Skip to content

Instantly share code, notes, and snippets.

@ConradMearns

ConradMearns/deploy.nix

Created June 2, 2020 17:23
Show Gist options
  • Save ConradMearns/0065de13028ffe76fde57f86aeb061e2 to your computer and use it in GitHub Desktop.
Save ConradMearns/0065de13028ffe76fde57f86aeb061e2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deploy.nix
let
mkSystem = cfg: system:
let
# Pin the deployment package-set to a specific version of nixpkgs
pkgs = import (builtins.fetchGit {
name = "nixos-unstable-2020-05-18";
url = "https://github.com/nixos/nixpkgs-channels/";
ref = "refs/heads/nixpkgs-unstable";
rev = "62e866e4fd6e414c469f365e1c9b3fb0c80b8e8d";
}) { inherit system; config.allowUnfree = true; };
in
{ lib, ... }: {
imports = [ cfg ];
nixpkgs.pkgs = lib.mkForce pkgs;
};
in
{
network = {
description = "Deploy Neri";
};
"neri.local" = mkSystem ./node.nix "aarch64-linux";
}
Raw
hardware-pi-4.nix
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
nixpkgs.system = "aarch64-linux";
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 4;
boot.kernelPackages = pkgs.linuxPackages_rpi4;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/FIRMWARE";
# device = "/dev/mmcblk0p1";
fsType = "vfat";
};
"/store" = {
device = "/dev/disk/by-label/STORE";
fsType = "ext4";
};
};
# swapDevices = [{ device = "/swapfile"; size = 2048; }];
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
Raw
node.nix
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-pi-4.nix
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix>
];
networking.hostName = "neri";
users.users.sprout = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
zerotierone
sl
];
services.zerotierone = {
enable = true;
joinNetworks = [ "0cccb752f7cc98bf" ];
};
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.permitRootLogin = "yes";
services.openssh.challengeResponseAuthentication = false;
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
users.extraUsers.root.openssh.authorizedKeys.keys = [( builtins.readFile ./neri_rsa.pub )];
services.nscd.enable = true;
services.avahi = {
enable = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
networking.wireless.enable = false;
system.stateVersion = "20.09";
}
Raw
sd-image.nix
{ config, pkgs, ... }: {
imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix> ];
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.permitRootLogin = "yes";
services.openssh.challengeResponseAuthentication = false;
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
users.extraUsers.root.openssh.authorizedKeys.keys = [( builtins.readFile ./neri_rsa.pub )];
users.users.sprout = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
networking.hostName = "neri";
services.nscd.enable = true;
services.avahi = {
enable = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
networking.wireless.enable = false;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment