diff --git a/builders b/builders new file mode 100644 index 0000000..5246b7d --- /dev/null +++ b/builders @@ -0,0 +1 @@ +ssh://nixremote@seras.kyouma.net x86_64-linux,aarch64-linux - 40 2 nixos-test,benchmark,big-parallel,kvm diff --git a/config/common/default.nix b/config/common/default.nix index ef26bbd..7241741 100644 --- a/config/common/default.nix +++ b/config/common/default.nix @@ -57,8 +57,15 @@ with lib; { nix.gc.automatic = true; nix.gc.options = "--delete-older-than 7d"; nix.optimise.automatic = true; + nix.registry.nixpkgs.to = { + type = "path"; + path = pkgs.path; + }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.trusted-users = [ "root" "@wheel" ]; + nix.extraOptions = '' + builders-use-substitutes = true + ''; nixpkgs.config.allowUnfree = true; diff --git a/config/hosts/lain/configuration.nix b/config/hosts/lain/configuration.nix index e1799d7..f5d6c7d 100644 --- a/config/hosts/lain/configuration.nix +++ b/config/hosts/lain/configuration.nix @@ -1,52 +1,27 @@ { config, inputs, lib, pkgs, ... }: { imports = [ - inputs.nixos-hardware.nixosModules.raspberry-pi-4 ../../common + ../../profiles/remote-builder.nix + ../../profiles/rpi.nix ../../profiles/headless.nix ]; - boot.loader.efi.canTouchEfiVariables = true; - console.enable = false; - deployment = { - targetHost = "192.168.178.166"; - targetUser = "nixos"; + targetHost = "192.168.178.171"; }; - environment.systemPackages = with pkgs; [ - kodiPackages.jellyfin - kodiPackages.keymap - libcec - libraspberrypi - raspberrypi-eeprom - ]; - fileSystems = { - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - hardware = { - bluetooth.enable = true; - deviceTree.enable = true; - raspberry-pi."4" = { - audio.enable = false; - apply-overlays-dtmerge.enable = true; - fkms-3d.enable = true; - }; + networking = { + hostName = "lain"; + dhcpcd.enable = lib.mkForce true; + networkmanager.enable = true; + useDHCP = lib.mkForce true; }; - - kyouma.machine-type.physical = true; + systemd.network.enable = lib.mkForce false; nixpkgs.overlays = [ - (self: super: { libcec = super.libcec.override { withLibraspberrypi = true; }; }) + (self: super: { kodi-wayland = super.kodi-wayland.overrideAttrs { doInstallCheck = false; }; }) ]; - networking.hostName = "lain"; - networking.networkmanager.enable = true; - systemd.network.enable = lib.mkForce false; - systemd.sockets."cec-client" = { after = [ "dev-vchiq.device" ]; bindsTo = [ "dev-vchiq.device" ]; @@ -70,30 +45,22 @@ }; }; - services.avahi = { - enable = true; - ipv6 = true; - nssmdns4 = true; - publish.enable = true; - publish.userServices = true; - }; services.cage = { enable = true; + environment = { + WLR_NO_HARDWARE_CURSORS = "1"; + }; program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; user = "kodi"; }; - services.fstrim.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; - }; services.udev.extraRules = '' # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below) KERNEL=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq" ''; - users.mutableUsers = lib.mkForce true; - users.users.kodi.extraGroups = [ "video" ]; - users.extraUsers.kodi.isNormalUser = true; + users = { + mutableUsers = lib.mkForce true; + users.kodi.extraGroups = [ "video" ]; + extraUsers.kodi.isNormalUser = true; + }; } diff --git a/config/hosts/ryuuko/configuration.nix b/config/hosts/ryuuko/configuration.nix index 4995bb9..cf3e802 100644 --- a/config/hosts/ryuuko/configuration.nix +++ b/config/hosts/ryuuko/configuration.nix @@ -3,11 +3,12 @@ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4 ../../common ../../profiles/graphical + ../../profiles/remote-build.nix ./hardware-configuration.nix ./disko.nix ]; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + #boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.extraModprobeConfig = '' options i915 enable_guc=3 ''; diff --git a/config/hosts/seras/configuration.nix b/config/hosts/seras/configuration.nix new file mode 100644 index 0000000..28d7699 --- /dev/null +++ b/config/hosts/seras/configuration.nix @@ -0,0 +1,35 @@ +{ config, inputs, lib, pkgs, ... }: { + imports = [ + ../../common + ../../profiles/headless.nix + ../../profiles/kartoffel.nix + ../../profiles/lxc.nix + ]; + + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + + deployment.targetUser = "emily"; + + networking = { + hostName = "seras"; + nftables.enable = lib.mkForce false; + }; + nix.settings.trusted-users = [ "nixremote" ]; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + systemd.network.networks."98-eth-default" = { + address = [ + "2a0f:be01:0:100::169/128" + ]; + }; + users.users.nixremote = { + isNormalUser = true; + shell = pkgs.fish; + ignoreShellProgramCheck = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch" + ]; + }; +} diff --git a/config/profiles/remote-build.nix b/config/profiles/remote-build.nix new file mode 100644 index 0000000..1b8e134 --- /dev/null +++ b/config/profiles/remote-build.nix @@ -0,0 +1,11 @@ +{config, lib, pkgs, ... }: { + nix.buildMachines = [{ + hostName = "seras.kyouma.net"; + sshUser = "nixremote"; + maxJobs = 40; + speedFactor = 5; + systems = [ "aarch64-linux" "x86_64-linux" ]; + supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + }]; + nix.distributedBuilds = true; +} diff --git a/config/profiles/rpi.nix b/config/profiles/rpi.nix new file mode 100644 index 0000000..71cb6c5 --- /dev/null +++ b/config/profiles/rpi.nix @@ -0,0 +1,81 @@ +{ config, inputs, lib, pkgs, ... }: { + imports = [ + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ]; + kyouma.machine-type.physical = true; + + boot = { + extraModprobeConfig = '' + options snd_bcm2835 enable_headphones=1 + ''; + kernelParams = [ "snd_bcm2835.enable_hdmi=1" ]; + loader.raspberryPi.firmwareConfig = '' + dtparam=audio=on + dtparam=krnbt=on + ''; + }; + console.enable = false; + + documentation.man.generateCaches = false; + + environment.systemPackages = with pkgs; [ + bluez + bluez-tools + libcec + libraspberrypi + raspberrypi-eeprom + ]; + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + hardware = { + bluetooth.enable = true; + pulseaudio.enable = true; + deviceTree = { + enable = true; + overlays = [ + { + name = "bluetooth-overlay"; + dtsText = '' + /dts-v1/; + /plugin/; + + / { + compatible = "brcm,bcm2711"; + + fragment@0 { + target = <&uart0_pins>; + __overlay__ { + brcm,pins = <30 31 32 33>; + brcm,pull = <2 0 0 2>; + }; + }; + }; + ''; + } + ]; + }; + raspberry-pi."4" = { + apply-overlays-dtmerge.enable = true; + fkms-3d.enable = true; + }; + }; + + nixpkgs.overlays = [ + (self: super: { libcec = super.libcec.override { withLibraspberrypi = true; }; }) + ]; + + sound.enable = true; + services.avahi = { + enable = true; + ipv6 = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; + services.fstrim.enable = true; +} diff --git a/flake.nix b/flake.nix index 128e9fb..dfba0a6 100644 --- a/flake.nix +++ b/flake.nix @@ -21,15 +21,21 @@ }; }; + nixConfig = { + builders-use-substitutes = true; + builders = "ssh://nixremote@seras.kyouma.net x86_64-linux,aarch64-linux - 40 2 nixos-test,benchmark,big-parallel,kvm"; + }; + outputs = { self, nixpkgs, flake-utils, ... }@inputs: { colmena = let - hosts = [ "web-dus" "crime" "ryuuko" "lain" ]; + hosts = [ "web-dus" "crime" "ryuuko" "lain" "seras" ]; hostCfg = hostname: { imports = [ (./config/hosts/${hostname}/configuration.nix) ]; }; in { meta = { allowApplyAll = false; + machinesFile = ./builders; nixpkgs = nixpkgs.legacyPackages.x86_64-linux; nodeNixpkgs = { lain = nixpkgs.legacyPackages.aarch64-linux;