diff --git a/flake.lock b/flake.lock index 1c431ea..648cc78 100755 --- a/flake.lock +++ b/flake.lock @@ -149,6 +149,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "ixx": { "inputs": { "flake-utils": [ @@ -200,6 +221,55 @@ "type": "github" } }, + "nix-formatter-pack": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd", + "nmt": "nmt" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-on-droid": { + "inputs": { + "home-manager": "home-manager", + "nix-formatter-pack": "nix-formatter-pack", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-docs": "nixpkgs-docs", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", + "nmd": "nmd_2" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1752048960, @@ -231,6 +301,38 @@ "type": "github" } }, + "nixpkgs-docs": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-for-bootstrap": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, "nixpkgs-pr-feishin": { "locked": { "lastModified": 1751534869, @@ -348,6 +450,60 @@ "type": "github" } }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_2": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmt": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils", @@ -401,6 +557,7 @@ "inputs": { "deploy-rs": "deploy-rs", "lanzaboote": "lanzaboote", + "nix-on-droid": "nix-on-droid", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-pr-feishin": "nixpkgs-pr-feishin", @@ -431,6 +588,22 @@ "type": "github" } }, + "scss-reset": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, "secrets": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index a1e7a06..28e4e14 100755 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,12 @@ nixpkgs-pr-fluffychat.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0 nixpkgs-pr-feishin.url = "github:NixOS/nixpkgs?ref=pull/414929/head"; # Feishin 0.17.0 + # Termux fork with nix installed. + nix-on-droid = { + url = "github:nix-community/nix-on-droid/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + deploy-rs.url = "github:serokell/deploy-rs"; # Remote deployment lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot. nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config. @@ -27,7 +33,7 @@ } @ inputs: let # Import helpers & make functions available. helpers = import ./helpers.nix inputs; - inherit (helpers) mergeHosts mkHost; + inherit (helpers) mergeHosts mkHost mkDroid; in mergeHosts [ # ThinkPad T480. @@ -48,6 +54,13 @@ ]; }) + # Pixel 6A. + (mkDroid "fairywren" { + uid = 10411; + gid = 10411; + ipAddress = "10.0.1.11"; + }) + # VM running a Minecraft server. (mkHost "minecraft" { suite = "server/vm"; diff --git a/helpers.nix b/helpers.nix index e54b25a..5752db1 100644 --- a/helpers.nix +++ b/helpers.nix @@ -88,8 +88,49 @@ with inputs.nixpkgs.lib; { profiles.system = { user = "root"; sshuser = "fern"; - path = deploypkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname}; + path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname}; }; }; }; + + mkDroid = hostname: { + uid, + gid, + ipAddress, + }: let + pkgs = import nixpkgs { + system = "aarch64-linux"; + config.allowUnfree = true; + overlays = [ + nix-on-droid.overlays.default + ]; + }; + + activateNixOnDroid = configuration: + deploy-rs.lib.aarch64-linux.activate.custom + configuration.activationPackage + "${configuration.activationPackage}/activate"; + in { + nixOnDroidConfigurations.${hostname} = nix-on-droid.lib.nixOnDroidConfiguration { + inherit pkgs; + + modules = [ + ./suites/nix-on-droid + { + user.uid = uid; + user.gid = gid; + } + ]; + }; + + deploy.nodes.${hostname} = { + hostname = ipAddress; + profiles.system = { + sshUser = "nix-on-droid"; + user = "nix-on-droid"; + sshOpts = ["-p" "8022"]; + path = activateNixOnDroid self.nixOnDroidConfigurations.${hostname}; + }; + }; + }; } diff --git a/hosts/muskduck/default.nix b/hosts/muskduck/default.nix index 6c29ed5..2d254d1 100644 --- a/hosts/muskduck/default.nix +++ b/hosts/muskduck/default.nix @@ -30,6 +30,19 @@ # Allow CPU microcode. hardware.cpu.intel.updateMicrocode = true; - # Allows remote deployment on ARM systems (ie. Raspberry Pi). + # Building for aarch64 (nix-on-droid & Raspberry Pi). boot.binfmt.emulatedSystems = ["aarch64-linux"]; + nix.settings.extra-platforms = ["aarch64-linux" "arm-linux"]; + + # Cachix for nix-on-droid + nix.settings = { + substituters = [ + "https://nix-on-droid.cachix.org" + "" + ]; + + trusted-public-keys = [ + "nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU=" + ]; + }; } diff --git a/suites/nix-on-droid/default.nix b/suites/nix-on-droid/default.nix new file mode 100644 index 0000000..69c7ff6 --- /dev/null +++ b/suites/nix-on-droid/default.nix @@ -0,0 +1,59 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; let + sshdTmpDirectory = "${config.user.home}/sshd.tmp"; + sshdDirectory = "${config.user.home}/.sshd"; + authorizedKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck"; + port = 8022; + + sshd-start = pkgs.writeScriptBin "sshd-start" '' + #!${pkgs.runtimeShell} + + echo "Starting sshd in non-daemonized way on port ${toString port}" + ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D + ''; +in { + # NixOS version. + system.stateVersion = "24.05"; + + # Enable flakes. + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + # SSHD script. + build.activation.sshd = '' + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" + $DRY_RUN_CMD cat ${authorizedKeys} > "${config.user.home}/.ssh/authorized_keys" + + if [[ ! -d "${sshdDirectory}" ]]; then + $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" + + $VERBOSE_ECHO "Generating host keys..." + $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" + + $VERBOSE_ECHO "Writing sshd_config..." + $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" + + $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" + fi + ''; + + # Install some packages. + environment.packages = with pkgs; [ + aria2 + fish + lynx + neovim + rsync + sshd-start + tmux + trash-cli + yazi + ]; +}