Commit 8e4b51453fdf

Vincent Demeester <vincent@sbr.pm>
2024-02-21 12:38:27
Add a new host, athena Raspberry PI 4
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 7c2af21
Changed files (3)
systems
hosts
athena.nix
wakasu.nix
flake.nix
systems/hosts/athena.nix
@@ -0,0 +1,63 @@
+{ pkgs, lib, ... }:
+
+with lib;
+let
+  hostname = "athena";
+  # secretPath = ../../secrets/machines.nix;
+  # secretCondition = (builtins.pathExists secretPath);
+  # 
+  # ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
+  # ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+  # endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
+  # endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
+  # endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+
+  metadata = importTOML ../../ops/hosts.toml;
+in
+{
+  imports = [
+    # (import ../../users/vincent)
+    # (import ../../users/root)
+  ];
+
+  networking = {
+    hostName = hostname;
+    firewall.enable = false; # we are in safe territory :D
+    # bridges.br1.interfaces = [ "enp0s31f6" ];
+    # useDHCP = false;
+    # interfaces.br1 = {
+    #   useDHCP = true;
+    # };
+  };
+
+  # core.boot.systemd-boot = lib.mkForce true;
+  # profiles.base.systemd-boot = lib.mkForce true;
+  # 
+  # modules = {
+  #   services = {
+  #     syncthing = {
+  #       enable = true;
+  #       guiAddress = "${metadata.hosts.sakhalin.wireguard.addrs.v4}:8384";
+  #     };
+  #     avahi.enable = true;
+  #     ssh.enable = true;
+  #   };
+  # };
+  # 
+  # profiles = {
+  #   bind.enable = true;
+  #   home = true;
+  # };
+
+  # services = {
+  #   wireguard = {
+  #     enable = true;
+  #     ips = ips;
+  #     endpoint = endpointIP;
+  #     endpointPort = endpointPort;
+  #     endpointPublicKey = endpointPublicKey;
+  #   };
+  # };
+  security.apparmor.enable = true;
+  security.pam.enableSSHAgentAuth = true;
+}
systems/hosts/wakasu.nix
@@ -91,6 +91,7 @@ in
   ];
 
   modules = {
+    core.binfmt.enable = true;
     editors.emacs.enable = true;
     hardware = {
       yubikey = { enable = true; u2f = true; };
flake.nix
@@ -79,6 +79,16 @@
       ];
     in
     {
+      images = {
+        athena = (self.nixosConfigurations.athena.extendModules {
+          modules = [
+            "${inputs.nixpkgs-23_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+            {
+              disabledModules = [ "profiles/base.nix" ];
+            }
+          ];
+        }).config.system.build.sdImage;
+      };
       nixosConfigurations =
         {
           # Work laptop (unstable)
@@ -120,6 +130,15 @@
               ./systems/hosts/kerkouane.nix
             ];
           };
+          # Raspberry PI
+          # athena
+          athena = inputs.nixpkgs-23_11.lib.nixosSystem {
+            system = "aarch64-linux";
+            modules = stableModules ++ [
+              ./systems/hosts/athena.nix
+            ];
+          };
+          # demeter
         };
 
       # TODO: expose some packages ?