Commit 923c4139ee67

Vincent Demeester <vincent@sbr.pm>
2025-05-13 10:11:42
systems: add demeter
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 84ceccd
Changed files (6)
systems
athena
boot.nix
extra.nix
demeter
boot.nix
extra.nix
hardware.nix
flake.nix
systems/athena/boot.nix
@@ -4,6 +4,7 @@
   boot = {
     kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
     initrd.systemd.enable = lib.mkForce false;
+    systemd-boot = lib.mkForce false;
     # initrd.systemd.enableTpm2 = false;
     initrd.availableKernelModules = [
       "xhci_pci"
systems/athena/extra.nix
@@ -6,6 +6,8 @@
     ../common/services/prometheus-exporters-bind.nix
   ];
 
+  networking.firewall.enable = false;
+
   services = {
     wireguard = {
       enable = true;
systems/demeter/boot.nix
@@ -0,0 +1,20 @@
+{ lib, pkgs, ... }:
+{
+  console.keyMap = lib.mkForce "us";
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    initrd.systemd.enable = lib.mkForce false;
+    systemd-boot = lib.mkForce false;
+    # initrd.systemd.enableTpm2 = false;
+    initrd.availableKernelModules = [
+      "xhci_pci"
+      "usbhid"
+      "usb_storage"
+    ];
+    loader = {
+      grub.enable = false;
+      systemd-boot.enable = lib.mkForce false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+}
systems/demeter/extra.nix
@@ -0,0 +1,24 @@
+{ globals, ... }:
+{
+  imports = [
+    ../common/services/bind.nix
+    ../common/services/prometheus-exporters-node.nix
+    ../common/services/prometheus-exporters-bind.nix
+  ];
+
+  networking.firewall.enable = false;
+
+  services = {
+    wireguard = {
+      enable = true;
+      ips = globals.fn.wg-ips globals.machines.athena.net.vpn.ips;
+      endpoint = "${globals.net.vpn.endpoint}";
+      endpointPublicKey = "${globals.net.vpn.pubkey}";
+    };
+  };
+
+  # TODO: could be enable by default for all ?
+  security.pam.enableSSHAgentAuth = true;
+
+  security.apparmor.enable = true;
+}
systems/demeter/hardware.nix
@@ -0,0 +1,9 @@
+_: {
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+  };
+}
flake.nix
@@ -92,6 +92,13 @@
           pkgsInput = inputs.nixpkgs-24_11;
           homeInput = inputs.home-manager-24_11;
         };
+        demeter = libx.mkHost {
+          hostname = "demeter";
+          system = "aarch64-linux";
+          hardwareType = "rpi4";
+          pkgsInput = inputs.nixpkgs-24_11;
+          homeInput = inputs.home-manager-24_11;
+        };
         # shikoku = libx.mkHost { hostname = "shikoku"; };
         # FIXME migrate to libx.mkHost
         aomi = inputs.nixpkgs.lib.nixosSystem {
@@ -137,17 +144,6 @@
         #     ./systems/hosts/carthage.nix
         #   ];
         # };
-        # Raspberry PI
-        # athena
-        # athena = inputs.nixpkgs-24_11.lib.nixosSystem {
-        #   system = "aarch64-linux";
-        #   modules = commonModules ++ stableModules ++ [ ./systems/hosts/athena.nix ];
-        # };
-        # demeter
-        demeter = inputs.nixpkgs-24_11.lib.nixosSystem {
-          system = "aarch64-linux";
-          modules = commonModules ++ stableModules ++ [ ./systems/hosts/demeter.nix ];
-        };
       };
 
       nixosModules = {