feat!: make declarative version
This commit is contained in:
parent
cf3c5ef1f5
commit
f4d95c595e
13 changed files with 493 additions and 95 deletions
242
flake.nix
242
flake.nix
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
@ -12,12 +13,18 @@
|
|||
url = "github:oxalica/rust-overlay";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixos-raspberrypi = {
|
||||
url = "github:nvmd/nixos-raspberrypi/main";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs =
|
||||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
nixos-hardware,
|
||||
nixos-raspberrypi,
|
||||
agenix,
|
||||
crane,
|
||||
rust-overlay,
|
||||
|
|
@ -99,100 +106,191 @@
|
|||
}
|
||||
);
|
||||
|
||||
flash-pi-sd = pkgs.writeShellApplication {
|
||||
name = "flash-pi-sd";
|
||||
bootstrapModule =
|
||||
{
|
||||
lib,
|
||||
nixos-raspberrypi,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = with nixos-raspberrypi.nixosModules; [
|
||||
default
|
||||
usb-gadget-ethernet
|
||||
];
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
|
||||
boot.loader.raspberry-pi = {
|
||||
variant = "02";
|
||||
firmwarePackage = nixos-raspberrypi.packages.${pkgs.stdenv.hostPlatform.system}.raspberrypifw;
|
||||
bootloader = "kernel";
|
||||
};
|
||||
boot.supportedFilesystems = lib.mkForce [
|
||||
"ext4"
|
||||
"vfat"
|
||||
];
|
||||
boot.kernelParams = lib.mkAfter [ "cfg80211.ieee80211_regdom=US" ];
|
||||
|
||||
networking.hostName = "noisebridge-pi";
|
||||
networking.networkmanager.enable = lib.mkForce false;
|
||||
networking.wireless = {
|
||||
enable = true;
|
||||
networks."Noisebridge".psk = "noisebridge";
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
|
||||
];
|
||||
};
|
||||
|
||||
flash-bootstrap-sd = pkgs.writeShellApplication {
|
||||
name = "flash-bootstrap-sd";
|
||||
runtimeInputs = [
|
||||
agenix.packages.${system}.default
|
||||
pkgs.coreutils
|
||||
pkgs.nix
|
||||
pkgs.parted
|
||||
pkgs.systemd
|
||||
pkgs.util-linux
|
||||
pkgs.zstd
|
||||
];
|
||||
text = ''
|
||||
set -euo pipefail
|
||||
|
||||
PARTPROBE=${pkgs.parted}/bin/partprobe
|
||||
MOUNT=${pkgs.util-linux}/bin/mount
|
||||
UMOUNT=${pkgs.util-linux}/bin/umount
|
||||
MOUNTPOINT=${pkgs.util-linux}/bin/mountpoint
|
||||
FINDMNT=${pkgs.util-linux}/bin/findmnt
|
||||
UDEVADM=${pkgs.systemd}/bin/udevadm
|
||||
ZSTD=${pkgs.zstd}/bin/zstd
|
||||
|
||||
if [ "$#" -ne 1 ]; then
|
||||
echo "usage: flash-pi-sd /dev/sdX" >&2
|
||||
echo "usage: flash-bootstrap-sd /dev/sdX" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
device="$1"
|
||||
flake_path=${builtins.toString ./.}
|
||||
image_link="$(mktemp -u /tmp/noisebell-sd-image.XXXXXX)"
|
||||
mount_dir="$(mktemp -d)"
|
||||
secrets_dir="${builtins.toString ./secrets}"
|
||||
key_name="bootstrap-identity.age"
|
||||
rules_file="${builtins.toString ./secrets/secrets.nix}"
|
||||
|
||||
cleanup() {
|
||||
if "$MOUNTPOINT" -q "$mount_dir"; then
|
||||
sudo "$UMOUNT" "$mount_dir"
|
||||
fi
|
||||
rm -rf "$mount_dir"
|
||||
rm -f "$image_link"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
zstd_bin=${pkgs.zstd}/bin/zstd
|
||||
|
||||
if [ ! -b "$device" ]; then
|
||||
echo "not a block device: $device" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
boot_part="''${device}1"
|
||||
case "$device" in
|
||||
*[0-9]) boot_part="''${device}p1" ;;
|
||||
esac
|
||||
echo "Requesting sudo access before build and flash..."
|
||||
sudo -v
|
||||
echo "Sudo authentication successful."
|
||||
|
||||
echo "Building bootstrap SD image..."
|
||||
nix build "$flake_path#nixosConfigurations.bootstrap.config.system.build.sdImage" -o "$image_link"
|
||||
echo "Building bootstrap NixOS Raspberry Pi Zero 2 W image..."
|
||||
image_out="$(nix build \
|
||||
--print-out-paths \
|
||||
--cores 0 \
|
||||
--max-jobs auto \
|
||||
"$flake_path#nixosConfigurations.bootstrap.config.system.build.sdImage")"
|
||||
|
||||
image="$(echo "$image_link"/sd-image/*.img*)"
|
||||
image="$(echo "$image_out"/sd-image/*.img*)"
|
||||
if [ ! -f "$image" ]; then
|
||||
echo "failed to locate SD image under $image_link/sd-image" >&2
|
||||
echo "failed to locate SD image under $image_out/sd-image" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Flashing $image to $device..."
|
||||
if [ "''${image##*.}" = "zst" ]; then
|
||||
"$ZSTD" -d --stdout "$image" | sudo dd of="$device" bs=4M conv=fsync status=progress
|
||||
"$zstd_bin" -d --stdout "$image" | sudo dd of="$device" bs=16M conv=fsync status=progress
|
||||
else
|
||||
sudo dd if="$image" of="$device" bs=4M conv=fsync status=progress
|
||||
sudo dd if="$image" of="$device" bs=16M conv=fsync status=progress
|
||||
fi
|
||||
sync
|
||||
|
||||
sudo "$PARTPROBE" "$device"
|
||||
sudo "$UDEVADM" settle
|
||||
echo "Done. This is the custom bootstrap NixOS image."
|
||||
'';
|
||||
};
|
||||
|
||||
if "$FINDMNT" -rn "$boot_part" >/dev/null 2>&1; then
|
||||
sudo "$UMOUNT" "$boot_part"
|
||||
pi-serial = pkgs.writeShellApplication {
|
||||
name = "pi-serial";
|
||||
runtimeInputs = [
|
||||
pkgs.coreutils
|
||||
pkgs.procps
|
||||
pkgs.tio
|
||||
pkgs.util-linux
|
||||
];
|
||||
text = ''
|
||||
set -euo pipefail
|
||||
|
||||
baud_rate=115200
|
||||
data_bits=8
|
||||
stop_bits=1
|
||||
parity=none
|
||||
flow_control=none
|
||||
serial_tools="screen tio minicom picocom"
|
||||
|
||||
port=""
|
||||
|
||||
if [ "$#" -gt 1 ]; then
|
||||
echo "usage: pi-serial [device]" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Installing bootstrap age identity onto $boot_part..."
|
||||
sudo "$MOUNT" "$boot_part" "$mount_dir"
|
||||
(
|
||||
cd "$secrets_dir"
|
||||
RULES="$rules_file" agenix -d "$key_name"
|
||||
) | sudo tee "$mount_dir/noisebell-bootstrap.agekey" >/dev/null
|
||||
sudo chmod 600 "$mount_dir/noisebell-bootstrap.agekey"
|
||||
sync
|
||||
if [ "$#" -eq 1 ]; then
|
||||
port="$1"
|
||||
else
|
||||
for candidate in /dev/serial/by-id/* /dev/ttyUSB* /dev/ttyACM*; do
|
||||
if [ -e "$candidate" ]; then
|
||||
port="$candidate"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
echo "Done. You can now move the card to the Pi and boot it."
