From 6d4bfd975e1e606844369b02b08b297befab0d11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20J=C3=B6rdens?= Date: Tue, 1 Oct 2024 15:19:28 +0000 Subject: [PATCH 01/17] quartiq --- default.nix | 3 ++- final/configuration.nix | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/default.nix b/default.nix index 4ce3499..2421fc7 100644 --- a/default.nix +++ b/default.nix @@ -45,8 +45,9 @@ let customModule = { environment.systemPackages = [ autoInstall pkgs.git ]; + documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215 nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; - nix.settings.substituters = ["https://nixbld.m-labs.hk?priority=10"]; + nix.settings.substituters = ["https://nixbld.m-labs.hk"]; }; in diff --git a/final/configuration.nix b/final/configuration.nix index c522199..d5ceaaf 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -32,7 +32,7 @@ console.keyMap = "us"; i18n.defaultLocale = "en_US.UTF-8"; - time.timeZone = "Asia/Hong_Kong"; + time.timeZone = "Europe/Berlin"; nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ @@ -106,8 +106,8 @@ extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"]; initialPassword = "rabi"; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ==" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY" ]; }; security.sudo.wheelNeedsPassword = false; -- 2.44.1 From 6643d4b417514dd9af12afaa7584500d0702dbb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20J=C3=B6rdens?= Date: Tue, 1 Oct 2024 22:27:14 +0000 Subject: [PATCH 02/17] btrfs --- default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/default.nix b/default.nix index 2421fc7..ff71777 100644 --- a/default.nix +++ b/default.nix @@ -33,7 +33,7 @@ let parted /dev/nvme0n1 -- mkpart primary 512MiB 100% parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB parted /dev/nvme0n1 -- set 2 esp on - mkfs.ext4 -L nixos /dev/nvme0n1p1 + mkfs.btrfs -L nixos /dev/nvme0n1p1 mkfs.fat -F 32 -n boot /dev/nvme0n1p2 mount /dev/disk/by-label/nixos /mnt mkdir -p /mnt/boot @@ -44,8 +44,13 @@ let ''; customModule = { + # system.stateVersion = "24.05"; environment.systemPackages = [ autoInstall pkgs.git ]; documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215 + documentation.man.enable = false; + # nix.settings.extra-sandbox-paths = [ "/bin/sh=${pkgs.bash}/bin/sh" ]; + # services.udev.packages = [ pkgs.bash ]; + # services.udev.path = [ pkgs.bash ]; nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; nix.settings.substituters = ["https://nixbld.m-labs.hk"]; }; -- 2.44.1 From 09acb9e0b3a47fddcd80500d3eec7290354771a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20J=C3=B6rdens?= Date: Wed, 2 Oct 2024 12:44:27 +0200 Subject: [PATCH 03/17] remove old wip --- default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/default.nix b/default.nix index ff71777..0699718 100644 --- a/default.nix +++ b/default.nix @@ -48,9 +48,6 @@ let environment.systemPackages = [ autoInstall pkgs.git ]; documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215 documentation.man.enable = false; - # nix.settings.extra-sandbox-paths = [ "/bin/sh=${pkgs.bash}/bin/sh" ]; - # services.udev.packages = [ pkgs.bash ]; - # services.udev.path = [ pkgs.bash ]; nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; nix.settings.substituters = ["https://nixbld.m-labs.hk"]; }; -- 2.44.1 From 889e799eeae82aaf2243473ae5454e893d45b5f8 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 2 Oct 2024 14:24:33 +0200 Subject: [PATCH 04/17] add my ssh key --- final/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/final/configuration.nix b/final/configuration.nix index d5ceaaf..7aa2b4c 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -108,6 +108,7 @@ openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ==" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu6yhjCoZ62eamYrAXtFefDhplTRUIdD4tncwlkyAEH" ]; }; security.sudo.wheelNeedsPassword = false; -- 2.44.1 From 27ad64c3b44cf86d31e9cb022a732a51446d9256 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 2 Oct 2024 14:24:49 +0200 Subject: [PATCH 05/17] add gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result -- 2.44.1 From 4a11e55c13872c2e074d3596c8aaa00b2a2f67f2 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 2 Oct 2024 15:47:59 +0200 Subject: [PATCH 06/17] force fs creation and perform final reboot on auto install --- default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/default.nix b/default.nix index 0699718..a8bf3cc 100644 --- a/default.nix +++ b/default.nix @@ -33,7 +33,7 @@ let parted /dev/nvme0n1 -- mkpart primary 512MiB 100% parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB parted /dev/nvme0n1 -- set 2 esp on - mkfs.btrfs -L nixos /dev/nvme0n1p1 + mkfs.btrfs -f -L nixos /dev/nvme0n1p1 mkfs.fat -F 32 -n boot /dev/nvme0n1p2 mount /dev/disk/by-label/nixos /mnt mkdir -p /mnt/boot @@ -41,6 +41,7 @@ let nixos-generate-config --root /mnt cp ${./final}/* /mnt/etc/nixos nixos-install --no-root-password --flake /mnt/etc/nixos#artiq + reboot ''; customModule = { -- 2.44.1 From aa2acd2ea0e8dbf7faacfde26fc6148021006ba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20J=C3=B6rdens?= Date: Wed, 2 Oct 2024 17:09:47 +0200 Subject: [PATCH 07/17] reboot has been integrated --- README | 1 - 1 file changed, 1 deletion(-) diff --git a/README b/README index 24d732a..81d21d4 100644 --- a/README +++ b/README @@ -1,6 +1,5 @@ * Enter BIOS, disable secure boot, enable UEFI PXE network boot * sudo auto-install -* sudo reboot * Run memtest86 * Copy device database to ~/artiq * Set timezone -- 2.44.1 From e0093e39c121df2e634999e5d84624cbf0969aea Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 9 Oct 2024 12:35:12 +0200 Subject: [PATCH 08/17] generalize timezone --- final/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/final/configuration.nix b/final/configuration.nix index 7aa2b4c..32bf1e4 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -32,7 +32,7 @@ console.keyMap = "us"; i18n.defaultLocale = "en_US.UTF-8"; - time.timeZone = "Europe/Berlin"; + time.timeZone = "UTC"; nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ -- 2.44.1 From af0db5ce6cb7b90fff1c719137ecf65a8126bea8 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 9 Oct 2024 12:35:48 +0200 Subject: [PATCH 09/17] update nix namespaces --- final/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/final/configuration.nix b/final/configuration.nix index 32bf1e4..4a130a3 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -84,11 +84,11 @@ hardware.pulseaudio.package = pkgs.pulseaudioFull; services.xserver.enable = true; - services.xserver.layout = "us"; + services.xserver.xkb.layout = "us"; services.xserver.displayManager.gdm.enable = true; - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "rabi"; + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "rabi"; # https://github.com/NixOS/nixpkgs/issues/103746 systemd.services."getty@tty1".enable = false; systemd.services."autovt@tty1".enable = false; -- 2.44.1 From 3ff34efa1f2ea07b9141b48cd13998f7cf74d3c8 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 9 Oct 2024 12:38:51 +0200 Subject: [PATCH 10/17] set state version to assure data integrity --- default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.nix b/default.nix index a8bf3cc..ee549c0 100644 --- a/default.nix +++ b/default.nix @@ -45,7 +45,7 @@ let ''; customModule = { - # system.stateVersion = "24.05"; + system.stateVersion = "24.05"; environment.systemPackages = [ autoInstall pkgs.git ]; documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215 documentation.man.enable = false; -- 2.44.1 From 024a108c376a1747f4c834b913b17b82e1d298cc Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 9 Oct 2024 12:39:50 +0200 Subject: [PATCH 11/17] update readme --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 81d21d4..1b34911 100644 --- a/README +++ b/README @@ -2,7 +2,7 @@ * sudo auto-install * Run memtest86 * Copy device database to ~/artiq -* Set timezone +* Set timezone and kb layout * Comment out openssh.authorizedKeys.keys * sudo nixos-rebuild boot * sudo nix-collect-garbage -d -- 2.44.1 From 60f681a33e3b043d60a779937b3ccb1663e1bd5a Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Thu, 10 Oct 2024 15:52:01 +0200 Subject: [PATCH 12/17] create seal-off script --- README | 3 +-- final/configuration.nix | 11 ++++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/README b/README index 1b34911..c8ade53 100644 --- a/README +++ b/README @@ -4,6 +4,5 @@ * Copy device database to ~/artiq * Set timezone and kb layout * Comment out openssh.authorizedKeys.keys -* sudo nixos-rebuild boot -* sudo nix-collect-garbage -d +* sudo seal-off * history clear diff --git a/final/configuration.nix b/final/configuration.nix index 4a130a3..b9e1003 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -1,6 +1,14 @@ { config, pkgs, artiq, ... }: -{ +let + sealOff = pkgs.writeShellScriptBin "seal-off" + '' + set -e + nixos-rebuild boot + nix-collect-garbage -d + ''; + +in { imports = [ ./hardware-configuration.nix @@ -36,6 +44,7 @@ nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ + sealOff wget vim gitAndTools.gitFull -- 2.44.1 From 470bf8e5d84777edea9a6e5e33d7d7963eb994e1 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Thu, 10 Oct 2024 15:57:34 +0200 Subject: [PATCH 13/17] readd m-labs ssh keys --- final/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/final/configuration.nix b/final/configuration.nix index b9e1003..d00255b 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -115,6 +115,8 @@ in { extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"]; initialPassword = "rabi"; openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ==" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu6yhjCoZ62eamYrAXtFefDhplTRUIdD4tncwlkyAEH" -- 2.44.1 From c13047636f9a2cf35d7b7968cb0d57c1ec2869db Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Mon, 14 Oct 2024 10:43:01 +0200 Subject: [PATCH 14/17] label ssh keys --- final/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/final/configuration.nix b/final/configuration.nix index d00255b..93ae2db 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -115,10 +115,15 @@ in { extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"]; initialPassword = "rabi"; openssh.authorizedKeys.keys = [ + # m-labs "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN" + # m-labs "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1" + # quartiq rj "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ==" + # quartiq rj "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY" + # quartiq pk "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu6yhjCoZ62eamYrAXtFefDhplTRUIdD4tncwlkyAEH" ]; }; -- 2.44.1 From 10220fb515dd355f3fa31015e3f0f2f0a53c732f Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Mon, 14 Oct 2024 13:52:48 +0200 Subject: [PATCH 15/17] revert auto-reboot --- README | 1 + default.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index c8ade53..488587d 100644 --- a/README +++ b/README @@ -1,5 +1,6 @@ * Enter BIOS, disable secure boot, enable UEFI PXE network boot * sudo auto-install +* sudo reboot * Run memtest86 * Copy device database to ~/artiq * Set timezone and kb layout diff --git a/default.nix b/default.nix index ee549c0..9fdd1b6 100644 --- a/default.nix +++ b/default.nix @@ -41,7 +41,6 @@ let nixos-generate-config --root /mnt cp ${./final}/* /mnt/etc/nixos nixos-install --no-root-password --flake /mnt/etc/nixos#artiq - reboot ''; customModule = { -- 2.44.1 From be9ab284187d60dcc9d90f9aaca1114c59c4d83d Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 16 Oct 2024 13:46:07 +0200 Subject: [PATCH 16/17] add lan store url option as cli flag --- README | 5 +++++ default.nix | 36 +++++++++++++++++++++--------------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/README b/README index 488587d..492113f 100644 --- a/README +++ b/README @@ -1,3 +1,8 @@ +On build device: +* nix-build +* (for LAN builds) nix-build --arg mlabs true + +On target device: * Enter BIOS, disable secure boot, enable UEFI PXE network boot * sudo auto-install * sudo reboot diff --git a/default.nix b/default.nix index 9fdd1b6..094fb85 100644 --- a/default.nix +++ b/default.nix @@ -43,20 +43,26 @@ let nixos-install --no-root-password --flake /mnt/etc/nixos#artiq ''; - customModule = { - system.stateVersion = "24.05"; - environment.systemPackages = [ autoInstall pkgs.git ]; - documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215 - documentation.man.enable = false; - nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; - nix.settings.substituters = ["https://nixbld.m-labs.hk"]; - }; + customModule = mlabs: + let storeUrl = "https://nixbld.m-labs.hk" + (if mlabs then "?priority=10" else ""); + in + { + system.stateVersion = "24.05"; + environment.systemPackages = [ autoInstall pkgs.git ]; + documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215 + documentation.man.enable = false; + nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; + nix.settings.substituters = [ storeUrl ]; + }; in - makeNetboot { - modules = [ - - customModule - ]; - system = "x86_64-linux"; - } + { mlabs ? false }: + let module = customModule mlabs; + in + makeNetboot { + modules = [ + + module + ]; + system = "x86_64-linux"; + } -- 2.44.1 From 9921e719edc430fea58d4ba5a0bbfa51ca4e3f60 Mon Sep 17 00:00:00 2001 From: Phillip Klein Date: Wed, 16 Oct 2024 15:55:16 +0200 Subject: [PATCH 17/17] free target env of seal-off command --- README | 4 +++- final/configuration.nix | 11 +---------- sealoff.sh | 5 +++++ 3 files changed, 9 insertions(+), 11 deletions(-) create mode 100644 sealoff.sh diff --git a/README b/README index 492113f..5165501 100644 --- a/README +++ b/README @@ -10,5 +10,7 @@ On target device: * Copy device database to ~/artiq * Set timezone and kb layout * Comment out openssh.authorizedKeys.keys -* sudo seal-off * history clear + +On build device: +* cat sealoff.sh | ssh rabi@artiq "sudo sh" diff --git a/final/configuration.nix b/final/configuration.nix index 93ae2db..fe5e163 100644 --- a/final/configuration.nix +++ b/final/configuration.nix @@ -1,14 +1,6 @@ { config, pkgs, artiq, ... }: -let - sealOff = pkgs.writeShellScriptBin "seal-off" - '' - set -e - nixos-rebuild boot - nix-collect-garbage -d - ''; - -in { +{ imports = [ ./hardware-configuration.nix @@ -44,7 +36,6 @@ in { nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ - sealOff wget vim gitAndTools.gitFull diff --git a/sealoff.sh b/sealoff.sh new file mode 100644 index 0000000..48ae35b --- /dev/null +++ b/sealoff.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e +nixos-rebuild boot +nix-collect-garbage -d -- 2.44.1