hosts/shinmyoumaru: init, cross: armv6+v7 emulated, stripped base, exprs

2026-02-09 04:19:19 -08:00 · 2021-09-02 21:17:59 +01:00 · 2021-09-02 21:17:59 +01:00 · 37950bc59a
commit 37950bc59a
parent c7d8d0b3d4
19 changed files with 153 additions and 28 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -2,3 +2,7 @@
 	path = config/trusted
 	branch = main
 	url = "https://git.kittywit.ch/kat/nixfiles-trusted.git"
+[submodule "overlay/exprs"]
+	path = overlay/exprs
+	branch = main
+	url = "https://github.com/kittywitch/nixexprs"
--- a/ci/nodes.nix
+++ b/ci/nodes.nix
@ -5,7 +5,7 @@
  channels.nixfiles.path = ../.;

  nix.config = {
-    extra-platforms = "aarch64-linux";
+    extra-platforms = ["aarch64-linux" "armv6l" "armv7l"];
    #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"];
  };

@ -13,9 +13,9 @@
    jobs = mkIf (config.id != "ci") {
      ${config.id}.step.aarch64 = {
        order = 201;
-        name = "prepare for aarch64 builds";
+        name = "prepare for emulated builds";
        run = ''
-          sudo $(which aarch64binfmt)
+          sudo $(which archbinfmt)
        '';
      };
    };
@ -23,7 +23,7 @@