|
||||
if [ -z "$port" ]; then
|
||||
echo "No serial device found." >&2
|
||||
echo "Check the adapter and run: ls -l /dev/serial/by-id /dev/ttyUSB* /dev/ttyACM* 2>/dev/null" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log_file="pi-serial-$(date +%Y%m%d-%H%M%S).log"
|
||||
|
||||
echo "Stopping old serial sessions for this user"
|
||||
for tool in $serial_tools; do
|
||||
pkill -x -u "$USER" "$tool" 2>/dev/null || true
|
||||
done
|
||||
sleep 1
|
||||
|
||||
echo "Waiting for port to become free: $port"
|
||||
while fuser "$port" >/dev/null 2>&1; do
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo "Using serial port: $port"
|
||||
echo "Logging to: $log_file"
|
||||
echo "Start this before powering the Pi."
|
||||
|
||||
exec sudo tio \
|
||||
-b "$baud_rate" \
|
||||
-d "$data_bits" \
|
||||
-s "$stop_bits" \
|
||||
-p "$parity" \
|
||||
-f "$flow_control" \
|
||||
-t \
|
||||
--log \
|
||||
--log-file "$log_file" \
|
||||
"$port"
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
packages.${system} = {
|
||||
inherit noisebell-cache noisebell-discord flash-pi-sd;
|
||||
inherit
|
||||
noisebell-cache
|
||||
noisebell-discord
|
||||
flash-bootstrap-sd
|
||||
pi-serial
|
||||
;
|
||||
default = noisebell-cache;
|
||||
};
|
||||
|
||||
|
|
@ -208,6 +306,9 @@
|
|||
imports = [
|
||||
(import ./remote/cache-service/module.nix noisebell-cache)
|
||||
(import ./remote/discord-bot/module.nix noisebell-discord)
|
||||
(import ./remote/hosted-module.nix {
|
||||
inherit self agenix;
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
@ -216,6 +317,7 @@
|
|||
system = "aarch64-linux";
|
||||
modules = [
|
||||
agenix.nixosModules.default
|
||||
nixos-hardware.nixosModules.raspberry-pi-3
|
||||
(import ./pi/module.nix {
|
||||
pkg = noisebell-pi;
|
||||
rev = self.shortRev or "dirty";
|
||||
|
|
@ -225,34 +327,38 @@
|
|||
];
|
||||
};
|
||||
|
||||
nixosConfigurations.bootstrap = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
nixosConfigurations.bootstrap = nixos-raspberrypi.lib.nixosSystem {
|
||||
specialArgs = {
|
||||
inherit nixos-raspberrypi;
|
||||
};
|
||||
modules = [
|
||||
agenix.nixosModules.default
|
||||
(import ./pi/module.nix {
|
||||
pkg = noisebell-pi;
|
||||
rev = self.shortRev or "dirty";
|
||||
})
|
||||
./pi/bootstrap.nix
|
||||
nixos-raspberrypi.nixosModules.sd-image
|
||||
bootstrapModule
|
||||
];
|
||||
};
|
||||
|
||||
devShells.${system}.default = craneLib.devShell {
|
||||
packages = [
|
||||
flash-pi-sd
|
||||
flash-bootstrap-sd
|
||||
pi-serial
|
||||
pkgs.nix
|
||||
pkgs.parted
|
||||
pkgs.rust-analyzer
|
||||
pkgs.systemd
|
||||
pkgs.util-linux
|
||||
pkgs.tio
|
||||
pkgs.zstd
|
||||
agenix.packages.${system}.default
|
||||
];
|
||||
};
|
||||
|
||||
apps.${system}.flash-pi-sd = {
|
||||
type = "app";
|
||||
program = "${flash-pi-sd}/bin/flash-pi-sd";
|
||||
apps.${system} = {
|
||||
flash-bootstrap-sd = {
|
||||
type = "app";
|
||||
program = "${flash-bootstrap-sd}/bin/flash-bootstrap-sd";
|
||||
};
|
||||
|
||||
pi-serial = {
|
||||
type = "app";
|
||||
program = "${pi-serial}/bin/pi-serial";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue