pool = true;
|
||||
reservations-in-subnet = true;
|
||||
}
|
||||
{
|
||||
subnet = "10.21.37.32/27";
|
||||
pools = [{ pool = "10.21.37.37 - 10.21.37.57"; }];
|
||||
reservations-out-of-pool = true;
|
||||
reservations-in-subnet = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"s.nork.club" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/srv/www/s.nork.club";
|
||||
};
|
||||
"ar.is-a.cat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { root = "/srv/www/arachnist.is-a.cat"; };
|
||||
locations."/up" = {
|
||||
proxyPass = "http://127.0.0.1:8000";
|
||||
basicAuthFile = config.age.secrets.cassAuth.path;
|
||||
extraConfig = ''
|
||||
proxy_request_buffering off;
|
||||
proxy_send_timeout "9000s";
|
||||
proxy_read_timeout "9000s";
|
||||
'';
|
||||
};
|
||||
locations."/down" = {
|
||||
proxyPass = "http://127.0.0.1:8000";
|
||||
basicAuthFile = config.age.secrets.cassAuth.path;
|
||||
extraConfig = ''
|
||||
proxy_request_buffering off;
|
||||
proxy_send_timeout "9000s";
|
||||
proxy_read_timeout "9000s";
|
||||
'';
|
||||
};
|
||||
};
|
||||
"arachnist.is-a.cat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { root = "/srv/www/arachnist.is-a.cat"; };
|
||||
};
|
||||
"brata.zajeba.li" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { root = "/srv/www/brata.zajeba.li"; };
|
||||
};
|
||||
"irc.is-a.cat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."^~ /weechat" = {
|
||||
proxyPass = "http://127.0.0.1:9001";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/" = { root = pkgs.glowing-bear; };
|
||||
};
|
||||
"cloud.is-a.cat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
"${config.services.matrix-synapse.settings.server_name}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/_matrix" = { proxyPass = "http://127.0.0.1:8008"; };
|
||||
|
||||
locations."/.well-known/matrix/server" = {
|
||||
return = ''
|
||||
200 "{\"m.server\":\"${config.services.matrix-synapse.settings.server_name}:443\",\"m.homeserver\":{\"base_url\":\"https://${config.services.matrix-synapse.settings.server_name}\"}}"'';
|
||||
};
|
||||
};
|
||||
"matrix.${config.services.matrix-synapse.settings.server_name}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
root = pkgs.cinny.override {
|
||||
conf = {
|
||||
homeserverList = [
|
||||
config.services.matrix-synapse.settings.server_name
|
||||
"matrix.hackerspace.pl"
|
||||
];
|
||||
allowCustomHomeservers = false;
|
||||
defaultHomeserver = 0;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
${config.services.dendrite.settings.global.server_name} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/.well-known/matrix/server".return = ''
|
||||
200 "{\"m.server\":\"matrix.${config.services.dendrite.settings.global.server_name}:443\",\"m.homeserver\":{\"base_url\":\"https://matrix.${config.services.dendrite.settings.global.server_name}\"}}"
|
||||
'';
|
||||
"/.well-known/matrix/client".return = ''
|
||||
200 "{\"m.homeserver\":{\"base_url\":\"https://matrix.${config.services.dendrite.settings.global.server_name}\"}}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
"matrix.${config.services.dendrite.settings.global.server_name}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/_matrix".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
"/_dendrite".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
"/_synapse".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
};
|
||||
};
|
||||
"rower.zajeba.li" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
return = "301 https://pl.wikipedia.org/wiki/Praga-Po%C5%82udnie";
|
||||
};
|
||||
};
|
||||
"wildcard.zajeba.li" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
serverAliases = [ "~^(.*).zajeba.li$" ];
|
||||
root = "/srv/www/wildcard_zajeba.li/$1";
|
||||
};
|
||||
};
|
||||
security.acme.certs."wildcard.zajeba.li" = {
|
||||
extraDomainNames = lib.mkForce [ ];
|
||||
domain = "*.zajeba.li";
|
||||
dnsProvider = "cloudflare";
|
||||
webroot = lib.mkForce null;
|
||||
credentialFiles = {
|
||||
CLOUDFLARE_DNS_API_TOKEN_FILE =
|
||||
config.age.secrets.acmeZorigamiZajebaLi.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.oidentd.enable = true;
|
||||
|
||||
programs.java = {
|
||||
enable = true;
|
||||
package = pkgs.openjdk21;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ john restic weechat ];
|
||||
users.groups.domi = { gid = 1004; };
|
||||
users.users.domi = {
|
||||
isNormalUser = true;
|
||||
uid = 1004;
|
||||
group = "domi";
|
||||
extraGroups = [ "users" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFHcfS3YKXUX4N8cD2IEF3GxHvb+IlynSSudDF1/e3U domi@kita"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkJRQYGIVC//ofxYrIxF3nP3D8gTDSSSMyEzG6JVQii domi@sakamoto"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImhJ+2pw5c1Tzx/g+S04on5bUXhwzloqRaiXti5UC7A domi@zork"
|
||||
];
|
||||
};
|
||||
}
|
35
nixos/zorigami/hardware.nix
Normal file
35
nixos/zorigami/hardware.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.zfs.extraPools = [ "tank" ];
|
||||
boot.zfs.package = pkgs.zfs_unstable;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
|
||||
boot.ryzen.enable = true;
|
||||
|
||||
networking.hostId = "7999af7c";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/2c034d00-d937-498c-85af-088616b8449c";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/C1BA-34FE";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/home/minecraft/survival/world" = {
|
||||
device = "survivalworld";
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=755" "uid=1001" "gid=100" "size=40G" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/86fee886-bdba-4f0b-8fe6-31c32e8232fa"; }];
|
||||
|
||||
}
|
4
nixos/zorigami/meta.json
Normal file
4
nixos/zorigami/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty",
|
||||
"system": "x86_64-linux"
|
||||
}
|
4
overlays/default.nix
Normal file
4
overlays/default.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
nibylandia = final: prev: (import ./nibylandia.nix) final prev;
|
||||
rpi5 = final: prev: (import ./rpi5.nix) final prev;
|
||||
}
|
32
overlays/nibylandia.nix
Normal file
32
overlays/nibylandia.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
self: super:
|
||||
let inherit (self) lib;
|
||||
in {
|
||||
cass = super.callPackage ../pkgs/cass.nix { };
|
||||
notbot = super.callPackage ../pkgs/notbot.nix { };
|
||||
glitch-soc = let
|
||||
emoji-reactions = import ../pkgs/glitch-soc/emoji.nix {
|
||||
inherit (super) fetchpatch fetchurl;
|
||||
};
|
||||
file-post-patch = lib.concatMapStringsSep "\n" (f: ''
|
||||
mkdir -p "$(dirname "${f.name}")"
|
||||
cp -f "${f.src}" "${f.name}"
|
||||
'') emoji-reactions.files;
|
||||
tl-replacer = super.callPackage ../pkgs/glitch-soc/tl-replacer { };
|
||||
in self.callPackage ../pkgs/glitch-soc {
|
||||
srcPostPatch = ''
|
||||
${file-post-patch}
|
||||
${tl-replacer}/tl-replacer ${tl-replacer}/tl-replacer.yaml
|
||||
'';
|
||||
inherit (emoji-reactions) patches;
|
||||
};
|
||||
|
||||
python3 = super.python3.override {
|
||||
packageOverrides = self: super: {
|
||||
pillow_with_headers =
|
||||
self.callPackage ../pkgs/pillow-with-headers.nix { };
|
||||
minecraft-overviewer =
|
||||
self.callPackage ../pkgs/minecraft-overviewer.nix { };
|
||||
};
|
||||
};
|
||||
python3Packages = self.python3.pkgs;
|
||||
}
|
17
overlays/rpi5.nix
Normal file
17
overlays/rpi5.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
self: super: rec {
|
||||
linux_rpi5 = self.callPackage ../pkgs/linux_rpi/linux-rpi.nix {
|
||||
kernelPatches = with self.kernelPatches; [
|
||||
bridge_stp_helper
|
||||
request_key_helper
|
||||
];
|
||||
rpiVersion = 5;
|
||||
};
|
||||
|
||||
linuxPackages_rpi5 = self.linuxPackagesFor linux_rpi5;
|
||||
|
||||
rpi5-arm-tf = self.callPackage ../pkgs/rpi5-arm-tf.nix { };
|
||||
rpi5-edk2-tools = self.callPackage ../pkgs/rpi5-edk2-tools.nix { };
|
||||
rpi5-uefi = self.callPackage ../pkgs/rpi5-uefi.nix { };
|
||||
rpi5-uefi-bin = self.callPackage ../pkgs/rpi5-uefi-bin.nix { };
|
||||
rpi5-dtb = self.callPackage ../pkgs/rpi5-dtb.nix { };
|
||||
}
|
16
pkgs/cass.nix
Normal file
16
pkgs/cass.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ fetchFromGitea, buildGoPackage, ... }:
|
||||
|
||||
buildGoPackage rec {
|
||||
pname = "cass";
|
||||
version = "0.0.1";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "codeberg.org";
|
||||
owner = "arachnist";
|
||||
repo = pname;
|
||||
rev = "00b3536c5b546bb5b929b2562c86fee2869885a4";
|
||||
sha256 = "+ZGO/ZoGN+LdcPGWHjjZ/wpayFxnfKvxiVMaS0iNYr0=";
|
||||
};
|
||||
|
||||
goPackagePath = "github.com/arachnist/cass";
|
||||
}
|
26
pkgs/glitch-soc/default.nix
Normal file
26
pkgs/glitch-soc/default.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ callPackage, patches ? [ ], srcPostPatch ? "", mastodon, }:
|
||||
let
|
||||
src = callPackage ./source.nix {
|
||||
inherit patches;
|
||||
postPatch = srcPostPatch;
|
||||
};
|
||||
|
||||
# the upstream nix package doesn't support yarn berry yet so here we fucking go
|
||||
# see https://github.com/NixOS/nixpkgs/issues/254369 and https://github.com/NixOS/nixpkgs/issues/277697
|
||||
yarn-deps = callPackage ./yarn.nix {
|
||||
inherit src;
|
||||
hash = src.yarnHash;
|
||||
};
|
||||
|
||||
# this is mastodon built from the glitch source
|
||||
# modules are unpatched though
|
||||
glitch-1 = mastodon.override {
|
||||
pname = "glitch";
|
||||
srcOverride = src;
|
||||
gemset = ./. + "/gemset.nix";
|
||||
};
|
||||
|
||||
modules = callPackage ./modules.nix { inherit glitch-1 yarn-deps; };
|
||||
|
||||
glitch-2 = glitch-1.overrideAttrs (old: { mastodonModules = modules; });
|
||||
in glitch-2
|
138
pkgs/glitch-soc/emoji.nix
Normal file
138
pkgs/glitch-soc/emoji.nix
Normal file
|
@ -0,0 +1,138 @@
|
|||
# autogenerated file
|
||||
{fetchpatch, fetchurl}: {
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/4dc414453dfecd6b9a45ceccdace92812814212b.patch";
|
||||
hash = "sha256-i0zXqVW43ZQuCrGNxgVSf5/OV4AdeJDykTIgo9FHLeA=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/b1f2ef4f95eb1dc982561514cf96a6b4913d9083.patch";
|
||||
hash = "sha256-mPTn1tSFX16H3qw6tTMoY8ZEpSFw0WwMoAlwdMdN5o8=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/b63636b0a68efb1d228d2e2d095ac3856c7e4972.patch";
|
||||
hash = "sha256-W54/zXblx89YfWqkkeHYpYArDPzI63S+XgPw5kbtVIQ=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/c6ef1a902cddaab21987fae31a80321794a10573.patch";
|
||||
hash = "sha256-ShXE7LykbImUByMjpKpMrB+mvjV9Y+txwNWBQwlHYX0=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/638ea3bf2df621a43b58df03453a1015c4fab139.patch";
|
||||
hash = "sha256-EYNjYGTtpvMA2rX959RjD7buPeC2zRYXcqO92jUszss=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/e60b2ef24541ef626f24da577bd1ccbb29d015ce.patch";
|
||||
hash = "sha256-HpYr5hSVw39kCQd6RUUAgZvbDpZ77lwmKXhuQ6//UGk=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/323a50c9a9a4867d2bb0003929f241c6bd102ae4.patch";
|
||||
hash = "sha256-Q8gQwOlakdulWBKT4RQ8HLq8MUuw2gBum3mHygsu1OE=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/3150cd5ebaa7b2106e74284b9bd0ebb72a881e7f.patch";
|
||||
hash = "sha256-//d36ZolRH5Z9/2tBGWAUjlbIbaXb2MQGrDUVrlPHGI=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/0fa071703cdd29387b02b7585ea7708907a0b47f.patch";
|
||||
hash = "sha256-F73oi+m6905u9N/iE+0kG8a/raSPW7znDeoNSjzrWJc=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/7691ac0053b51df419014cd84e2c5646e70b71e0.patch";
|
||||
hash = "sha256-WgWtfn2UJXUz1elSPlM6PfIOG9xRgP0KVOtJ/35tY44=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/a624ba5621d5c26715954592cb76ab26dc4a30d4.patch";
|
||||
hash = "sha256-Vj2vaxJf6Fyuew4yTZ8T8rH7sVmey3zkmlYX++L4DzQ=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/b9723c99cf7397b124c207367208e571f0a56972.patch";
|
||||
hash = "sha256-QWrAHRSAUG5swVxV19Y1yg5tupnEafHzJf6j7se95A8=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/16b08f1d6bcc9ffd1e3316a11dc8c2def1926245.patch";
|
||||
hash = "sha256-zWDnO/KLpl0aBaxS2DTt0W7WCeR29gU4N//5gZvJcwg=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/49e3973158dcb33257a12dd15d86b685b8435728.patch";
|
||||
hash = "sha256-ygSdBo/9UKp9LAHNvpjvqcRF5uFpRWaqOH86gLnxYwU=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/bec0e6dd37df9799edb14b4d8d0e63692b66cf31.patch";
|
||||
hash = "sha256-haFsOBTGWWbhEvbWWVf9Sawdw/CCUa3ZVRCz3AHNlF4=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/23f608619f1c8392dae995982c7595972147a9c8.patch";
|
||||
hash = "sha256-+oUPXiHicgK1/r1lovl4IH6jZ7rDUWwBuVCDywzCPCk=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/3c66a42d0ad7f3416c8c130cf90364ac3acbb86d.patch";
|
||||
hash = "sha256-N4yijNnCfeBb8CVsVK8L/ncRyWcvDZD9gkHaUMR1WaA=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/d37eb7f3eb4c38d00c8c4040bbba764036fb8019.patch";
|
||||
hash = "sha256-SUOgcCBXlfsyMHKYvkkvgiOkW1uzLruI+jy5uf9f5kA=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/21e5b2ac22cff0b84549cb357b73186cc33a4872.patch";
|
||||
hash = "sha256-mweLZ82np2r/kbbDJscwOomHgruULHxxlu9zhR51PNQ=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/89273da276cd987c01d0be3c4a0d598497167fd6.patch";
|
||||
hash = "sha256-6aLwW6uJu1dXHenCnpta3nta6vZ+ZWH5pxhMGM0nLr8=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/af4cbbbc185c432c6a18c1efb84222e48c44356c.patch";
|
||||
hash = "sha256-zBWsmMawNT1/1Kh4uZ7RpbIL03Gri7wsRMec/EYb/3Q=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/277428127e505120acbe3299d41b27c68fe78c83.patch";
|
||||
hash = "sha256-srvagWbsqZQbOtk2Wfyk5LoBhoqeW0fSZXgDm0q6UEg=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/pull/2462/commits/e48512b008f406a1f19336e71c44d33362df2606.patch";
|
||||
hash = "sha256-wPPZkkeieMbO0jeO9VXqQyW+F+D7WmcFoXSVHGY03bM=";
|
||||
})
|
||||
];
|
||||
files = [
|
||||
{
|
||||
src = fetchurl {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/raw/e48512b008f406a1f19336e71c44d33362df2606/app%2Fjavascript%2Fimages%2Fmailer-new%2Fheading%2Freaction.png";
|
||||
hash = "sha256-6QLPNTSigxXryjO0IbvZFOQjWrnwrQHr5Mb0ZJllMLk=";
|
||||
};
|
||||
name = "app/javascript/images/mailer-new/heading/reaction.png";
|
||||
}
|
||||
{
|
||||
src = fetchurl {
|
||||
url =
|
||||
"https://github.com/glitch-soc/mastodon/raw/e48512b008f406a1f19336e71c44d33362df2606/app%2Fjavascript%2Fimages%2Fmailer%2Ficon_add.png";
|
||||
hash = "sha256-UYDdj5GKsg1cfVTx04hwsEURk6iKZfQCMAA2UFT0SJA=";
|
||||
};
|
||||
name = "app/javascript/images/mailer/icon_add.png";
|
||||
}
|
||||
];
|
||||
}
|
3642
pkgs/glitch-soc/gemset.nix
Normal file
3642
pkgs/glitch-soc/gemset.nix
Normal file
File diff suppressed because it is too large
Load diff
69
pkgs/glitch-soc/modules.nix
Normal file
69
pkgs/glitch-soc/modules.nix
Normal file
|
@ -0,0 +1,69 @@
|
|||
# this is mostly copied from upstream mastodon packaging, but modified for yarn-berry deps
|
||||
{ stdenv, nodejs-slim, yarn-berry, brotli,
|
||||
# previous inputs
|
||||
glitch-1, yarn-deps, }:
|
||||
stdenv.mkDerivation {
|
||||
pname = "glitch-modules";
|
||||
inherit (glitch-1) src version;
|
||||
|
||||
yarnOfflineCache = yarn-deps;
|
||||
|
||||
nativeBuildInputs =
|
||||
[ glitch-1.mastodonGems glitch-1.mastodonGems.wrappedRuby ]
|
||||
++ [ nodejs-slim yarn-berry brotli ];
|
||||
|
||||
RAILS_ENV = "production";
|
||||
NODE_ENV = "production";
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
export HOME=$PWD
|
||||
# This option is needed for openssl-3 compatibility
|
||||
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
|
||||
export NODE_OPTIONS=--openssl-legacy-provider
|
||||
|
||||
export YARN_ENABLE_TELEMETRY=0
|
||||
mkdir -p ~/.yarn/berry
|
||||
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
|
||||
|
||||
yarn install --immutable --immutable-cache
|
||||
|
||||
patchShebangs ~/bin
|
||||
patchShebangs ~/node_modules
|
||||
|
||||
# skip running yarn install
|
||||
rm -rf ~/bin/yarn
|
||||
|
||||
OTP_SECRET=precompile_placeholder \
|
||||
SECRET_KEY_BASE=precompile_placeholder \
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
|
||||
rails assets:precompile
|
||||
yarn cache clean
|
||||
rm -rf ~/node_modules/.cache
|
||||
|
||||
# Create missing static gzip and brotli files
|
||||
gzip --best --keep ~/public/assets/500.html
|
||||
gzip --best --keep ~/public/packs/report.html
|
||||
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
|
||||
-exec gzip --best --keep --force {} ';'
|
||||
brotli --best --keep ~/public/packs/report.html
|
||||
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
|
||||
-exec brotli --best --keep {} ';'
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/public
|
||||
cp -r node_modules $out/node_modules
|
||||
cp -r public/assets $out/public
|
||||
cp -r public/packs $out/public
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
23
pkgs/glitch-soc/source.nix
Normal file
23
pkgs/glitch-soc/source.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ lib, applyPatches, fetchFromGitHub, patches ? [ ], postPatch ? "", yarn-berry
|
||||
, gawk, gnused, }:
|
||||
(applyPatches {
|
||||
src = fetchFromGitHub {
|
||||
owner = "glitch-soc";
|
||||
repo = "mastodon";
|
||||
rev = "a8e6f5e656a9f46377b05d288654c1ba86bb858f";
|
||||
hash = "sha256-EP+43scB5+cpmL3yM8TLAWSb7PbZQpdhOwewXae+FnI=";
|
||||
};
|
||||
inherit patches;
|
||||
nativeBuildInputs = [ gawk gnused ];
|
||||
postPatch = postPatch
|
||||
+ lib.optionalString (lib.versionAtLeast yarn-berry.version "4.1.0") ''
|
||||
# this is for yarn starting with 4.1.0 because fuck everything amirite
|
||||
# see also https://github.com/yarnpkg/berry/pull/6083
|
||||
echo "patching cachekey in yarn.lock"
|
||||
cacheKey="$(awk -e '/cacheKey:/ {print $2}' yarn.lock)"
|
||||
sed -i -Ee 's|^ checksum: ([^/]*)$| checksum: '$cacheKey'/\1|g;' yarn.lock
|
||||
'';
|
||||
}) // {
|
||||
version = "unstable-2024-05-30";
|
||||
yarnHash = "sha256-BNk6xMx11QYQQ8occYU1HJ6z/AuF2UeDRzJwgAFb0XQ=";
|
||||
}
|
13
pkgs/glitch-soc/tl-replacer/default.nix
Normal file
13
pkgs/glitch-soc/tl-replacer/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ stdenv, ruby }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "tl-replacer";
|
||||
version = "0.2";
|
||||
src = ./.;
|
||||
|
||||
buildInputs = [ ruby ];
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r $src/tl-replacer* $out
|
||||
'';
|
||||
}
|
57
pkgs/glitch-soc/tl-replacer/tl-replacer
Executable file
57
pkgs/glitch-soc/tl-replacer/tl-replacer
Executable file
|
@ -0,0 +1,57 @@
|
|||
#!/usr/bin/ruby
|
||||
require 'json'
|
||||
require 'yaml'
|
||||
require 'pp'
|
||||
|
||||
config = YAML.load_file(ARGV[0])
|
||||
def update_translations(hash, replacements)
|
||||
hash.reduce({}) do |acc, (key,value)|
|
||||
if value.is_a?(Hash)
|
||||
acc[key] = update_translations(value, replacements)
|
||||
elsif value.is_a?(String)
|
||||
replacements.to_a.sort_by do |x| 0-x[0].length end.each do |from, to|
|
||||
if value.match?(from) then
|
||||
value.gsub!(from, to)
|
||||
end
|
||||
end
|
||||
acc[key] = value
|
||||
end
|
||||
acc
|
||||
end
|
||||
end
|
||||
|
||||
config["paths"].each do |dir|
|
||||
Dir.entries(dir).each do |fname|
|
||||
config["replacements"].each do |lang, conf|
|
||||
conf["filename-patterns"].each do |pattern|
|
||||
if File.fnmatch?(pattern, fname) then
|
||||
config["types"]["yaml"].each do |type_ext|
|
||||
if File.extname(fname) == type_ext then
|
||||
fpath = File.join(dir, fname)
|
||||
puts " .... updating #{fpath}"
|
||||
tl = YAML.load_file(fpath)
|
||||
tl = update_translations(tl, conf["strings"])
|
||||
|
||||
File.open(fpath, 'w') do |file|
|
||||
file.write(tl.to_yaml(options = {:line_width => -1}))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
config["types"]["json"].each do |type_ext|
|
||||
if File.extname(fname) == type_ext then
|
||||
fpath = File.join(dir, fname)
|
||||
puts " .... updating #{fpath}"
|
||||
tl = JSON.load_file(fpath)
|
||||
tl = update_translations(tl, conf["strings"])
|
||||
|
||||
File.open(fpath, 'w') do |file|
|
||||
file.write(JSON.pretty_generate(tl))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
50
pkgs/glitch-soc/tl-replacer/tl-replacer.yaml
Normal file
50
pkgs/glitch-soc/tl-replacer/tl-replacer.yaml
Normal file
|
@ -0,0 +1,50 @@
|
|||
paths:
|
||||
- "app/javascript/flavours/glitch/locales"
|
||||
- "app/javascript/mastodon/locales"
|
||||
- "config/locales-glitch"
|
||||
- "config/locales"
|
||||
types:
|
||||
"yaml":
|
||||
- ".yml"
|
||||
- ".yaml"
|
||||
"json":
|
||||
- ".json"
|
||||
replacements:
|
||||
en:
|
||||
filename-patterns:
|
||||
- "en*.*"
|
||||
- "*.en*.*"
|
||||
strings:
|
||||
"posts": "meows"
|
||||
"post": "meow"
|
||||
"Posts": "Meows"
|
||||
"Post": "Meow"
|
||||
pl:
|
||||
filename-patterns:
|
||||
- "pl.*"
|
||||
- "*.pl.*"
|
||||
strings:
|
||||
"Ostatni post": "Ostatnie miauknięcie"
|
||||
"Ten wpis nie będzie widoczny pod podanymi hasztagami, ponieważ jest oznaczony jako niepubliczny.": "To miauknięcie nie będzie widoczne pod podanymi hasztagami, ponieważ jest oznaczone jako niepubliczne."
|
||||
"ten wpis": "to miauknięcie"
|
||||
"Ten wpis": "To miauknięcie"
|
||||
"Twój wpis": "Twoje miauknięcie"
|
||||
"Twój post został podbity": "Twoje miauknięcie zostało podbite"
|
||||
"nowy wpis": "nowe miauknięcie"
|
||||
"swój pierwszy post": "swoje pierwsze miauknięcie"
|
||||
"Ten wpis nie może zostać podbity": "To miauknięcie nie może zostać podbite"
|
||||
"Post": "Miauknięcie"
|
||||
"post": "miauknięcie"
|
||||
"Posty": "Miauknięcia"
|
||||
"posty": "miauknięcia"
|
||||
"postów": "miauknięć"
|
||||
"Wpis": "Miauknięcie"
|
||||
"Wpisy": "Miauknięcia"
|
||||
"wpis": "miauknięcie"
|
||||
"wpisy": "miauknięcia"
|
||||
"wpisach": "miauknięciach"
|
||||
"wpisów": "miauknięć"
|
||||
"wpisu": "miauknięcia"
|
||||
"wpisie": "miauknięciu"
|
||||
"Opublikuj": "Miauknij"
|
||||
"wzmianki": "miauknięcia"
|
20
pkgs/glitch-soc/update-emoji-patch.sh
Executable file
20
pkgs/glitch-soc/update-emoji-patch.sh
Executable file
|
@ -0,0 +1,20 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl jq nix-prefetch
|
||||
|
||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||
|
||||
# kinda hacky? seems to work fine though :3
|
||||
echo -e "# autogenerated file\n{fetchpatch, fetchurl}: {\n patches = [" > emoji.nix
|
||||
curl 'https://api.github.com/repos/glitch-soc/mastodon/pulls/2462/commits' | jq -r 'map(.sha) | .[]' | while read sha; do
|
||||
url="https://github.com/glitch-soc/mastodon/pull/2462/commits/$sha.patch"
|
||||
hash="$(nix-prefetch fetchpatch --url "$url")"
|
||||
echo -e ' (fetchpatch {\n url =\n "'$url'";\n hash = "'$hash'";\n })' >> emoji.nix
|
||||
done
|
||||
echo -e ' ];\n files = [' >> emoji.nix
|
||||
curl 'https://api.github.com/repos/glitch-soc/mastodon/pulls/2462/files?per_page=100' | jq -c 'map(select(has("patch")|not) | {name:.filename,url:.raw_url}) | .[]' | while read json; do
|
||||
name="$(jq -r '.name' <<<"$json")"
|
||||
url="$(jq -r '.url' <<<"$json")"
|
||||
hash="$(nix-prefetch fetchurl --url "$url")"
|
||||
echo -e ' {\n src = fetchurl {\n url =\n "'$url'";\n hash = "'$hash'";\n };\n name = "'$name'";\n }' >> emoji.nix
|
||||
done
|
||||
echo -e ' ];\n}' >> emoji.nix
|
35
pkgs/glitch-soc/update.sh
Executable file
35
pkgs/glitch-soc/update.sh
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i bash -p curl jq coreutils nix-prefetch-github gnused bundix prefetch-yarn-deps
|
||||
|
||||
set -e
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
commit="$(curl -SsL "$1")"
|
||||
rev="$(jq -r '.commit.sha' <<<"$commit")"
|
||||
date="$(jq -r '.commit.commit.committer.date' <<<"$commit")"
|
||||
date="$(date --date="$date" --iso-8601=date)"
|
||||
echo "current commit is $rev, prefetching..."
|
||||
|
||||
hash="$(nix-prefetch-github glitch-soc mastodon --rev "$rev" | jq -r '.hash')"
|
||||
|
||||
sed -i -Ee "s|^( *rev = )\".*\";|\\1\"$rev\";|g;" ./source.nix
|
||||
sed -i -Ee "s|^( *hash = )\".*\";|\\1\"$hash\";|g;" ./source.nix
|
||||
sed -i -Ee "s|^( *version = )\".*\";|\\1\"unstable-$date\";|g;" ./source.nix
|
||||
|
||||
echo "building source"
|
||||
srcdir="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
|
||||
|
||||
echo "creating gemset"
|
||||
rm -f gemset.nix
|
||||
bundix --lockfile $srcdir/Gemfile.lock --gemfile $srcdir/Gemfile
|
||||
echo "" >> gemset.nix
|
||||
|
||||
# TODO: find a way to automate this
|
||||
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix
|
||||
# echo "creating yarn hash"
|
||||
# hash="$(prefetch-yarn-deps $srcdir/yarn.lock)"
|
||||
# hash="$(nix hash --to-sri --type sha256 "$hash")"
|
||||
# sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"$hash\";|g;' ./source.nix
|
||||
|
||||
./update-emoji-patch.sh
|
35
pkgs/glitch-soc/yarn.nix
Normal file
35
pkgs/glitch-soc/yarn.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{ stdenvNoCC, yarn-berry, cacert, src, hash, }:
|
||||
stdenvNoCC.mkDerivation {
|
||||
name = "yarn-deps";
|
||||
nativeBuildInputs = [ yarn-berry cacert ];
|
||||
inherit src;
|
||||
|
||||
dontInstall = true;
|
||||
|
||||
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
buildPhase = ''
|
||||
mkdir -p $out
|
||||
|
||||
export HOME=$(mktemp -d)
|
||||
echo $HOME
|
||||
|
||||
export YARN_ENABLE_TELEMETRY=0
|
||||
export YARN_COMPRESSION_LEVEL=0
|
||||
|
||||
cache="$(yarn config get cacheFolder)"
|
||||
if ! yarn install --immutable --mode skip-build; then
|
||||
cp yarn.lock yarn.lock.bak
|
||||
yarn install --mode skip-build
|
||||
diff -u yarn.lock.bak yarn.lock > yarn.lock.diff
|
||||
echo "yarn build failed! diff generated as yarn.lock.diff"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cp -r $cache/* $out/
|
||||
'';
|
||||
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash = hash;
|
||||
outputHashMode = "recursive";
|
||||
}
|
77
pkgs/linux_rpi/linux-rpi.nix
Normal file
77
pkgs/linux_rpi/linux-rpi.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ stdenv, lib, buildPackages, fetchFromGitHub, perl, buildLinux, rpiVersion, ...
|
||||
}@args:
|
||||
|
||||
let
|
||||
# NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this
|
||||
modDirVersion = "6.1.73";
|
||||
tag = "stable_20240124";
|
||||
in lib.overrideDerivation (buildLinux (args // {
|
||||
version = "${modDirVersion}-${tag}";
|
||||
inherit modDirVersion;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "raspberrypi";
|
||||
repo = "linux";
|
||||
rev = tag;
|
||||
hash = "sha256-P4ExzxWqZj+9FZr9U2tmh7rfs/3+iHEv0m74PCoXVuM=";
|
||||
};
|
||||
|
||||
defconfig = {
|
||||
"1" = "bcmrpi_defconfig";
|
||||
"2" = "bcm2709_defconfig";
|
||||
"3" = if stdenv.hostPlatform.isAarch64 then
|
||||
"bcmrpi3_defconfig"
|
||||
else
|
||||
"bcm2709_defconfig";
|
||||
"4" = "bcm2711_defconfig";
|
||||
"5" = "bcm2712_defconfig";
|
||||
}.${toString rpiVersion};
|
||||
|
||||
features = { efiBootStub = false; } // (args.features or { });
|
||||
|
||||
extraMeta = if (rpiVersion < 3) then {
|
||||
platforms = with lib.platforms; arm;
|
||||
hydraPlatforms = [ ];
|
||||
} else {
|
||||
platforms = with lib.platforms; arm ++ aarch64;
|
||||
hydraPlatforms = [ "aarch64-linux" ];
|
||||
};
|
||||
} // (args.argsOverride or { }))) (oldAttrs: {
|
||||
postConfigure = ''
|
||||
# The v7 defconfig has this set to '-v7' which screws up our modDirVersion.
|
||||
sed -i $buildRoot/.config -e 's/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=""/'
|
||||
sed -i $buildRoot/include/config/auto.conf -e 's/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=""/'
|
||||
'';
|
||||
|
||||
# Make copies of the DTBs named after the upstream names so that U-Boot finds them.
|
||||
# This is ugly as heck, but I don't know a better solution so far.
|
||||
postFixup = ''
|
||||
dtbDir=${if stdenv.isAarch64 then "$out/dtbs/broadcom" else "$out/dtbs"}
|
||||
rm $dtbDir/bcm283*.dtb
|
||||
copyDTB() {
|
||||
cp -v "$dtbDir/$1" "$dtbDir/$2"
|
||||
}
|
||||
'' + lib.optionalString
|
||||
(lib.elem stdenv.hostPlatform.system [ "armv6l-linux" ]) ''
|
||||
copyDTB bcm2708-rpi-zero-w.dtb bcm2835-rpi-zero.dtb
|
||||
copyDTB bcm2708-rpi-zero-w.dtb bcm2835-rpi-zero-w.dtb
|
||||
copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-a.dtb
|
||||
copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-b.dtb
|
||||
copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-b-rev2.dtb
|
||||
copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-a-plus.dtb
|
||||
copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-b-plus.dtb
|
||||
copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-zero.dtb
|
||||
copyDTB bcm2708-rpi-cm.dtb bcm2835-rpi-cm.dtb
|
||||
'' + lib.optionalString
|
||||
(lib.elem stdenv.hostPlatform.system [ "armv7l-linux" ]) ''
|
||||
copyDTB bcm2709-rpi-2-b.dtb bcm2836-rpi-2-b.dtb
|
||||
'' + lib.optionalString
|
||||
(lib.elem stdenv.hostPlatform.system [ "armv7l-linux" "aarch64-linux" ]) ''
|
||||
copyDTB bcm2710-rpi-zero-2.dtb bcm2837-rpi-zero-2.dtb
|
||||
copyDTB bcm2710-rpi-3-b.dtb bcm2837-rpi-3-b.dtb
|
||||
copyDTB bcm2710-rpi-3-b-plus.dtb bcm2837-rpi-3-a-plus.dtb
|
||||
copyDTB bcm2710-rpi-3-b-plus.dtb bcm2837-rpi-3-b-plus.dtb
|
||||
copyDTB bcm2710-rpi-cm3.dtb bcm2837-rpi-cm3.dtb
|
||||
copyDTB bcm2711-rpi-4-b.dtb bcm2838-rpi-4-b.dtb
|
||||
'';
|
||||
})
|
13
pkgs/mastodonUpdate.nix
Normal file
13
pkgs/mastodonUpdate.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ runtimeShell, writeScriptBin, mastodon, symlinkJoin }:
|
||||
|
||||
let
|
||||
name = "mastodon-update.sh";
|
||||
script = writeScriptBin name ''
|
||||
#!${runtimeShell}
|
||||
exec ${mastodon.updateScript} "$@"
|
||||
'';
|
||||
|
||||
in symlinkJoin {
|
||||
inherit name;
|
||||
paths = [ script ];
|
||||
}
|
44
pkgs/minecraft-overviewer.nix
Normal file
44
pkgs/minecraft-overviewer.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{ fetchFromGitHub, pkgs, buildPythonPackage, python3Packages, python3, ... }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "Minecraft-Overviewer";
|
||||
version = "2024-03-15";
|
||||
format = "other";
|
||||
|
||||
propagatedBuildInputs = with pkgs;
|
||||
[ pipreqs ] ++ (with python3Packages; [
|
||||
pillow_with_headers
|
||||
altgraph
|
||||
certifi
|
||||
charset-normalizer
|
||||
docopt
|
||||
idna
|
||||
importlib-metadata
|
||||
nbtlib
|
||||
numpy
|
||||
packaging
|
||||
pefile
|
||||
requests
|
||||
urllib3
|
||||
yarg
|
||||
zipp
|
||||
]);
|
||||
|
||||
buildInputs = with python3Packages; [ setuptools ];
|
||||
|
||||
buildPhase = ''
|
||||
export CFLAGS="-I${python3Packages.pillow_with_headers}/include/libImaging"
|
||||
${python3.interpreter} setup.py build
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
${python3.interpreter} setup.py install --prefix=$out --install-lib=$out/${python3.sitePackages}
|
||||
'';
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "GregoryAM-SP";
|
||||
repo = "The-Minecraft-Overviewer";
|
||||
rev = "4deb15d2cfbaaff7327a39b1e24d03eb4f7878ec";
|
||||
sha256 = "sha256-8YCZ7pk0Rj7wAT5DqGZmNsSI5qQWx5By+1G73yUsAQw=";
|
||||
};
|
||||
}
|
17
pkgs/notbot.nix
Normal file
17
pkgs/notbot.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ fetchFromGitea, buildGoModule, ... }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "notbot";
|
||||
version = "0.0.3";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "codeberg.org";
|
||||
owner = "arachnist";
|
||||
repo = pname;
|
||||
rev = "195b12bdba2d579533e00de9c9dce52ece0bc562";
|
||||
sha256 = "cHy1TSUI2KfZyaZMXJibT4G/HwcBhPKQF6ftJpilRCQ=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-gi6mrJW65tfWYScwRlPSvBartqfvVlGbR9GWfj9G4xE=";
|
||||
proxyVendor = true;
|
||||
}
|
8
pkgs/pillow-with-headers.nix
Normal file
8
pkgs/pillow-with-headers.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ python3Packages, ... }:
|
||||
|
||||
python3Packages.pillow.overrideAttrs (_: {
|
||||
postInstall = ''
|
||||
mkdir -p $out/include/libImaging
|
||||
cp src/libImaging/*.h $out/include/libImaging
|
||||
'';
|
||||
})
|
60
pkgs/raspberrypi-wireless/default.nix
Normal file
60
pkgs/raspberrypi-wireless/default.nix
Normal file
|
@ -0,0 +1,60 @@
|
|||
{ lib, stdenvNoCC, fetchFromGitHub }:
|
||||
|
||||
stdenvNoCC.mkDerivation {
|
||||
pname = "raspberrypi-wireless-firmware";
|
||||
version = "unstable-2023-11-15";
|
||||
|
||||
srcs = [
|
||||
(fetchFromGitHub {
|
||||
name = "bluez-firmware";
|
||||
owner = "RPi-Distro";
|
||||
repo = "bluez-firmware";
|
||||
rev = "d9d4741caba7314d6500f588b1eaa5ab387a4ff5";
|
||||
hash = "sha256-CjbZ3t3TW/iJ3+t9QKEtM9NdQU7SwcUCDYuTmFEwvhU=";
|
||||
})
|
||||
(fetchFromGitHub {
|
||||
name = "firmware-nonfree";
|
||||
owner = "RPi-Distro";
|
||||
repo = "firmware-nonfree";
|
||||
rev = "3db4164cfd89e6d9afb7ebc87607b792651512df";
|
||||
hash = "sha256-Yynww79LPPkau4YDSLI6IMOjH64nMpHUdGjnCfIR2+M=";
|
||||
})
|
||||
];
|
||||
|
||||
sourceRoot = ".";
|
||||
|
||||
dontBuild = true;
|
||||
# Firmware blobs do not need fixing and should not be modified
|
||||
dontFixup = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p "$out/lib/firmware/brcm"
|
||||
|
||||
# Wifi firmware
|
||||
cp -rv "$NIX_BUILD_TOP/firmware-nonfree/debian/config/brcm80211/." "$out/lib/firmware/"
|
||||
|
||||
# Bluetooth firmware
|
||||
cp -rv "$NIX_BUILD_TOP/bluez-firmware/debian/firmware/broadcom/." "$out/lib/firmware/brcm"