  # ensure sources are fetched and available in the local store before evaluating host configs
  environment.bootstrap = {
-    aarch64binfmt =
+    archbinfmt =
      let
        makeQemuWrapper = name: ''
          mkdir -p /run/binfmt
@ -34,10 +34,14 @@
          EOF
          chmod +x /run/binfmt/${name}
        ''; in
-      channels.cipkgs.writeShellScriptBin "aarch64binfmt" ''
+      channels.cipkgs.writeShellScriptBin "archbinfmt" ''
        ${makeQemuWrapper "aarch64"}
+        ${makeQemuWrapper "armv6l"}
+        ${makeQemuWrapper "armv7l"}
        echo 'extra-sandbox-paths = ${channels.cipkgs.bash} ${channels.cipkgs.qemu} /run/binfmt' >> /etc/nix/nix.conf
        echo ':aarch64-linux:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/aarch64:' > /proc/sys/fs/binfmt_misc/register
+        echo ':armv6l-linux:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/armv6l-linux:' > /proc/sys/fs/binfmt_misc/register
+        echo ':armv7l-linux:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/armv7l-linux:' > /proc/sys/fs/binfmt_misc/register
      '';
    sourceCache = channels.cipkgs.runCommand "sources"
      {
--- a/config/hosts/samhain/nixos.nix
+++ b/config/hosts/samhain/nixos.nix
@ -15,8 +15,8 @@ in
    profiles.gui
    profiles.vfio
    profiles.cross.aarch64
-    profiles.cross.armv7l
    profiles.cross.armv6l
+    profiles.cross.armv7l
    users.kat.guiFull
    users.kat.services.weechat
    services.nginx
--- a/config/hosts/shinmyoumaru/image.nix
+++ b/config/hosts/shinmyoumaru/image.nix
@ -0,0 +1,5 @@
+{ modulesPath, ... }: {
+  imports = [
+    (modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix")
+  ];
+}
--- a/config/hosts/shinmyoumaru/nixos.nix
+++ b/config/hosts/shinmyoumaru/nixos.nix
@ -0,0 +1,93 @@
+{ config, meta, pkgs, lib, ... }: with lib;
+
+{
+  # Imports
+
+  imports = [
+    ./image.nix
+  ];
+
+  # Weird Shit
+
+  nixpkgs.localSystem = systems.examples.raspberryPi // {
+    system = "armv6l-linux";
+  };
+
+  nix = {
+    binaryCaches = lib.mkForce [ "https://app.cachix.org/cache/thefloweringash-armv7" ];
+    binaryCachePublicKeys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ];
+  };
+
+  # Terraform
+
+  deploy.tf = {
+    resources.shinmyoumaru = {
+      provider = "null";
+      type = "resource";
+      connection = {
+        port = head config.services.openssh.ports;
+        host = config.network.addresses.private.nixos.ipv4.address;
+      };
+    };
+  };
+
+  # Bootloader
+
+  boot = {
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+    consoleLogLevel = lib.mkDefault 7;
+    kernelPackages = pkgs.linuxPackages_rpi1;
+  };
+
+  # File Systems and Swap
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  };
+
+  # Networking
+
+  networking = {
+    useDHCP = true;
+    interfaces.eno1.ipv4.addresses = singleton {
+      inherit (config.network.addresses.private.nixos.ipv4) address;
+      prefixLength = 24;
+    };
+    defaultGateway = config.network.privateGateway;
+  };
+
+  network = {
+    addresses = {
+      private = {
+        enable = true;
+        nixos = {
+          ipv4.address = "192.168.1.33";
+          # TODO ipv6.address
+        };
+      };
+    };
+    yggdrasil = {
+      enable = true;
+      pubkey = "0000000000000000000000000000000000000000000000000000";
+      listen.enable = false;
+      listen.endpoints = [ "tcp://0.0.0.0:0" ];
+    };
+  };
+
+  # Firewall
+
+  network.firewall = {
+    private.interfaces = singleton "yggdrasil";
+    public.interfaces = singleton "eno1";
+  };
+
+  # State
+
+  system.stateVersion = "21.11";
+}
--- a/config/profiles/base/packages.nix
+++ b/config/profiles/base/packages.nix
@ -5,7 +5,6 @@
    smartmontools
    hddtemp
    lm_sensors
-    cachix
    pinentry-curses
    gnupg
    foot.terminfo
--- a/config/profiles/cross/armv6.nix
+++ b/config/profiles/cross/armv6.nix
@ -0,0 +1,9 @@
+{ config, ... }: {
+  nix = {
+    binaryCaches = [ "https://arm.cachix.org/" ];
+    binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
+  };
+  boot.binfmt = {
+    emulatedSystems = [ "armv6l-linux" ];
+  };
+}
--- a/config/profiles/cross/armv7.nix
+++ b/config/profiles/cross/armv7.nix
@ -3,4 +3,7 @@
    binaryCaches = [ "https://arm.cachix.org/" ];
    binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
  };
+  boot.binfmt = {
+    emulatedSystems = [ "armv7l-linux" ];
+  };
 }
--- a/config/profiles/cross/default.nix
+++ b/config/profiles/cross/default.nix
@ -1,6 +1,7 @@
 rec {
  common = ./armvcommon.nix;
  armv7-base = ./armv7.nix;
+  armv6-base = ./armv6.nix;
  aarch64-base = ./aarch64.nix;


@ -30,6 +31,7 @@ rec {
    };
    imports = [
      common
+      armv6-base
    ];
  };
 }
--- a/config/users/kat/base/git.nix
+++ b/config/users/kat/base/git.nix
@ -1,17 +1,8 @@
 { config, pkgs, lib, ... }:

 {
-  home.packages = with pkgs; [
-    git-crypt
-    gitAndTools.gitRemoteGcrypt
-    gitAndTools.gitAnnex
-    git-revise
-    gitAndTools.git-annex-remote-b2
-  ];
-
  programs.git = {
    enable = true;
-    package = pkgs.gitAndTools.gitFull;
    userName = "kat witch";
    userEmail = "kat@kittywit.ch";
    extraConfig = {
--- a/config/users/kat/base/packages.nix
+++ b/config/users/kat/base/packages.nix
@ -8,7 +8,7 @@
    sd
    duc
    bat
-    exa
+    exa-noman
    socat
    rsync
    wget
@ -19,7 +19,6 @@
    zstd
    file
    whois
-    niv
    dnsutils
    borgbackup
    neofetch
--- a/config/users/kat/default.nix
+++ b/config/users/kat/default.nix
@ -20,7 +20,7 @@ let katUser = { lib }:
      lib.genAttrs profileNames userImport // {
        services = lib.genAttrs serviceNames serviceImport;
        base = { imports = [ ./nixos.nix (userImport "base") ]; };
-        server = { imports = [ personal ]; };
+        server = { };
        guiFull = { imports = [ gui sway dev media personal ]; };
      };
  in
--- a/config/users/kat/personal/default.nix
+++ b/config/users/kat/personal/default.nix
@ -3,6 +3,8 @@
 {
  imports = [
    ./gpg.nix
+    ./git.nix
+    ./packages.nix
    ./weechat.nix
    ./email.nix
    ./shell.nix
--- a/config/users/kat/personal/git.nix
+++ b/config/users/kat/personal/git.nix
@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+{
+  home.packages = with pkgs; [
+    git-crypt
+    gitAndTools.gitRemoteGcrypt
+    gitAndTools.gitAnnex
+    git-revise
+    gitAndTools.git-annex-remote-b2
+  ];
+  programs.git = {
+    package = pkgs.gitAndTools.gitFull;
+  };
+}
--- a/config/users/kat/personal/packages.nix
+++ b/config/users/kat/personal/packages.nix
@ -1,5 +1,8 @@
 { config, pkgs, ... }:

 {
-  home.packages = with pkgs; [ pinentry.gtk2 ];
+  home.packages = with pkgs; [
+    pinentry.gtk2
+    niv
+  ];
 }
--- a/config/users/kat/personal/shell.nix
+++ b/config/users/kat/personal/shell.nix
@ -2,8 +2,6 @@

 {
  programs.zsh = {
-    shellAliases = genAttrs ["radio" "tv"] (attr: {
-      "abby${attr}" = "mpv $(bitw get secrets/abby -f ${attr})";
-    });
+    shellAliases = mapListToAttrs (attr: nameValuePair "abby${attr}" "mpv $(bitw get secrets/abby -f ${attr})") ["radio" "tv"];
  };
 }
--- a/default.nix
+++ b/default.nix
@ -39,7 +39,6 @@ let
      folderPaths = [ (./config + "/${folder}") (./config/trusted + "/${folder}") ];
    }))
    xargNames) // { modules = lib.recursiveMod { folder = ./config/modules; inherit sources; }; };
-
  /*
    We provide the runners with this file this way. We also provide our nix args here.
    This is also where pkgs are passed through to the meta config.
--- a/nix/sources.json
+++ b/nix/sources.json
@ -89,10 +89,10 @@
        "homepage": null,
        "owner": "kittywitch",
        "repo": "nixexprs",
-        "rev": "a78026175487423769ac2667e618a896af63c5b0",
-        "sha256": "1bvmi4fybq98avshyircxcmshxnwwwlhm1b6brb3ygpffxhxbihy",
+        "rev": "da3150b0837cf75c0c0fe36369ce424b80ee18ce",
+        "sha256": "0w43bih23d3iv95k4arm3xys679rr7rblr5a74isvzxz0m70w3kr",
        "type": "tarball",
-        "url": "https://github.com/kittywitch/nixexprs/archive/a78026175487423769ac2667e618a896af63c5b0.tar.gz",
+        "url": "https://github.com/kittywitch/nixexprs/archive/da3150b0837cf75c0c0fe36369ce424b80ee18ce.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "niv": {
--- a/overlays/exprs
+++ b/overlays/exprs
@ -1 +1 @@
-Subproject commit a78026175487423769ac2667e618a896af63c5b0
+Subproject commit da3150b0837cf75c0c0fe36369ce424b80ee18ce