fern/flock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configure nix-on-droid

Browse source
This commit is contained in:
Fern Garden 2025-07-16 23:14:52 +08:00
parent c2fc35e12d
commit 11494614c8
5 changed files with 302 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

173
flake.lock generated
View file

@ -149,6 +149,27 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"ixx": { "ixx": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -200,6 +221,55 @@
"type": "github" "type": "github"
} }
}, },
"nix-formatter-pack": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"nmd": "nmd",
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1720396533,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "nix-on-droid",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1752048960, "lastModified": 1752048960,
@ -231,6 +301,38 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs-pr-feishin": { "nixpkgs-pr-feishin": {
"locked": { "locked": {
"lastModified": 1751534869, "lastModified": 1751534869,
@ -348,6 +450,60 @@
"type": "github" "type": "github"
} }
}, },
"nmd": {
"flake": false,
"locked": {
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"repo": "nmd",
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmd_2": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "~rycee",
"repo": "nmd",
"type": "sourcehut"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"nuschtosSearch": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -401,6 +557,7 @@
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nix-on-droid": "nix-on-droid",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-pr-feishin": "nixpkgs-pr-feishin", "nixpkgs-pr-feishin": "nixpkgs-pr-feishin",
@ -431,6 +588,22 @@
"type": "github" "type": "github"
} }
}, },
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {

15
flake.nix
View file

@ -6,6 +6,12 @@
nixpkgs-pr-fluffychat.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0 nixpkgs-pr-fluffychat.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0
nixpkgs-pr-feishin.url = "github:NixOS/nixpkgs?ref=pull/414929/head"; # Feishin 0.17.0 nixpkgs-pr-feishin.url = "github:NixOS/nixpkgs?ref=pull/414929/head"; # Feishin 0.17.0
# Termux fork with nix installed.
nix-on-droid = {
url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs.url = "github:serokell/deploy-rs"; # Remote deployment deploy-rs.url = "github:serokell/deploy-rs"; # Remote deployment
lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot. lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot.
nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config. nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config.
@ -27,7 +33,7 @@
} @ inputs: let } @ inputs: let
# Import helpers & make functions available. # Import helpers & make functions available.
helpers = import ./helpers.nix inputs; helpers = import ./helpers.nix inputs;
inherit (helpers) mergeHosts mkHost; inherit (helpers) mergeHosts mkHost mkDroid;
in in
mergeHosts [ mergeHosts [
# ThinkPad T480. # ThinkPad T480.
@ -48,6 +54,13 @@
]; ];
}) })
# Pixel 6A.
(mkDroid "fairywren" {
uid = 10411;
gid = 10411;
ipAddress = "10.0.1.11";
})
# VM running a Minecraft server. # VM running a Minecraft server.
(mkHost "minecraft" { (mkHost "minecraft" {
suite = "server/vm"; suite = "server/vm";

43
helpers.nix
View file

@ -88,8 +88,49 @@ with inputs.nixpkgs.lib; {
profiles.system = { profiles.system = {
user = "root"; user = "root";
sshuser = "fern"; sshuser = "fern";
path = deploypkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname}; path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname};
}; };
}; };
}; };
mkDroid = hostname: {
uid,
gid,
ipAddress,
}: let
pkgs = import nixpkgs {
system = "aarch64-linux";
config.allowUnfree = true;
overlays = [
nix-on-droid.overlays.default
];
};
activateNixOnDroid = configuration:
deploy-rs.lib.aarch64-linux.activate.custom
configuration.activationPackage
"${configuration.activationPackage}/activate";
in {
nixOnDroidConfigurations.${hostname} = nix-on-droid.lib.nixOnDroidConfiguration {
inherit pkgs;
modules = [
./suites/nix-on-droid
{
user.uid = uid;
user.gid = gid;
}
];
};
deploy.nodes.${hostname} = {
hostname = ipAddress;
profiles.system = {
sshUser = "nix-on-droid";
user = "nix-on-droid";
sshOpts = ["-p" "8022"];
path = activateNixOnDroid self.nixOnDroidConfigurations.${hostname};
};
};
};
} }

15
hosts/muskduck/default.nix
View file

@ -30,6 +30,19 @@
# Allow CPU microcode. # Allow CPU microcode.
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
# Allows remote deployment on ARM systems (ie. Raspberry Pi). # Building for aarch64 (nix-on-droid & Raspberry Pi).
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
nix.settings.extra-platforms = ["aarch64-linux" "arm-linux"];
# Cachix for nix-on-droid
nix.settings = {
substituters = [
"https://nix-on-droid.cachix.org"
""
];
trusted-public-keys = [
"nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU="
];
};
} }

59
suites/nix-on-droid/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
sshdTmpDirectory = "${config.user.home}/sshd.tmp";
sshdDirectory = "${config.user.home}/.sshd";
authorizedKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck";
port = 8022;
sshd-start = pkgs.writeScriptBin "sshd-start" ''
#!${pkgs.runtimeShell}
echo "Starting sshd in non-daemonized way on port ${toString port}"
${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D
'';
in {
# NixOS version.
system.stateVersion = "24.05";
# Enable flakes.
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# SSHD script.
build.activation.sshd = ''
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh"
$DRY_RUN_CMD cat ${authorizedKeys} > "${config.user.home}/.ssh/authorized_keys"
if [[ ! -d "${sshdDirectory}" ]]; then
$DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}"
$VERBOSE_ECHO "Generating host keys..."
$DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N ""
$VERBOSE_ECHO "Writing sshd_config..."
$DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config"
$DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}"
fi
'';
# Install some packages.
environment.packages = with pkgs; [
aria2
fish
lynx
neovim
rsync
sshd-start
tmux
trash-cli
yazi
];
}