diff --git a/flake.nix b/flake.nix index b06909f..a34ea46 100644 --- a/flake.nix +++ b/flake.nix @@ -20,8 +20,6 @@ }; inherit (inputs.nixpkgs) lib; commonModules = [ - ./modules/boot.nix - ./modules/networking.nix ./modules/nix-config.nix ./modules/security.nix ./modules/users.nix @@ -38,15 +36,67 @@ ++ lib.optionals (type == "desktop") desktopModules # Options for specific hostnames. ++ (lib.optionals (hostname == "nemesis") [ + ./modules/boot.nix ./modules/bootloaders/systemd-boot.nix ./modules/filesystems/hw-nemesis.nix ./modules/hardware/cpu_amd.nix ./modules/hardware/nvidia.nix + ./modules/networking.nix + inputs.nixos-hardware.nixosModules.gigabyte-b650 + { + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + } ]) ++ (lib.optionals (hostname == "mellinoe" || hostname == "apollo") [ + ./modules/boot.nix ./modules/bootloaders/systemd-boot.nix ./modules/filesystems/impermanence.nix ./modules/hardware/cpu_intel.nix + ./modules/networking.nix + ]) + ++ (lib.optionals (hostname == "orpheus") [ + # inputs.nixos-hardware.nixosModules.raspberry-pi-4 + # Base SD image module for the target architecture + "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + ( + { + pkgs, + config, + lib, + ... + }: + { + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + # fileSystems."/" = { + # device = bootDisk; + # fsType = "ext4"; + # }; + services.cage = { + enable = true; + user = "rafiq"; + program = "${pkgs.firefox}/bin/firefox -kiosk -private-window https://youtube.com/tv"; + }; + networking = { + hostName = hostname; + useDHCP = lib.mkDefault true; + + # Configures a simple stateful firewall. + # By default, it doesn't allow any incoming connections. + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + ]; + }; + }; + services.openssh.enable = true; + services.openssh.settings.PrintMotd = true; + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets.ts_auth_key.path; + }; + } + ) ]); }; }; @@ -58,7 +108,11 @@ ) (mkSystem "desktop" "mellinoe" "/dev/disk/by-id/nvme-eui.01000000000000008ce38e04019a68ab") (mkSystem "headless" "apollo" "/dev/disk/by-id/nvme-eui.002538d221b47b01") + (mkSystem "headless" "orpheus" "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888") ]; + + # Make the SD image the default build output for `nix build` + packages.aarch64-linux.default = self.nixosConfigurations.orpheus.config.system.build.sdImage; }; inputs = { impermanence.url = "github:nix-community/impermanence"; diff --git a/modules/nix-config.nix b/modules/nix-config.nix index dd05bb8..22e8fc4 100644 --- a/modules/nix-config.nix +++ b/modules/nix-config.nix @@ -13,7 +13,13 @@ trusted-users = [ "@wheel" ]; # Add binary caches to avoid having to compile them - substituters = [ "https://nix-community.cachix.org" ]; - trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; }; }