add vf2
All checks were successful
Hydra devShells.x86_64-linux.default Hydra build #22168 of nixos-config:pr618:devShells.x86_64-linux.default

This commit is contained in:
Charlotte 🦝 Delenk 2024-10-29 13:29:05 +01:00
parent b8f99cf3bc
commit a1d969ffae
12 changed files with 222 additions and 3 deletions

View file

@ -8,3 +8,8 @@ creation_rules:
- age: - age:
- *vf2 - *vf2
- *lotte - *lotte
- path_regex: services/tailscale\.yaml$
key_groups:
- age:
- *vf2
- *lotte

7
config/default.nix Normal file
View file

@ -0,0 +1,7 @@
{nixos-config, ...}: {
imports = [
"${nixos-config}/modules"
"${nixos-config}/services/tailscale.nix"
./systemd-boot.nix
];
}

5
config/systemd-boot.nix Normal file
View file

@ -0,0 +1,5 @@
_: {
boot.loader.systemd-boot.enable = true;
boot.loader.generic-extlinux-compatible.enable = false;
boot.loader.efi.canTouchEfiVariables = true;
}

View file

@ -1,5 +1,25 @@
{ {
"nodes": { "nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730190761,
"narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=",
"owner": "nix-community",
"repo": "disko",
"rev": "3979285062d6781525cded0f6c4ff92e71376b55",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -168,6 +188,21 @@
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": {
"locked": {
"lastModified": 1730161780,
"narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730101162, "lastModified": 1730101162,
@ -250,6 +285,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
@ -258,6 +294,7 @@
"lix": "lix", "lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"nix2container": "nix2container", "nix2container": "nix2container",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"riscv-overlay": "riscv-overlay", "riscv-overlay": "riscv-overlay",

View file

@ -2,6 +2,10 @@
description = "Lottes nix configuration"; description = "Lottes nix configuration";
inputs = { inputs = {
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-compat = { flake-compat = {
url = "github:edolstra/flake-compat"; url = "github:edolstra/flake-compat";
flake = false; flake = false;
@ -39,6 +43,7 @@
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixpkgs.url = "github:nixos/nixpkgs"; nixpkgs.url = "github:nixos/nixpkgs";
pre-commit-hooks = { pre-commit-hooks = {
url = "github:cachix/git-hooks.nix"; url = "github:cachix/git-hooks.nix";
@ -133,6 +138,12 @@
or {} or {}
// inputs'; // inputs';
}); });
systems' = {
vf2 = {
config = ./machine/vf2;
system = "riscv64-linux";
};
};
containers = mapAttrs (_: container: containers = mapAttrs (_: container:
mkSystem { mkSystem {
inherit (container) system; inherit (container) system;
@ -141,8 +152,16 @@
]; ];
}) })
self.nixosContainers; self.nixosContainers;
systems = mapAttrs (_: system:
mkSystem {
inherit (system) system;
modules = [
system.config
];
})
systems';
in in
containers; containers // systems;
hydraJobs = { hydraJobs = {
inherit (self) checks devShells; inherit (self) checks devShells;
nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations; nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;

12
machine/vf2/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
nixos-config,
nixos-hardware,
...
}: {
imports = [
"${nixos-config}/config"
./disko.nix
./hardware.nix
];
system.stateVersion = "24.11";
}

63
machine/vf2/disko.nix Normal file
View file

@ -0,0 +1,63 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/nvme-eui.002538b371b824db";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "1024M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
root = {
size = "-8G";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = ["compress=zstd"];
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/persistent" = {
mountOptions = ["compress=zstd"];
mountpoint = "/persistent";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = ["compress=zstd" "noatime"];
mountpoint = "/nix";
};
};
mountpoint = "/partition-root";
};
};
swap = {
size = "100%";
content = {
type = "swap";
discardPolicy = "both";
resumeDevice = true; # resume from hiberation from this device
};
};
};
};
};
};
};
}

31
machine/vf2/hardware.nix Normal file
View file

@ -0,0 +1,31 @@
{nixos-hardware, ...}: {
imports = [
"${nixos-hardware}/starfive/visionfive/v2/default.nix"
];
boot.loader.systemd-boot.extraInstallCommands = ''
set -euo pipefail
${pkgs.coreutils}/bin/cp --no-preserve=mode -r ${config.hardware.deviceTree.package} ${config.boot.loader.efi.efiSysMountPoint}/
for filename in ${config.boot.loader.efi.efiSysMountPoint}/loader/entries/nixos*-generation-[1-9]*.conf; do
if ! ${pkgs.gnugrep}/bin/grep -q 'devicetree' $filename; then
${pkgs.coreutils}/bin/echo "devicetree /dtbs/${config.hardware.deviceTree.name}" >> $filename
fi
done
'';
hardware.deviceTree.name = "starfive/jh7110-starfive-visionfive-2-v1.3b.dtb";
boot.initrd.kernelModules = [
"dw_mmc-starfive"
"motorcomm"
"dwmac-starfive"
"cdns3-starfive"
"jh7110-trng"
"phy-jh7110-usb"
"clk-starfive-jh7110-aon"
"clk-starfive-jh7110-stg"
"clk-starfive-jh7110-vout"
"clk-starfive-jh7110-isp"
"clk-starfive-jh7100-audio"
"phy-jh7110-pcie"
"pcie-starfive"
"nvme"
];
}

View file

@ -1,9 +1,10 @@
{...}: { {disko, ...}: {
imports = [ imports = [
./riscv.nix ./riscv.nix
./containers/autoconfig.nix ./containers/autoconfig.nix
./nix/lix.nix ./nix/lix.nix
./environment/impermanence.nix ./environment/impermanence.nix
./secrets/sops.nix ./secrets/sops.nix
disko.nixosModules.default
]; ];
} }

View file

@ -56,7 +56,7 @@ with lib; {
{ {
assertion = assertion =
if hasAttr "/" config.fileSystems if hasAttr "/" config.fileSystems
then any (t: t == "subvol=root") config.fileSystems."/".options then any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
else false; else false;
message = "rootfs must mount subvolume root"; message = "rootfs must mount subvolume root";
} }

7
services/tailscale.nix Normal file
View file

@ -0,0 +1,7 @@
{config, ...}: {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."services/tailscale/authKey".path;
};
sops.secrets."services/tailscale/authKey".sopsFile = ./tailscale.yaml;
}

32
services/tailscale.yaml Normal file
View file

@ -0,0 +1,32 @@
services:
tailscale:
authKey: ENC[AES256_GCM,data:VCiJpCOcDzX2JZBgljugvALjF5L/diF454RvYbRQCg7iFXj/Zc/qHTUG6j+VYhnyHG9cACFasXE/cHrExxY=,iv:e8bb3BywefCXoArCTBZknkCbxiBTq5UtMuEW00yuXG0=,tag:G3dIyGW+Q7Je0uscRQ7Img==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcGF4UmpiMm1QeWNMQ3Rr
YTZLWlVlSlBMWEJndlZWb2FMbjh3aS9VRWswCmV3RGRLY2VHVmJqbTlWNGdpNWNM
SFh4NUZSQ3ZmNGRyR1VYcVZUbExpMVkKLS0tIGJvQVFNTXlINnQwbFc3N2l3UUJy
Z1d0QURwUTRFS0hicmwxRUhHOXVzYWMKn/VylEyrs86CQp4FOx093rxH+32Oa6Xx
dGTgV4PAUuwwoJiWN7yGMqNbCUuAxdwQCJwq/XShGUSMVhIAo1FnuA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RUVTOXc3ZlNseldZSmZN
bmtZTjlJTHZLbUd2bVRzWFk0MDJiZUo2RFM4CkdETzcwUUJRZUZlTm5iTFk4WUJN
TFA0c1Rha1JjV2s1amZqT0VKeGMvNW8KLS0tIHJWSjMxQmYzUFE5SnAwZmRQZTRv
c2VpVjdEL1pLSUlwRlhVOWUyUlhHeTQKalEeAV7BVFSphEnvL8ZZ8nOLpmOLR/vU
lR1z2ujjAXsgybpYANc4rBItKJ8ceo8hLLJs8qNJLyJqPdrdavO4tA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-29T09:11:58Z"
mac: ENC[AES256_GCM,data:0DTvlOMKIRR11bPB5VElyIKb1Xz5gJZuSOpwahnjlnKF/ba+0RENiKdkb60YTuS6+tv/gVxT+Xs4KWDTJw/3JcTIPhaah3x8q90UfmqE91zLy4oUWzRqFXBDEL5dNtN79/EKI4b19102jSOETvmTTGjjrXV1VSdL0ZMse1g07BA=,iv:WeoU6xUka6zMo5wZviU78OofS5+vTHTWD4m/29hHHp0=,tag:6QessEZIGVRr8NkaLydjtw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1