add vf2
All checks were successful
Hydra devShells.x86_64-linux.default Hydra build #22168 of nixos-config:pr618:devShells.x86_64-linux.default
All checks were successful
Hydra devShells.x86_64-linux.default Hydra build #22168 of nixos-config:pr618:devShells.x86_64-linux.default
This commit is contained in:
parent
b8f99cf3bc
commit
a1d969ffae
12 changed files with 222 additions and 3 deletions
|
@ -8,3 +8,8 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *vf2
|
- *vf2
|
||||||
- *lotte
|
- *lotte
|
||||||
|
- path_regex: services/tailscale\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *vf2
|
||||||
|
- *lotte
|
||||||
|
|
7
config/default.nix
Normal file
7
config/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{nixos-config, ...}: {
|
||||||
|
imports = [
|
||||||
|
"${nixos-config}/modules"
|
||||||
|
"${nixos-config}/services/tailscale.nix"
|
||||||
|
./systemd-boot.nix
|
||||||
|
];
|
||||||
|
}
|
5
config/systemd-boot.nix
Normal file
5
config/systemd-boot.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
_: {
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = false;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
}
|
37
flake.lock
37
flake.lock
|
@ -1,5 +1,25 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"disko": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730190761,
|
||||||
|
"narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"rev": "3979285062d6781525cded0f6c4ff92e71376b55",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -168,6 +188,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixos-hardware": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730161780,
|
||||||
|
"narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730101162,
|
"lastModified": 1730101162,
|
||||||
|
@ -250,6 +285,7 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"disko": "disko",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"flakey-profile": "flakey-profile",
|
"flakey-profile": "flakey-profile",
|
||||||
|
@ -258,6 +294,7 @@
|
||||||
"lix": "lix",
|
"lix": "lix",
|
||||||
"lix-module": "lix-module",
|
"lix-module": "lix-module",
|
||||||
"nix2container": "nix2container",
|
"nix2container": "nix2container",
|
||||||
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"pre-commit-hooks": "pre-commit-hooks",
|
"pre-commit-hooks": "pre-commit-hooks",
|
||||||
"riscv-overlay": "riscv-overlay",
|
"riscv-overlay": "riscv-overlay",
|
||||||
|
|
21
flake.nix
21
flake.nix
|
@ -2,6 +2,10 @@
|
||||||
description = "Lotte’s nix configuration";
|
description = "Lotte’s nix configuration";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
|
disko = {
|
||||||
|
url = "github:nix-community/disko";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
flake-compat = {
|
flake-compat = {
|
||||||
url = "github:edolstra/flake-compat";
|
url = "github:edolstra/flake-compat";
|
||||||
flake = false;
|
flake = false;
|
||||||
|
@ -39,6 +43,7 @@
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||||
nixpkgs.url = "github:nixos/nixpkgs";
|
nixpkgs.url = "github:nixos/nixpkgs";
|
||||||
pre-commit-hooks = {
|
pre-commit-hooks = {
|
||||||
url = "github:cachix/git-hooks.nix";
|
url = "github:cachix/git-hooks.nix";
|
||||||
|
@ -133,6 +138,12 @@
|
||||||
or {}
|
or {}
|
||||||
// inputs';
|
// inputs';
|
||||||
});
|
});
|
||||||
|
systems' = {
|
||||||
|
vf2 = {
|
||||||
|
config = ./machine/vf2;
|
||||||
|
system = "riscv64-linux";
|
||||||
|
};
|
||||||
|
};
|
||||||
containers = mapAttrs (_: container:
|
containers = mapAttrs (_: container:
|
||||||
mkSystem {
|
mkSystem {
|
||||||
inherit (container) system;
|
inherit (container) system;
|
||||||
|
@ -141,8 +152,16 @@
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
self.nixosContainers;
|
self.nixosContainers;
|
||||||
|
systems = mapAttrs (_: system:
|
||||||
|
mkSystem {
|
||||||
|
inherit (system) system;
|
||||||
|
modules = [
|
||||||
|
system.config
|
||||||
|
];
|
||||||
|
})
|
||||||
|
systems';
|
||||||
in
|
in
|
||||||
containers;
|
containers // systems;
|
||||||
hydraJobs = {
|
hydraJobs = {
|
||||||
inherit (self) checks devShells;
|
inherit (self) checks devShells;
|
||||||
nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
|
nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
|
||||||
|
|
12
machine/vf2/default.nix
Normal file
12
machine/vf2/default.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
nixos-config,
|
||||||
|
nixos-hardware,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
"${nixos-config}/config"
|
||||||
|
./disko.nix
|
||||||
|
./hardware.nix
|
||||||
|
];
|
||||||
|
system.stateVersion = "24.11";
|
||||||
|
}
|
63
machine/vf2/disko.nix
Normal file
63
machine/vf2/disko.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
main = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/disk/by-id/nvme-eui.002538b371b824db";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
priority = 1;
|
||||||
|
name = "ESP";
|
||||||
|
start = "1M";
|
||||||
|
end = "1024M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = ["umask=0077"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "-8G";
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = ["-f"]; # Override existing partition
|
||||||
|
# Subvolumes must set a mountpoint in order to be mounted,
|
||||||
|
# unless their parent is mounted
|
||||||
|
subvolumes = {
|
||||||
|
# Subvolume name is different from mountpoint
|
||||||
|
"/root" = {
|
||||||
|
mountOptions = ["compress=zstd"];
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
# Subvolume name is the same as the mountpoint
|
||||||
|
"/persistent" = {
|
||||||
|
mountOptions = ["compress=zstd"];
|
||||||
|
mountpoint = "/persistent";
|
||||||
|
};
|
||||||
|
# Parent is not mounted so the mountpoint must be set
|
||||||
|
"/nix" = {
|
||||||
|
mountOptions = ["compress=zstd" "noatime"];
|
||||||
|
mountpoint = "/nix";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mountpoint = "/partition-root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
swap = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "swap";
|
||||||
|
discardPolicy = "both";
|
||||||
|
resumeDevice = true; # resume from hiberation from this device
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
31
machine/vf2/hardware.nix
Normal file
31
machine/vf2/hardware.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{nixos-hardware, ...}: {
|
||||||
|
imports = [
|
||||||
|
"${nixos-hardware}/starfive/visionfive/v2/default.nix"
|
||||||
|
];
|
||||||
|
boot.loader.systemd-boot.extraInstallCommands = ''
|
||||||
|
set -euo pipefail
|
||||||
|
${pkgs.coreutils}/bin/cp --no-preserve=mode -r ${config.hardware.deviceTree.package} ${config.boot.loader.efi.efiSysMountPoint}/
|
||||||
|
for filename in ${config.boot.loader.efi.efiSysMountPoint}/loader/entries/nixos*-generation-[1-9]*.conf; do
|
||||||
|
if ! ${pkgs.gnugrep}/bin/grep -q 'devicetree' $filename; then
|
||||||
|
${pkgs.coreutils}/bin/echo "devicetree /dtbs/${config.hardware.deviceTree.name}" >> $filename
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
hardware.deviceTree.name = "starfive/jh7110-starfive-visionfive-2-v1.3b.dtb";
|
||||||
|
boot.initrd.kernelModules = [
|
||||||
|
"dw_mmc-starfive"
|
||||||
|
"motorcomm"
|
||||||
|
"dwmac-starfive"
|
||||||
|
"cdns3-starfive"
|
||||||
|
"jh7110-trng"
|
||||||
|
"phy-jh7110-usb"
|
||||||
|
"clk-starfive-jh7110-aon"
|
||||||
|
"clk-starfive-jh7110-stg"
|
||||||
|
"clk-starfive-jh7110-vout"
|
||||||
|
"clk-starfive-jh7110-isp"
|
||||||
|
"clk-starfive-jh7100-audio"
|
||||||
|
"phy-jh7110-pcie"
|
||||||
|
"pcie-starfive"
|
||||||
|
"nvme"
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,9 +1,10 @@
|
||||||
{...}: {
|
{disko, ...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./riscv.nix
|
./riscv.nix
|
||||||
./containers/autoconfig.nix
|
./containers/autoconfig.nix
|
||||||
./nix/lix.nix
|
./nix/lix.nix
|
||||||
./environment/impermanence.nix
|
./environment/impermanence.nix
|
||||||
./secrets/sops.nix
|
./secrets/sops.nix
|
||||||
|
disko.nixosModules.default
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,7 @@ with lib; {
|
||||||
{
|
{
|
||||||
assertion =
|
assertion =
|
||||||
if hasAttr "/" config.fileSystems
|
if hasAttr "/" config.fileSystems
|
||||||
then any (t: t == "subvol=root") config.fileSystems."/".options
|
then any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
|
||||||
else false;
|
else false;
|
||||||
message = "rootfs must mount subvolume root";
|
message = "rootfs must mount subvolume root";
|
||||||
}
|
}
|
||||||
|
|
7
services/tailscale.nix
Normal file
7
services/tailscale.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{config, ...}: {
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
authKeyFile = config.sops.secrets."services/tailscale/authKey".path;
|
||||||
|
};
|
||||||
|
sops.secrets."services/tailscale/authKey".sopsFile = ./tailscale.yaml;
|
||||||
|
}
|
32
services/tailscale.yaml
Normal file
32
services/tailscale.yaml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
services:
|
||||||
|
tailscale:
|
||||||
|
authKey: ENC[AES256_GCM,data:VCiJpCOcDzX2JZBgljugvALjF5L/diF454RvYbRQCg7iFXj/Zc/qHTUG6j+VYhnyHG9cACFasXE/cHrExxY=,iv:e8bb3BywefCXoArCTBZknkCbxiBTq5UtMuEW00yuXG0=,tag:G3dIyGW+Q7Je0uscRQ7Img==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcGF4UmpiMm1QeWNMQ3Rr
|
||||||
|
YTZLWlVlSlBMWEJndlZWb2FMbjh3aS9VRWswCmV3RGRLY2VHVmJqbTlWNGdpNWNM
|
||||||
|
SFh4NUZSQ3ZmNGRyR1VYcVZUbExpMVkKLS0tIGJvQVFNTXlINnQwbFc3N2l3UUJy
|
||||||
|
Z1d0QURwUTRFS0hicmwxRUhHOXVzYWMKn/VylEyrs86CQp4FOx093rxH+32Oa6Xx
|
||||||
|
dGTgV4PAUuwwoJiWN7yGMqNbCUuAxdwQCJwq/XShGUSMVhIAo1FnuA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RUVTOXc3ZlNseldZSmZN
|
||||||
|
bmtZTjlJTHZLbUd2bVRzWFk0MDJiZUo2RFM4CkdETzcwUUJRZUZlTm5iTFk4WUJN
|
||||||
|
TFA0c1Rha1JjV2s1amZqT0VKeGMvNW8KLS0tIHJWSjMxQmYzUFE5SnAwZmRQZTRv
|
||||||
|
c2VpVjdEL1pLSUlwRlhVOWUyUlhHeTQKalEeAV7BVFSphEnvL8ZZ8nOLpmOLR/vU
|
||||||
|
lR1z2ujjAXsgybpYANc4rBItKJ8ceo8hLLJs8qNJLyJqPdrdavO4tA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-10-29T09:11:58Z"
|
||||||
|
mac: ENC[AES256_GCM,data:0DTvlOMKIRR11bPB5VElyIKb1Xz5gJZuSOpwahnjlnKF/ba+0RENiKdkb60YTuS6+tv/gVxT+Xs4KWDTJw/3JcTIPhaah3x8q90UfmqE91zLy4oUWzRqFXBDEL5dNtN79/EKI4b19102jSOETvmTTGjjrXV1VSdL0ZMse1g07BA=,iv:WeoU6xUka6zMo5wZviU78OofS5+vTHTWD4m/29hHHp0=,tag:6QessEZIGVRr8NkaLydjtw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.1
|
Loading…
Reference in a new issue