Add cherry #19

Merged
riley merged 4 commits from add-cherry into mistress 2023-06-19 18:22:39 +02:00
4 changed files with 77 additions and 0 deletions

View file

@ -51,6 +51,14 @@
specialArgs = args; specialArgs = args;
}; };
# Raspberry Pi hosting my website
"cherry" = lib.nixosSystem {
system = "aarch64-linux";
modules = [
./system/cherry/core.nix
];
};
}; };
# Configurations for non-NixOS machines. # Configurations for non-NixOS machines.

View file

@ -6,6 +6,7 @@ in with lib; {
options.custom.nix = {}; options.custom.nix = {};
# TODO: Add strawberry as a build machine here
config = { config = {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix.extraOptions = '' nix.extraOptions = ''

59
system/cherry/core.nix Normal file
View file

@ -0,0 +1,59 @@
{ pkgs, ... }: {
boot.loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
networking = {
hostName = "cherry";
interfaces.eth0.useDHCP = true;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
nix = {
# TODO: Set up strawberry as a substituter
# TODO: Set up nixbuild.net
# TODO: Figure out how to make it safe to use other machines as remote
# builders.
distributedBuilds = false;
buildMachines = [];
};
documentation.enable = false;
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
system.stateVersion = "21.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
# User for running the website service
users.users."website" = {
isSystemUser = true;
group = "website";
};
users.groups."website" = {};
environment.systemPackages = with pkgs; [
vim
git
] ++ (import ../../shared/env.nix pkgs);
users.users."root" = {
# Allow access to this server from all the machines
openssh.authorizedKeys.keyFiles = [
../dev-lt-63/keys/riley.pub
../strawberry/keys/riley.pub
../lime/keys/riley.pub
];
};
}

View file

@ -13,6 +13,15 @@
interfaces."enp9s0".useDHCP = true; interfaces."enp9s0".useDHCP = true;
}; };
nix = {
sshServe.enable = true;
sshServe.keys = [
(builtins.readFile ../cherry/keys/root.pub)
# (builtins.readFile ../dev-lt-63/keys/riley.pub)
# (builtins.readFile ../lime/keys/riley.pub)
];
};
boot = { boot = {
initrd.availableKernelModules = [ initrd.availableKernelModules = [
"nvme" "nvme"