From f9426cddbab4b7a8415ae26ca862d9a239f93b33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Wed, 6 Mar 2024 15:41:07 +0200 Subject: [PATCH] vno1-op5p --- flake.nix | 21 +++++++++ hosts/op5p/configuration.nix | 8 ++++ hosts/vno1-op5p/configuration.nix | 73 +++++++++++++++++++++++++++++++ shared/platform/orangepi5plus.nix | 8 ---- 4 files changed, 102 insertions(+), 8 deletions(-) create mode 100644 hosts/vno1-op5p/configuration.nix diff --git a/flake.nix b/flake.nix index 18cdeff..26a4ee9 100644 --- a/flake.nix +++ b/flake.nix @@ -142,6 +142,27 @@ specialArgs = {inherit myData;} // inputs; }; + vno1-op5p = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + {nixpkgs.overlays = overlays;} + ./hosts/vno1-op5p/configuration.nix + home-manager.nixosModules.home-manager + + #agenix.nixosModules.default + #{ + # age.secrets = { + # motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; + # root-passwd-hash.file = ./secrets/root_passwd_hash.age; + + # sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + # }; + #} + ]; + + specialArgs = {inherit myData;} // inputs; + }; + vno1-oh2 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/hosts/op5p/configuration.nix b/hosts/op5p/configuration.nix index b3e057e..3b93a96 100644 --- a/hosts/op5p/configuration.nix +++ b/hosts/op5p/configuration.nix @@ -22,6 +22,14 @@ boot.supportedFilesystems = ["bcachefs"]; + fileSystems = { + "/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; + security.sudo = { enable = true; wheelNeedsPassword = false; diff --git a/hosts/vno1-op5p/configuration.nix b/hosts/vno1-op5p/configuration.nix new file mode 100644 index 0000000..9d89b13 --- /dev/null +++ b/hosts/vno1-op5p/configuration.nix @@ -0,0 +1,73 @@ +_: let + nvme = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-256G-1001_19494D801165"; +in { + imports = [ + ../../modules + ../../shared/platform/orangepi5plus.nix + ]; + + boot = { + supportedFilesystems = ["bcachefs"]; + initrd = { + kernelModules = ["usb_storage"]; + luks.devices = { + luksroot = { + device = "${nvme}-part3"; + allowDiscards = true; + keyFileOffset = 554; + keyFileSize = 12; + keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_1EA30F29-0:0"; + }; + }; + }; + }; + + swapDevices = [ + { + device = "${nvme}-part2"; + randomEncryption.enable = true; + } + ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "bcachefs"; + }; + "/boot" = { + device = "${nvme}-part1"; + fsType = "ext4"; + }; + }; + + mj = { + stateVersion = "23.11"; + timeZone = "Europe/Vilnius"; + username = "motiejus"; + + base.users = { + enable = true; + #root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + #user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + user.initialPassword = "live"; + root.initialPassword = "live"; + }; + + services = { + node_exporter.enable = true; + }; + + #postfix = { + # enable = true; + # saslPasswdPath = config.age.secrets.sasl-passwd.path; + #}; + }; + + services.pcscd.enable = true; + + networking = { + hostName = "vno1-op5p"; + domain = "jakstys.lt"; + firewall.allowedTCPPorts = [22]; + }; +} diff --git a/shared/platform/orangepi5plus.nix b/shared/platform/orangepi5plus.nix index 0008a95..5c3f20c 100644 --- a/shared/platform/orangepi5plus.nix +++ b/shared/platform/orangepi5plus.nix @@ -37,14 +37,6 @@ in { hardware.deviceTree.name = "rockchip/rk3588-orangepi-5-plus.dtb"; - fileSystems = { - "/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - options = ["noatime"]; - }; - }; - system.build = { sdImage = import "${modulesPath}/../lib/make-disk-image.nix" { name = "orangepi5-sd-image";