From 87f2efe3ce75e4686197a61adb3ee1fc93af7640 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 23:46:16 +0200 Subject: [PATCH 1/4] Add `cherry` --- flake.nix | 8 ++++++ shared/core/nix.nix | 1 + system/cherry/core.nix | 50 ++++++++++++++++++++++++++++++++++++++ system/strawberry/core.nix | 9 +++++++ 4 files changed, 68 insertions(+) create mode 100644 system/cherry/core.nix diff --git a/flake.nix b/flake.nix index 142f8bb..0635993 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,14 @@ specialArgs = args; }; + # Raspberry Pi hosting my website + "cherry" = lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./system/cherry/core.nix + ]; + }; + }; # Configurations for non-NixOS machines. diff --git a/shared/core/nix.nix b/shared/core/nix.nix index f0e55fd..7ff1fe6 100644 --- a/shared/core/nix.nix +++ b/shared/core/nix.nix @@ -6,6 +6,7 @@ in with lib; { options.custom.nix = {}; + # TODO: Add strawberry as a build machine here config = { nixpkgs.config.allowUnfree = true; nix.extraOptions = '' diff --git a/system/cherry/core.nix b/system/cherry/core.nix new file mode 100644 index 0000000..9b923b0 --- /dev/null +++ b/system/cherry/core.nix @@ -0,0 +1,50 @@ +{ pkgs, ... }: { + + boot.loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + + networking = { + hostName = "cherry"; + interfaces.eth0.useDHCP = true; + }; + + nix = { + # TODO: Set up strawberry as a substituter + # TODO: Set up nixbuild.net + # TODO: Figure out how to make it safe to use other machines as remote + # builders. + distributedBuilds = false; + buildMachines = []; + }; + + documentation.enable = false; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + # User for running the website service + users.users."website" = { + isSystemUser = true; + }; + + environment.systemPackages = with pkgs; [ + vim + git + ] ++ (import ../../shared/env.nix pkgs); + + users.users."root" = { + # Allow access to this server from all the machines + openssh.authorizedKeys.keyFiles = [ + ../dev-lt-63/riley.pub + ../strawberry/riley.pub + ../lime/riley.pub + ]; + }; + +} \ No newline at end of file diff --git a/system/strawberry/core.nix b/system/strawberry/core.nix index 33ab96c..9150b54 100644 --- a/system/strawberry/core.nix +++ b/system/strawberry/core.nix @@ -13,6 +13,15 @@ interfaces."enp9s0".useDHCP = true; }; + nix = { + sshServe.enable = true; + sshServe.keys = [ + (builtins.readFile ../cherry/keys/root.pub) + # (builtins.readFile ../dev-lt-63/keys/riley.pub) + # (builtins.readFile ../lime/keys/riley.pub) + ]; + }; + boot = { initrd.availableKernelModules = [ "nvme" From 611930210d91806b35b93394ffe9c7143dbfa0be Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 23:52:17 +0200 Subject: [PATCH 2/4] Fix `cherry` config --- system/cherry/core.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/system/cherry/core.nix b/system/cherry/core.nix index 9b923b0..b3ac0dd 100644 --- a/system/cherry/core.nix +++ b/system/cherry/core.nix @@ -26,12 +26,16 @@ fsType = "ext4"; }; + system.stateVersion = "21.11"; + boot.kernelPackages = pkgs.linuxPackages_latest; # User for running the website service users.users."website" = { isSystemUser = true; + group = "website"; }; + users.groups."website" = {}; environment.systemPackages = with pkgs; [ vim From 00c40b1f831c5fb75ed1f7f30d0e3c55b886f56b Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Mon, 19 Jun 2023 17:48:38 +0200 Subject: [PATCH 3/4] Add ssh service for cherry --- system/cherry/core.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/system/cherry/core.nix b/system/cherry/core.nix index b3ac0dd..967ca17 100644 --- a/system/cherry/core.nix +++ b/system/cherry/core.nix @@ -10,6 +10,11 @@ interfaces.eth0.useDHCP = true; }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + nix = { # TODO: Set up strawberry as a substituter # TODO: Set up nixbuild.net From fce12132934fa82d936e2f08c938c6bad9a13ffd Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Mon, 19 Jun 2023 17:51:55 +0200 Subject: [PATCH 4/4] Fix key paths --- system/cherry/core.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/cherry/core.nix b/system/cherry/core.nix index 967ca17..a4ef8b2 100644 --- a/system/cherry/core.nix +++ b/system/cherry/core.nix @@ -50,9 +50,9 @@ users.users."root" = { # Allow access to this server from all the machines openssh.authorizedKeys.keyFiles = [ - ../dev-lt-63/riley.pub - ../strawberry/riley.pub - ../lime/riley.pub + ../dev-lt-63/keys/riley.pub + ../strawberry/keys/riley.pub + ../lime/keys/riley.pub ]; };