Configure nix-on-droid

flake.lock

@@ -149,6 +149,27 @@
         "type": "github"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-on-droid",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709445365,
+        "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "ixx": {
       "inputs": {
         "flake-utils": [
@@ -200,6 +221,55 @@
         "type": "github"
       }
     },
+    "nix-formatter-pack": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-on-droid",
+          "nixpkgs"
+        ],
+        "nmd": "nmd",
+        "nmt": "nmt"
+      },
+      "locked": {
+        "lastModified": 1705252799,
+        "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
+        "owner": "Gerschtli",
+        "repo": "nix-formatter-pack",
+        "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Gerschtli",
+        "repo": "nix-formatter-pack",
+        "type": "github"
+      }
+    },
+    "nix-on-droid": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nix-formatter-pack": "nix-formatter-pack",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-docs": "nixpkgs-docs",
+        "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
+        "nmd": "nmd_2"
+      },
+      "locked": {
+        "lastModified": 1720396533,
+        "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
+        "owner": "nix-community",
+        "repo": "nix-on-droid",
+        "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-24.05",
+        "repo": "nix-on-droid",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1752048960,
@@ -231,6 +301,38 @@
         "type": "github"
       }
     },
+    "nixpkgs-docs": {
+      "locked": {
+        "lastModified": 1705957679,
+        "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-for-bootstrap": {
+      "locked": {
+        "lastModified": 1720244366,
+        "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
+        "type": "github"
+      }
+    },
     "nixpkgs-pr-feishin": {
       "locked": {
         "lastModified": 1751534869,
@@ -348,6 +450,60 @@
         "type": "github"
       }
     },
+    "nmd": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1666190571,
+        "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
+        "owner": "rycee",
+        "repo": "nmd",
+        "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmd",
+        "type": "gitlab"
+      }
+    },
+    "nmd_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-on-droid",
+          "nixpkgs-docs"
+        ],
+        "scss-reset": "scss-reset"
+      },
+      "locked": {
+        "lastModified": 1705050560,
+        "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
+        "owner": "~rycee",
+        "repo": "nmd",
+        "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
+        "type": "sourcehut"
+      },
+      "original": {
+        "owner": "~rycee",
+        "repo": "nmd",
+        "type": "sourcehut"
+      }
+    },
+    "nmt": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1648075362,
+        "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
+        "owner": "rycee",
+        "repo": "nmt",
+        "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmt",
+        "type": "gitlab"
+      }
+    },
     "nuschtosSearch": {
       "inputs": {
         "flake-utils": "flake-utils",
@@ -401,6 +557,7 @@
       "inputs": {
         "deploy-rs": "deploy-rs",
         "lanzaboote": "lanzaboote",
+        "nix-on-droid": "nix-on-droid",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_3",
         "nixpkgs-pr-feishin": "nixpkgs-pr-feishin",
@@ -431,6 +588,22 @@
         "type": "github"
       }
     },
+    "scss-reset": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1631450058,
+        "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
+        "owner": "andreymatin",
+        "repo": "scss-reset",
+        "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
+        "type": "github"
+      },
+      "original": {
+        "owner": "andreymatin",
+        "repo": "scss-reset",
+        "type": "github"
+      }
+    },
     "secrets": {
       "flake": false,
       "locked": {

flake.nix

@@ -6,6 +6,12 @@
     nixpkgs-pr-fluffychat.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0
     nixpkgs-pr-feishin.url = "github:NixOS/nixpkgs?ref=pull/414929/head"; # Feishin 0.17.0
 
+    # Termux fork with nix installed.
+    nix-on-droid = {
+      url = "github:nix-community/nix-on-droid/release-24.05";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     deploy-rs.url = "github:serokell/deploy-rs"; # Remote deployment
     lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot.
     nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config.
@@ -27,7 +33,7 @@
   } @ inputs: let
     # Import helpers & make functions available.
     helpers = import ./helpers.nix inputs;
-    inherit (helpers) mergeHosts mkHost;
+    inherit (helpers) mergeHosts mkHost mkDroid;
   in
     mergeHosts [
       # ThinkPad T480.
@@ -48,6 +54,13 @@
         ];
       })
 
+      # Pixel 6A.
+      (mkDroid "fairywren" {
+        uid = 10411;
+        gid = 10411;
+        ipAddress = "10.0.1.11";
+      })
+
       # VM running a Minecraft server.
       (mkHost "minecraft" {
         suite = "server/vm";

helpers.nix

@@ -88,8 +88,49 @@ with inputs.nixpkgs.lib; {
         profiles.system = {
           user = "root";
           sshuser = "fern";
-          path = deploypkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname};
+          path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname};
         };
       };
     };
+
+  mkDroid = hostname: {
+    uid,
+    gid,
+    ipAddress,
+  }: let
+    pkgs = import nixpkgs {
+      system = "aarch64-linux";
+      config.allowUnfree = true;
+      overlays = [
+        nix-on-droid.overlays.default
+      ];
+    };
+
+    activateNixOnDroid = configuration:
+      deploy-rs.lib.aarch64-linux.activate.custom
+      configuration.activationPackage
+      "${configuration.activationPackage}/activate";
+  in {
+    nixOnDroidConfigurations.${hostname} = nix-on-droid.lib.nixOnDroidConfiguration {
+      inherit pkgs;
+
+      modules = [
+        ./suites/nix-on-droid
+        {
+          user.uid = uid;
+          user.gid = gid;
+        }
+      ];
+    };
+
+    deploy.nodes.${hostname} = {
+      hostname = ipAddress;
+      profiles.system = {
+        sshUser = "nix-on-droid";
+        user = "nix-on-droid";
+        sshOpts = ["-p" "8022"];
+        path = activateNixOnDroid self.nixOnDroidConfigurations.${hostname};
+      };
+    };
+  };
 }

hosts/muskduck/default.nix

@@ -30,6 +30,19 @@
   # Allow CPU microcode.
   hardware.cpu.intel.updateMicrocode = true;
 
-  # Allows remote deployment on ARM systems (ie. Raspberry Pi).
+  # Building for aarch64 (nix-on-droid & Raspberry Pi).
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  nix.settings.extra-platforms = ["aarch64-linux" "arm-linux"];
+
+  # Cachix for nix-on-droid
+  nix.settings = {
+    substituters = [
+      "https://nix-on-droid.cachix.org"
+      ""
+    ];
+
+    trusted-public-keys = [
+      "nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU="
+    ];
+  };
 }

suites/nix-on-droid/default.nix

@@ -0,0 +1,59 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  sshdTmpDirectory = "${config.user.home}/sshd.tmp";
+  sshdDirectory = "${config.user.home}/.sshd";
+  authorizedKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck";
+  port = 8022;
+
+  sshd-start = pkgs.writeScriptBin "sshd-start" ''
+    #!${pkgs.runtimeShell}
+
+    echo "Starting sshd in non-daemonized way on port ${toString port}"
+    ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D
+  '';
+in {
+  # NixOS version.
+  system.stateVersion = "24.05";
+
+  # Enable flakes.
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  # SSHD script.
+  build.activation.sshd = ''
+    $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh"
+    $DRY_RUN_CMD cat ${authorizedKeys} > "${config.user.home}/.ssh/authorized_keys"
+
+    if [[ ! -d "${sshdDirectory}" ]]; then
+      $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"
+      $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}"
+
+      $VERBOSE_ECHO "Generating host keys..."
+      $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N ""
+
+      $VERBOSE_ECHO "Writing sshd_config..."
+      $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config"
+
+      $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}"
+    fi
+  '';
+
+  # Install some packages.
+  environment.packages = with pkgs; [
+    aria2
+    fish
+    lynx
+    neovim
+    rsync
+    sshd-start
+    tmux
+    trash-cli
+    yazi
+  ];
+}