|
||||
|
||||
# brcmfmac43455-sdio.bin is a symlink to the non-existent path: ../cypress/cyfmac43455-sdio.bin.
|
||||
# See https://github.com/RPi-Distro/firmware-nonfree/issues/26
|
||||
ln -s "./cyfmac43455-sdio-standard.bin" "$out/lib/firmware/cypress/cyfmac43455-sdio.bin"
|
||||
|
||||
pushd $out/lib/firmware/brcm &>/dev/null
|
||||
# Symlinks for Zero 2W
|
||||
ln -s "./brcmfmac43436-sdio.clm_blob" "$out/lib/firmware/brcm/brcmfmac43430b0-sdio.clm_blob"
|
||||
popd &>/dev/null
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description =
|
||||
"Firmware for builtin Wifi/Bluetooth devices in the Raspberry Pi 3+ and Zero W";
|
||||
homepage = "https://github.com/RPi-Distro/firmware-nonfree";
|
||||
license = licenses.unfreeRedistributableFirmware;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ lopsided98 ];
|
||||
};
|
||||
}
|
52
pkgs/raspberrypi/armstubs.nix
Normal file
52
pkgs/raspberrypi/armstubs.nix
Normal file
|
@ -0,0 +1,52 @@
|
|||
{ lib, stdenv, fetchFromGitHub }:
|
||||
|
||||
let inherit (lib) optionals;
|
||||
in stdenv.mkDerivation {
|
||||
pname = "raspberrypi-armstubs";
|
||||
version = "unstable-2022-07-11";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "raspberrypi";
|
||||
repo = "tools";
|
||||
rev = "439b6198a9b340de5998dd14a26a0d9d38a6bcac";
|
||||
hash =
|
||||
"sha512-KMHgj73eXHT++IE8DbCsFeJ87ngc9R3XxMUJy4Z3s4/MtMeB9zblADHkyJqz9oyeugeJTrDtuVETPBRo7M4Y8A==";
|
||||
};
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = toString [ "-march=armv8-a+crc" ];
|
||||
|
||||
preConfigure = ''
|
||||
cd armstubs
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"CC8=${stdenv.cc.targetPrefix}cc"
|
||||
"LD8=${stdenv.cc.targetPrefix}ld"
|
||||
"OBJCOPY8=${stdenv.cc.targetPrefix}objcopy"
|
||||
"OBJDUMP8=${stdenv.cc.targetPrefix}objdump"
|
||||
"CC7=${stdenv.cc.targetPrefix}cc"
|
||||
"LD7=${stdenv.cc.targetPrefix}ld"
|
||||
"OBJCOPY7=${stdenv.cc.targetPrefix}objcopy"
|
||||
"OBJDUMP7=${stdenv.cc.targetPrefix}objdump"
|
||||
] ++ optionals stdenv.isAarch64 [ "armstub8.bin" "armstub8-gic.bin" ]
|
||||
++ optionals stdenv.isAarch32 [
|
||||
"armstub7.bin"
|
||||
"armstub8-32.bin"
|
||||
"armstub8-32-gic.bin"
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -vp $out/
|
||||
cp -v *.bin $out/
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Firmware related ARM stubs for the Raspberry Pi";
|
||||
homepage = "https://github.com/raspberrypi/tools";
|
||||
license = licenses.bsd3;
|
||||
platforms = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ];
|
||||
maintainers = with maintainers; [ samueldr ];
|
||||
};
|
||||
}
|
37
pkgs/raspberrypi/default.nix
Normal file
37
pkgs/raspberrypi/default.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ lib, stdenvNoCC, fetchFromGitHub }:
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
# NOTE: this should be updated with linux_rpi
|
||||
pname = "raspberrypi-firmware";
|
||||
# raspberrypi/firmware no longers tag the releases. However, since each commit
|
||||
# on the stable branch corresponds to a tag in raspberrypi/linux repo, we
|
||||
# assume they are cut together.
|
||||
version = "stable_20240124";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "raspberrypi";
|
||||
repo = "firmware";
|
||||
rev = "4649b6d52005b52b1d23f553b5e466941bc862dc";
|
||||
hash = "";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/raspberrypi/
|
||||
mv boot "$out/share/raspberrypi/"
|
||||
'';
|
||||
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
dontFixup = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Firmware for the Raspberry Pi board";
|
||||
homepage = "https://github.com/raspberrypi/firmware";
|
||||
license =
|
||||
licenses.unfreeRedistributableFirmware; # See https://github.com/raspberrypi/firmware/blob/master/boot/LICENCE.broadcom
|
||||
maintainers = with maintainers; [ dezgeg ];
|
||||
# Hash mismatch on source, mystery.
|
||||
# Maybe due to https://github.com/NixOS/nix/issues/847
|
||||
broken = stdenvNoCC.isDarwin;
|
||||
};
|
||||
}
|
46
pkgs/rpi5-arm-tf.nix
Normal file
46
pkgs/rpi5-arm-tf.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ lib, stdenv, fetchFromGitHub, runCommand, buildPackages, pkgsCross, openssl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "arm-trusted-firmware-rpi5";
|
||||
version = "20240316";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "worproject";
|
||||
repo = "arm-trusted-firmware";
|
||||
rev = "682607fbd775e37fb5631508434dab9e60220c9a";
|
||||
hash = "sha256-Kdn9xJtHhwxvqpzC6osW2xWdZrlOmowaxBLPYGmtHYQ=";
|
||||
};
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ];
|
||||
|
||||
makeFlags = [
|
||||
"HOSTCC=$(CC_FOR_BUILD)"
|
||||
"AS=$(CC_FOR_BUILD)"
|
||||
"CROSS_COMPILE=${stdenv.cc.targetPrefix}"
|
||||
# binutils 2.39 regression
|
||||
# `warning: /build/source/build/rk3399/release/bl31/bl31.elf has a LOAD segment with RWX permissions`
|
||||
# See also: https://developer.trustedfirmware.org/T996
|
||||
"LDFLAGS=-no-warn-rwx-segments"
|
||||
|
||||
"PLAT=rpi5"
|
||||
"PRELOADED_BL33_BASE=0x20000"
|
||||
"RPI3_PRELOADED_DTB_BASE=0x1F0000"
|
||||
"SUPPORT_VFP=1"
|
||||
"SMC_PCI_SUPPORT=1"
|
||||
];
|
||||
|
||||
filesToInstall = [ "build/rpi5/release/*" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out
|
||||
cp -r ${lib.concatStringsSep " " filesToInstall} $out
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
hardeningDisable = [ "all" ];
|
||||
dontStrip = true;
|
||||
}
|
26
pkgs/rpi5-dtb.nix
Normal file
26
pkgs/rpi5-dtb.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ stdenv, fetchurl, ... }:
|
||||
|
||||
let
|
||||
dtbVersion = "1e403e23baab5673f0494a200f57cd01287d5b1a";
|
||||
fileName = "bcm2712-rpi-5-b.dtb";
|
||||
in stdenv.mkDerivation {
|
||||
pname = "rpi5-dtb";
|
||||
version = "20240316";
|
||||
|
||||
src = fetchurl {
|
||||
url =
|
||||
"https://github.com/raspberrypi/firmware/raw/${dtbVersion}/boot/${fileName}";
|
||||
hash = "sha256-xUMqzINz+mMR4UciG4ulyGhblXcwr6x1ksXerCsn5zI=";
|
||||
};
|
||||
|
||||
phases = [ "installPhase" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/
|
||||
cp $src $out/${fileName}
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
58
pkgs/rpi5-edk2-tools.nix
Normal file
58
pkgs/rpi5-edk2-tools.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
{ lib, stdenv, fetchFromGitHub, openssl, buildPackages, runCommand, clangStdenv
|
||||
, fetchpatch, libuuid, python3 }:
|
||||
|
||||
let
|
||||
srcWithVendoring = fetchFromGitHub {
|
||||
owner = "worproject";
|
||||
repo = "rpi5-uefi";
|
||||
rev = "c1ca184c608dca75a346cc56b8eaf42648d83e86";
|
||||
fetchSubmodules = true;
|
||||
hash = "sha256-mGMqgJXsEFq79aHes8HUGcKrfbGjeAHTA/xzbq5qURs=";
|
||||
};
|
||||
pythonEnv = buildPackages.python3.withPackages (ps: [ ps.tkinter ]);
|
||||
in stdenv.mkDerivation {
|
||||
name = "rpi5-edk2-tools";
|
||||
version = "20240316";
|
||||
|
||||
# We don't want EDK2 to keep track of OpenSSL,
|
||||
# they're frankly bad at it.
|
||||
src = runCommand "edk2-unvendored-src" { } ''
|
||||
cp --no-preserve=mode -r ${srcWithVendoring} $out
|
||||
rm -rf $out/edk2/CryptoPkg/Library/OpensslLib/openssl
|
||||
mkdir -p $out/edk2/CryptoPkg/Library/OpensslLib/openssl
|
||||
tar --strip-components=1 -xf ${buildPackages.openssl.src} -C $out/edk2/CryptoPkg/Library/OpensslLib/openssl
|
||||
chmod -R +w $out/
|
||||
|
||||
# Fix missing INT64_MAX include that edk2 explicitly does not provide
|
||||
# via it's own <stdint.h>. Let's pull in openssl's definition instead:
|
||||
sed -i $out/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c \
|
||||
-e '1i #include "internal/numbers.h"'
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ pythonEnv ];
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.bash ];
|
||||
depsHostHost = [ libuuid ];
|
||||
strictDeps = true;
|
||||
|
||||
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
|
||||
GCC5_AARCH64_PREFIX = stdenv.cc.targetPrefix;
|
||||
|
||||
makeFlags = [ "-C edk2/BaseTools" "-j 14" ];
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = "-Wno-return-type"
|
||||
+ lib.optionalString stdenv.cc.isGNU " -Wno-error=stringop-truncation"
|
||||
+ lib.optionalString stdenv.isDarwin " -Wno-error=macro-redefined";
|
||||
|
||||
hardeningDisable = [ "format" "fortify" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -vp $out
|
||||
mv -v edk2/BaseTools $out
|
||||
mv -v edk2/edksetup.sh $out
|
||||
# patchShebangs fails to see these when cross compiling
|
||||
for i in $out/BaseTools/BinWrappers/PosixLike/*; do
|
||||
substituteInPlace $i --replace '/usr/bin/env bash' ${buildPackages.bash}/bin/bash
|
||||
chmod +x "$i"
|
||||
done
|
||||
'';
|
||||
}
|
25
pkgs/rpi5-uefi-bin.nix
Normal file
25
pkgs/rpi5-uefi-bin.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ stdenv, lib, fetchzip }:
|
||||
|
||||
let version = "v0.3";
|
||||
in stdenv.mkDerivation {
|
||||
pname = "rpi5-uefi-bin";
|
||||
inherit version;
|
||||
|
||||
src = fetchzip {
|
||||
url =
|
||||
"https://github.com/worproject/rpi5-uefi/releases/download/${version}/RPi5_UEFI_Release_${version}.zip";
|
||||
sha256 = "sha256-bjEvq7KlEFANnFVL0LyexXEeoXj7rHGnwQpq09PhIb0=";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/boot
|
||||
mv ./* $out/boot
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; { description = "EDK2 port for raspberry pi 5"; };
|
||||
}
|
60
pkgs/rpi5-uefi.nix
Normal file
60
pkgs/rpi5-uefi.nix
Normal file
|
@ -0,0 +1,60 @@
|
|||
{ lib, stdenv, openssl, pkgsCross, buildPackages, runCommand, rpi5-arm-tf
|
||||
, rpi5-edk2-tools, libuuid, python3, bc, util-linux, nasm, acpica-tools }:
|
||||
|
||||
let pythonEnv = buildPackages.python3.withPackages (ps: [ ps.tkinter ]);
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "rpi5-uefi";
|
||||
|
||||
inherit (rpi5-edk2-tools) src version;
|
||||
|
||||
nativeBuildInputs = [ bc pythonEnv util-linux nasm acpica-tools ];
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
strictDeps = true;
|
||||
|
||||
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
|
||||
GCC5_AARCH64_PREFIX = stdenv.cc.targetPrefix;
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = toString [ "-Wformat" ];
|
||||
|
||||
prePatch = ''
|
||||
rm -rf edk2/BaseTools
|
||||
ln -sv ${rpi5-edk2-tools}/BaseTools edk2/BaseTools
|
||||
|
||||
sed -i -e '/ACPI_SD_LIMIT_UHS_DEFAULT/s/TRUE/FALSE/' edk2-platforms/Platform/RaspberryPi/RPi5/Drivers/RpiPlatformDxe/ConfigTable.h
|
||||
sed -i -e '/default\s*= SYSTEM_TABLE_MODE_ACPI/s/SYSTEM_TABLE_MODE_ACPI/SYSTEM_TABLE_MODE_BOTH/' edk2-platforms/Platform/RaspberryPi/RPi5/Drivers/RpiPlatformDxe/RpiPlatformDxeHii.vfr
|
||||
sed -i -e '/"SystemTableMode"/s/0$/1/' edk2-platforms/Platform/RaspberryPi/RPi5/RPi5.dsc
|
||||
'';
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
export WORKSPACE="$PWD"
|
||||
export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms:$WORKSPACE/edk2-non-osi
|
||||
|
||||
. $WORKSPACE/edk2/edksetup.sh BaseTools
|
||||
runHook postConfigure
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
build -a AARCH64 \
|
||||
-b RELEASE \
|
||||
-t GCC \
|
||||
-p edk2-platforms/Platform/RaspberryPi/RPi5/RPi5.dsc \
|
||||
-D TFA_BUILD_ARTIFACTS=${rpi5-arm-tf} \
|
||||
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L"${version}" \
|
||||
-n $NIX_BUILD_CORES $buildFlags
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out
|
||||
mv -v Build/RPi5/RELEASE_GCC/FV/RPI_EFI.fd $out/
|
||||
mv -v config.txt $out/
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
146
secrets.nix
146
secrets.nix
|
@ -1,49 +1,103 @@
|
|||
let
|
||||
ar_khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
|
||||
ar_microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
|
||||
ar = [ ar_khas ar_microlith ];
|
||||
|
||||
scylla =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg";
|
||||
khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6VxPqJHYKmVB5d7bd6vuRqBNKXV1fo2R/WvdSF77xa";
|
||||
zorigami =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
|
||||
stereolith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
|
||||
microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDghNuH/3G+0BXwrBZWZXX0V3K0tfu/Q/AKokLXY5zTD";
|
||||
let meta = import ./meta.nix;
|
||||
in {
|
||||
|
||||
"secrets/secureboot-key.age".publicKeys = ar ++ [ khas microlith ];
|
||||
"secrets/secureboot-cert.age".publicKeys = ar ++ [ khas microlith ];
|
||||
"secrets/khas-ar.age".publicKeys = ar ++ [ khas ];
|
||||
"secrets/microlith-ar.age".publicKeys = ar ++ [ microlith ];
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/nextCloudAdmin.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/nextCloudExporter.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/norkclubMinecraftRestic.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/cassAuth.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/miniflux.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/stuffAuth.age".publicKeys = ar ++ [ stereolith ];
|
||||
"secrets/wg/nibylandia_zorigami.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/ar.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/apo.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/mastodon.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/mastodonPlain.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/madargon.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/enki.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/matrix.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/vaultwarden.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/vaultwardenPlain.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/keycloak.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/keycloakPlain.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/keycloakDatabase.age".publicKeys = ar ++ [ zorigami ];
|
||||
|
||||
inherit ar;
|
||||
"secrets/secureboot-key.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
khas.publicKey
|
||||
microlith.publicKey
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
]);
|
||||
"secrets/secureboot-cert.age".publicKeys = meta.users.ar
|
||||
++ (with meta.hosts; [
|
||||
khas.publicKey
|
||||
microlith.publicKey
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
]);
|
||||
"secrets/khas-ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.khas.publicKey ];
|
||||
"secrets/microlith-ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.microlith.publicKey ];
|
||||
"secrets/amanojaku-ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.amanojaku.publicKey ];
|
||||
"secrets/nix-store.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
stereolith.publicKey
|
||||
khas.publicKey
|
||||
microlith.publicKey
|
||||
akamanto.publicKey
|
||||
amanojaku.publicKey
|
||||
tsukumogami.publicKey
|
||||
]);
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/lan/nibylandia-ddns-bind.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/notbotEnvironment.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/nextCloudAdmin.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/nextCloudExporter.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/norkclubMinecraftRestic.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/cassAuth.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/miniflux.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/stuffAuth.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.stereolith.publicKey ];
|
||||
"secrets/wg/nibylandia_zorigami.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/apo.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/mastodon.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/mastodonPlain.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/madargon.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/enki.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/matrix.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/vaultwarden.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/vaultwardenPlain.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/keycloak.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/keycloakPlain.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/keycloakDatabase.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/synapseExtraConfig.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mastodon-activerecord.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-zorigami.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/github-runner-token-zorigami.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/github-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
scylla.publicKey
|
||||
zorigami.publicKey
|
||||
]); # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time
|
||||
"secrets/acme-zorigami-zajeba.li.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/automata.of-a.cat-matrix_key.pem.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/automata.of-a.cat-matrix_env.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
}
|
||||
|
|
9
secrets/acme-zorigami-zajeba.li.age
Normal file
9
secrets/acme-zorigami-zajeba.li.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg qZRPbk9d9AHVVQfrsee+nPmCPfTc3cYMkIBy2lmbRBg
|
||||
KzBbIvpyFjQUYe7dtX1t0XV5wG5uwlEriXg+YrCvQ0w
|
||||
-> ssh-ed25519 grc4Uw bQii+4HNWJCp61FotQgZmGJm0slw/qmdk58+5ZmSXBU
|
||||
PE+2xj+WXqpf6ii5ePFX7gzomyEC/4VN5TKs2oJay+8
|
||||
-> ssh-ed25519 DLT88w 1TKVTSJ+CRKLG7GtcH9PXoQzXiNsINvkkzMN7cd0tkM
|
||||
SKmAoLbKZIsfkM0XmpERUKJd2J3eeT2gk98lA5QwxdI
|
||||
--- pR/aFqnbRFfJQ186q78Ep89Cx6uSDkuKnrAgaX21CKY
|
||||
¶5—Al%¤E‘JZ|t©¸ˆ†ãRÒ óG9—…tÇmɤNêB…¤ôðË`¨ƒÚNeøvPC… 5F³ÅÍÁ<C38D>.ö‰vö
|
9
secrets/amanojaku-ar.age
Normal file
9
secrets/amanojaku-ar.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg 3BLa5nyoJ/NDHVV8qId8zHZ9IcsYh9aMVWY1RFz+Ogo
|
||||
r+KUlNBmE9U1vh9VakJt1LeagcBsmTzPCRKKfwp43bs
|
||||
-> ssh-ed25519 grc4Uw pcT3wOLIvf/nshtHz1ZZTN4fME9SaupbY6v+IqlmhUo
|
||||
BEA2AH/USvWyeghI5BFfyHY0NSRoaHUyzC+DlTvF/GM
|
||||
-> ssh-ed25519 IPKcYQ wm4RkXqcXbHtawYx78yxos2X8mtwR7gsvEqR24YZI2g
|
||||
gnSGAI77WrGxjI79hH3BsEzBqYCFwIV2oxwPiYXDIc8
|
||||
--- teX5jt7yekDMwim5HmU2Us6N7PzlMOKisxdST701o3M
|
||||
Læ—]˜M6Wˆ–àÚ<C3A0>Ó×êDä,;Í{U?eŨkPêît¨â(ÌÓbóÚ¦¼ß“‹Ž
Ñ¿wQ<0E>ÅyÜ2åê›ëhŸì©æ;Î’•Œ÷wkœNo3ºnäAêöÈ*¡·
|
12
secrets/automata.of-a.cat-matrix_env.age
Normal file
12
secrets/automata.of-a.cat-matrix_env.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg anzcoH0kLJb2Azom1hBIT1eVbzv1yctL3l6c8gfjwzk
|
||||
DDhgP/3+hIROP4d8xQ2apBDB6WTmXb3Q9AcEYdIeUIM
|
||||
-> ssh-ed25519 grc4Uw La7w09KGxP8xifVbikW83CJdhMA5ufgZLX6e0kQ6Gl0
|
||||
fxyMY6lq+OpU6HmUxr9SgZ4JDbWgWN9LAjSbFklU5o4
|
||||
-> ssh-ed25519 DLT88w v4qUHpFJK918iuY3IyRxIOZpWbpaL6OpRKBVU7pEET4
|
||||
/nRHMyt5B3wfnqWhk+116qBvXlQlRZ4MDuzBscKQ3Xg
|
||||
--- DKfwaXi8Uhc6mWjkIR1drR8QrsnjG7Z1233qyOker2g
|
||||
C™;$y”J
|
||||
ý‹-©QÛØý1<C3BD>ùs}ÔÖžà½5Ç<35>ÂXÎCÉ<43>¤DG)ãY…O×g=&ô¥
|
||||
ÌP‘}RwÞ‡
|
||||
ëd*Ÿ¤Y–‰Ãìs“˜jN¡®š„sL0Û<30>kV•MPeé‹
|
10
secrets/automata.of-a.cat-matrix_key.pem.age
Normal file
10
secrets/automata.of-a.cat-matrix_key.pem.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg Gf4ZeBJ6c6YqrBXiaL26rwKfnHklKQgjobQ0PcrB0m4
|
||||
EFj/+2bzZa/3HDv4kRBKmc9A79lljtxvH8eHOBbarYg
|
||||
-> ssh-ed25519 grc4Uw 65LBccbQNOiDt/ItwGAG4Zrwv9yhWIgDJisGA22sbmU
|
||||
38LT/tEb7hWBlcDSV8yY3Wozg3w5wc0Gc69Uf1SSTvw
|
||||
-> ssh-ed25519 DLT88w xkiPn6h1P5X0el8S1mxvdGzbzqkzMeX1EugI5jhyB00
|
||||
/jn34J6c1NLerwVcCySZ6u4O0LKsCtnAlItCvKx9ziM
|
||||
--- WwJnBwgvC3tYkIWTQqUHjuzXAGblCw3Lvldic9Rp9K8
|
||||
7R)<29>!í+•ãÎUQê˜ÕGÐZÌf&è€ÞÿÚß•²DfŠPâ¿·)ñ…¯-.pìðòv_¯dáQçÅ+ÒG~|t1ÞÀ¢®}M…-êþ!s©hEL{Ú˜†ioØß<Ó–É,mI3«ÀD*Cw²O©÷uîTу:·VÖÅÑÄÉϱî_[(ñPy$¥xX;ÂñS<C3B1>‚G–Ûߺ“ge
|
||||
üÙ{îA
|
|
@ -1,14 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg 1T37a0MucAEFYMGcdyS+Nxcbkp027j3JxXy2teCwHRg
|
||||
3khC9F+CVUToHWx22Cs0b+1dm0/nUwG7/nu4nFqRijY
|
||||
-> ssh-ed25519 grc4Uw NW49Rzlxh92jldZPNq3mkeJHi460dIA80B3bGqhVrm0
|
||||
9j3PAPk/C1DsGUMTHq1PzQMYId2rNoHRtwYBTViJ/A4
|
||||
-> ssh-ed25519 DLT88w b/3j37sDUOtFD0TbPl0Gvyd/73MNlmKT4EhXn48ANQI
|
||||
eHqL7WDztCzYyvb+K+bkZI0514Z2QyWDwvotmpFHI6M
|
||||
-> ,se-grease U<o] ~4 Yci -R
|
||||
R3H3gWM+BWWFB5qvnpwT0ZHZjihotvCUjaC98pTmtxcqHdHm6bmqNXSBUIIKaOD0
|
||||
79M
|
||||
--- NdVSXnmGsA82Wmu9fVBnsKRn5g6qFhzGLO2v1NE8FXc
|
||||
.½<>„upÅÎün|zÖÂÃ>z¬ËY‹Ò[u)e5u‘sC'Ÿ‡®‘\ÏeЂt']°44Ýh/\›¡-0Ÿ n©ðX÷ëTÚ
|
||||
]³ÒwÏ
|
||||
¾6ú÷Ø{U`o<>ï‚J\C£`ð+Ynס©ÎqdïÓµ¸˜«›ßŽWÞ
|
||||
-> ssh-ed25519 kY4Rgg InhjCAhags7BG+tAighqgEvy5e61t0iYCc3npNrtqRE
|
||||
1/TGuVt+RcOMC2t0/Z4VwljQ9si8KwofWHEMDUnISk4
|
||||
-> ssh-ed25519 grc4Uw m4EP0Qms2l18Wf/DSXrmO4Av06Ye2csnMS1QdYuZcxg
|
||||
O28Fxcv0w13CO+4mwqcOvtC4ignNquh0+R/Z+5i2Pn8
|
||||
-> ssh-ed25519 DLT88w r3Ue500Ih1ahtOH0ThHnw46vIt3FzL3HBlOgaDidtEo
|
||||
m1kMy5aEDd88WaiauiJ7bCmZpZcgy8QtUvE2XxBstA8
|
||||
--- cynhWP7VYn6yJBVF1eKY/vKyD5dhYspHwtSXSaG5Hi0
|
||||
[ Ã5;
NµI«èVí‰\
©IWC¹™çjîÿï5ÐIË©±—£JâkNÀÛü½³Ú¬Ä9¸Oy6Çf*Þ¦,H<>Ê+¬:_úõ¨?:ÿnÀRŽõ4*
|
||||
dõ<EFBFBD>ðµ~RÒ›èWÆ™»Jˬ©Z¹a›HVu‰"å7
|
12
secrets/ci-secrets.age
Normal file
12
secrets/ci-secrets.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg RSEMYQyKt568d2bftr2T+LMqHcZRv8IEzYPbexqWlT4
|
||||
xRt1a1AKPIjWx+yuEEdJ5Vbl2CM5TNog7MhiWHvSpyg
|
||||
-> ssh-ed25519 grc4Uw DXix9IU7eWbeXOSSpuzS7gCWUJJJ5b0ZG41hb7tVkko
|
||||
Hgm84ICn5/MGoSLt7q1KCsySzxds0kpa6YsBqhFqBnw
|
||||
-> ssh-ed25519 CJl5MQ b2ErL0vpRtZLxfdAfl3xRUkaR4lcUmybBs1qlb8aTWk
|
||||
bYUHLN77u4PTEmoE4fJFxiK7HJQWgld4Ttb0vGuz/bI
|
||||
-> ssh-ed25519 DLT88w y8H8YO0uLPNpBVPUzHx9nSzoHsw8U8OLTVLngNdyFG0
|
||||
8seG+OwsVljtBJZ7IIWLocKWShJuJsAxNTygzXlyHro
|
||||
--- G3EfipJ+ZkxczM3fnwhdJtpQlBkX+k28asTPZ0aMihw
|
||||
¥B{f‘~™¼¼Ðj¦$úﰷ—eãëI"–T÷g¥Ÿªgñ^6˜ÏÝV˜Ò3¡<žSüO¿‡ê
|
||||
V?<3F>/êÉè»bÄüŽ±]†X¤@M
|
9
secrets/gitea-runner-token-scylla.age
Normal file
9
secrets/gitea-runner-token-scylla.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg WVJ/QupKCd22ktKgjsYoXRYnd06Wdg8mx4wXObhYvA0
|
||||
sTsybHw/9txSgUEiZI71grdAVI+SvWrVHxoaovlHuCA
|
||||
-> ssh-ed25519 grc4Uw HOIZRDy6UHgH/UviX80b+Ai9gtta4fOBdis8KK78nVM
|
||||
gZTxRmA1c6ZUuRNLi21x5oyHmAriL2NG/JZEloYypss
|
||||
-> ssh-ed25519 CJl5MQ ni17wBb+H2pmQe2pCL8gmx6zs0N4JEcetQ/vURhyElg
|
||||
bXObAXvfQ10e+hc1uYThj8lk53gJ6QPg1pl68EmV+qg
|
||||
--- GhB9BBp+A/7ZH5qp2iQu4N/KhN+EHD19lS8ZJhUlze8
|
||||
ËIs R«²,§¬¨Rš»°¹jýÞë{Ö0Æ Yþœvpìë1抙‰#ؤEÂzÌ߉°p%åÆV7á»kúƒ…`÷°›V+À
|
9
secrets/gitea-runner-token-zorigami.age
Normal file
9
secrets/gitea-runner-token-zorigami.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg 5ILYbJRJi+u/YgzdzlPX9TBfCMZ514e9NzBUSc/tX0w
|
||||
UZV1WVw3JUw02+mou2bUJpelLosWQ6pIiKyQ4pSWqck
|
||||
-> ssh-ed25519 grc4Uw 5amLs+JClxaoIY9ePZS0tf7TblCSK2+tQvhA9mTQzm8
|
||||
FFdBHGQ78gT4mV0Y3TLvIj75RW8vr9SUjB8dOmaGSlg
|
||||
-> ssh-ed25519 DLT88w e/fG8ot68fDxIRnaR7PfCgyiysQk20iGODfW4s1+tBo
|
||||
K/eM8mznVgggxpbO+hCxAJEKSXT9uw2VEdQgAVpqXYI
|
||||
--- XR21VH4kwISBPe8oJ4cf6yc6DCwEB8yio3oNS64H1Hk
|
||||
0テvオi<EFBFBD><EFBFBD>%Jウ彑&<26>ミー^WUエyb潔V<E6BD94>}TチnB~/uvE-<2D>曖卅t王ヤ{.ニ咲4)レ房メ葢<EFBE92>g>「T4析ミ
|
9
secrets/github-runner-token-scylla.age
Normal file
9
secrets/github-runner-token-scylla.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg K+kBDCSLH89MJ4U6U5OYz1Xul2sxqlgb3WPhrSdbYE0
|
||||
+F0llBblCnaMiBOpEo7JMp4TDHExQ7k47jI/CFQ+CNA
|
||||
-> ssh-ed25519 grc4Uw IUpfU9mTb13hBzqV+73U+2lhMpn4M32gzkZ5Ppq6tgM
|
||||
+t/qv8IQoKr+Rn6nS6tIIzWSu4GB2/sI/IXQynr4JzE
|
||||
-> ssh-ed25519 CJl5MQ pEuMoIa3ItlQDVv7kkuHpPtAFb1sAZYNFBTjcazQW30
|
||||
lXuq3r267mP4e4yA2fOfLrgxlzhpUlHeChYKiipOQmw
|
||||
--- 3nODl2Oegpunu2YL2tPxp2VKbHIm3vFJV18Y+4qifG0
|
||||
ŽÃ$P<>"ÍÖÌ8ûêz…).Úĸ 1Ò¨Qá×ScxÒÒÃËèìÓã<C393>F²ýQp»k<13>:¡<>Óå
|
BIN
secrets/github-runner-token-zorigami.age
Normal file
BIN
secrets/github-runner-token-zorigami.age
Normal file
Binary file not shown.
|
@ -1,11 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg kesf+SaZD83McqpA9DixWtFIrEmRPxXkJ0GwzlUxWmE
|
||||
fget0ABRpLa1ILPy+j8qB60R2XOBZUkADYHIqShetLM
|
||||
-> ssh-ed25519 grc4Uw M6nvJkxP3YiZ9HQegvcReYpkLcyhpF2YiAV0Pr6FuiQ
|
||||
gPV7IhypqI8C655+ef69PbvTBcCEK3ChpVKcckU2hQk
|
||||
-> ssh-ed25519 DLT88w 8Cvg6k8zYawUgvMf8RQdA3pxxywIhCn7nPNGrMK4Q0o
|
||||
Kc58s9qkYHVS9pf+MYghheQXLxtImbny+W0zQ6j9eKE
|
||||
-> $mU5]|V-grease 3;xw\jc
|
||||
+Fl1I+CYc0AGj429YbhVaz3i/HvkLrHX0Jt2OIhN4xqp/oJNqw
|
||||
--- IfmaR6Z1bL8wgwgv1A+kuvxTq+xqKb6VD4iKdi0K8mk
|
||||
:‚Imià[Äo|Ú/ÄøR27?ãK"Êæfí¼&{å
Î[7ˆÌe&1¡“¹9…I)uù\Zæ >UÔ_yß
|
||||
-> ssh-ed25519 kY4Rgg /YJw6sGHCMvD3VlfPTpnMq4lzBb0Bg7sw0KQe19z5Dk
|
||||
NaIdnbSQbWUbzpxKAzqvDn3Nyowc3oAoNw4OaWF4VCg
|
||||
-> ssh-ed25519 grc4Uw X23KiCQv1N7ZkWO9PMyJFaCF7RNV1nL0fcmgADLqNAw
|
||||
5RfQnMWfoFGhCZb8o2MXT2TpjcXDP+jR57yG7gOenWA
|
||||
-> ssh-ed25519 DLT88w DqbKtk9Smb/J5/4VkZV5F1wXRvHjXg5eOOEgiviYhk4
|
||||
JTYFDrH0WGrKgQ9fVZjjajCuYfyBk4hUaMmbvLxsI7Y
|
||||
--- JDu9LS6IeQ30uDJjuMCQS8oeOG4/TIT79wZBKZE37Sc
|
||||
öõŠ/=”‘‹”VfB—!æ±5ð™²ÌI»^¹ù(ý°<C3BD>"2d‚ÅEH%ï‚œÛ*šD‰€TaÁ-“”㥈<C2A5>øa<C3B8>
|
|
@ -1,11 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg GE43afqnZA6nX8QEPznXxMEZoRu/oJ+fT9OBtFx/QxM
|
||||
mEr1DxBMFoEDQDQXQjBSLy3vVgOyCPJ2H/OcpZJWqXg
|
||||
-> ssh-ed25519 grc4Uw 8MDCgHOj1lEMQJtH9ILRwoHxFYkR+c0LNuIzaJVR2SY
|
||||
MMUYVYkAR2hMm2S0m/05JM68W4rAYTjir/qyW0Q/TXM
|
||||
-> ssh-ed25519 q4t0Rw dkSEYpIGzwkBCQUdaYRUL83Dx5OVVl1wkRaPrUI9RDc
|
||||
va06hkaOquxhQITBnTLyibSoM3jxQzBLmQcDhq+8dIk
|
||||
-> VwB1p2M-grease "x FC pC\
|
||||
HBrm27hDe0KHabipPX7VkNrXdBx+xg
|
||||
--- 2Sa4Ce1K7UZ1pVa1ZSjCC0hNLb3zCgztX/yzNf0kgHg
|
||||
¬ö¥2r7í&„@³›àÞïì)Z<><5A>s’L>½rÕ®öʯ<C38A>Ó-³ç8C
{Fć^ÃÑÑÈüÎÖ$-}°£+n+:ú<>mšQîN¶”o§ýansjH1÷æ~ÑTDõ%Â]-¬Äòö±ñ<C2B1>8à@ÎíÅYuÈ™ÎùzŽ¤›Ì7<líñ3YˆÞ°4
|
||||
-> ssh-ed25519 kY4Rgg WE/puP2JwPNv9wTZi2ENRjxojAuxQfc+BlsZPZYrSms
|
||||
+aaOyeInrsJzFd938+XVN2Mbr+VNQQkBli0/kYZjiHI
|
||||
-> ssh-ed25519 grc4Uw 95m4RIdplQE0MT7K9r87e0ox9wSmDCqK9otLoFSxiB4
|
||||
y4H0JJsu/5mn9zV8hD0l9Sc68yWBYZtG4Oq/XQzFcXE
|
||||
-> ssh-ed25519 1p3EMA PwCPdgOSEqLuu1Vz8XTc+Eirh32Pj93Se8WTvSXwQBo
|
||||
B32bF6UiDdpcE+tqSM3GBg5oPf++fvWNMYac6aDC8HE
|
||||
--- ulpXvqhHY/PD33jhsLoS3/YTEvmiMbS088zZ9ncK6Ak
|
||||
U›%÷+H0Âl([ÛißÕžfJšå£~A’¤Ðe
|
||||
…°/cX¾Ñ¹v–G(Í:žØO<01>[±Ý1Ž#P`íJ£ :ê$
|
||||
àÅ„jE¢Z™Â<EFBFBD>t€u„2/¾<12>RPÓ¤Žï{!wš‡ê»° "TþÄ:2ü3E-Õk áP›ð³–¹ÕÝäøwÀS
|
Binary file not shown.
|
@ -1,11 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg zF0Gy00g+A652+c4MKe5GFlewtlUMjpLLzODkT1HNBw
|
||||
KoG7CzBBLuTYaPc42+cx/IwDe0WHEwdW7BZD950qx9k
|
||||
-> ssh-ed25519 grc4Uw oi34sgBlxzAvBNvRnPoNys03fYlQPtGaN521dHQKlyA
|
||||
AEclTFw+LElZMNng0+ezmB06vmqlIxrhZ5Ug7lO0K2Y
|
||||
-> ssh-ed25519 CJl5MQ IGMoyGOVqyoczmGdDUrHcQF3zqbKQXESlrg2HkJklls
|
||||
iH0PiadiTgwEtjf2L1Ry2MCFFxhvb9LFr/eFKJA+M+4
|
||||
-> YCy8T-grease 2K|TYGy| ?++k:
|
||||
jzDT2sSDmnozZA0Prkr6cYgVou+09UwXc9H4KBNOlQ
|
||||
--- SjezupwORSDfiv2pPCKzoNGfolICCAd7eLNOmCRuuq4
|
||||
øß.3~M%4`©7?ùjòdzÁ¹–çl†f˜y¡%byÉŽ&Øž…[–—ûÅãa[¶˜wØ<77>dž¿òV;,‚»Ç´5[SM¬wëQ™âu…¸:VÖÓg—ŒØ¨ozýs‘b_[–Ø;UÚ…$´}¥´‚%
|
||||
-> ssh-ed25519 kY4Rgg iY+bhTcJ5EASg6bwUdmPdf+h3+paMJ1RgY95hi+ZRh0
|
||||
IFC13K0t6hwf6CmKdSC7qktkKt4R79qdgkjfvMfqWCg
|
||||
-> ssh-ed25519 grc4Uw AlPqBM26wtwpHX/B86Me9uBF28ZIg94eqQef6i1C/kA
|
||||
JbaKnFkl6PlXJ1IgWHMEo1DziqoC3VyebvoUmCiIBb8
|
||||
-> ssh-ed25519 CJl5MQ vrXURTIr5xUvFIUEZ3Rb3J1DyqLYhX1sRXlhdkTo/Eg
|
||||
1j1gK8i2wTopBG6BOg0mJ7wzpWWxU0jmgIPUQGRbkvE
|
||||
--- RVcB3UgXIOyFNcBeeJbOClOOxJ3pSWLE9mbnfFE/InI
|
||||
<EFBFBD>Í0ûŸ/ˆrâïèÜÛÍâ„à“—˜1ÈÄÁãeû>R+åX—¸G´Hðκ?ª>€g¹Ž=ÿ‹¼Xçt]š?•:k$hU’¸¯¥<C2AF>ò6:ó<>$-–À<E28093>“<EFBFBD>¹Íb³Äºˆ(jžë¦Ó(YÊ<59>@<40>Ì°ÍòÙrÛ
|
|
@ -1,13 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg N+m6p/zttdGnIbdBfTRIEBuQvAquREmfs8RwDTnROAY
|
||||
Q5ROKDJmForW63J5UVu4Qf2TagKisGX4PcMaIVx1K7w
|
||||
-> ssh-ed25519 grc4Uw aSbKCbiCwnipGPVt5dcbCNNBeILtEnAB6Vkfq9LvdEY
|
||||
biHvwNpy7waPMuOQ4TE2mI+iOzROupSqkZINBi7l5/w
|
||||
-> ssh-ed25519 DLT88w Qa4VLSyBQRboqa68kVtqnGb7wEH9oyulEheaYXzl2ws
|
||||
jyDSxSQbzNVJIWsoJIoO3zVpPHy6RWNzPC5IhB5z0tk
|
||||
-> z-TKn-grease DO*%z p1C
|
||||
LUYpx4GSo0pNIT9gW8id1xBZWsJ3iJxhwHxSLg/kQS3KBAJO5uqgd8jnTg4TwGeM
|
||||
NSP31qORZHU
|
||||
--- AbYdv5y7vwe3ONItmV9Fb73/NeTpZd2kBxpu/msW+50
|
||||
X3ó€ÍMť;Á6h·ŠµQŢŽ<C5A2>ńĐ=´;<3B>ú#šŰ‘u3WÍPÜw§Ľ˘Ś
|
||||
?–gYÍ4⯨uu<75>`[ťHű8ś°˝—ű7ĘZţ$Ť>ĘĽx»Očre‹
|
||||
-> ssh-ed25519 kY4Rgg furr0wKuF3UVBY2KVGESBQxxJImHSCacWkKNgMinWAs
|
||||
3lej3Fyut846w60agk0L6CpPrcRhCDwtvlIVSU1Z4IE
|
||||
-> ssh-ed25519 grc4Uw i8TZQwo/zDMVurig2E8P0FmarBCSTVp2isbM9nz3YVM
|
||||
C02+oAEOT3Z3qmC5qEo5ckb3GtQP1q3880PJq/ji2+o
|
||||
-> ssh-ed25519 DLT88w MnTixAlxgk2uAoH6qNpIJGLkc17J/iuaCMhP1rkwmQ8
|
||||
T9wTnw2HO0iTN3b+UFeEI35o82oeW4n5BRMClidNDB4
|
||||
--- 0xkWGxrvK/bhpSTNCPU6JimpIZ2bz8ptl5tWdUErBK4
|
||||
Î݉›Ě{™˘ÎÔ|MĆ%Ď=D4$¬/îŻjŢob»„ K@6Ý™Â÷.µ?saWB(śV·¸vúĎXľ×Ą"^3ÉŞEL>ŕçµZ6[Šš‘W2k…¦wę*–#ü
|
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue