Minor improvements and normalization towards Quartiq workflow #6
|
@ -0,0 +1 @@
|
||||||
|
result
|
12
README
12
README
|
@ -1,10 +1,16 @@
|
||||||
|
On build device:
|
||||||
|
* nix-build
|
||||||
|
* (for LAN builds) nix-build --arg mlabs true
|
||||||
|
|
||||||
|
On target device:
|
||||||
* Enter BIOS, disable secure boot, enable UEFI PXE network boot
|
* Enter BIOS, disable secure boot, enable UEFI PXE network boot
|
||||||
* sudo auto-install
|
* sudo auto-install
|
||||||
* sudo reboot
|
* sudo reboot
|
||||||
* Run memtest86
|
* Run memtest86
|
||||||
* Copy device database to ~/artiq
|
* Copy device database to ~/artiq
|
||||||
* Set timezone
|
* Set timezone and kb layout
|
||||||
* Comment out openssh.authorizedKeys.keys
|
* Comment out openssh.authorizedKeys.keys
|
||||||
* sudo nixos-rebuild boot
|
|
||||||
* sudo nix-collect-garbage -d
|
|
||||||
* history clear
|
* history clear
|
||||||
|
|
||||||
|
On build device:
|
||||||
|
* cat sealoff.sh | ssh rabi@artiq "sudo sh"
|
||||||
|
|
35
default.nix
35
default.nix
|
@ -33,7 +33,7 @@ let
|
||||||
parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
|
parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
|
||||||
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
|
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
|
||||||
parted /dev/nvme0n1 -- set 2 esp on
|
parted /dev/nvme0n1 -- set 2 esp on
|
||||||
mkfs.ext4 -L nixos /dev/nvme0n1p1
|
mkfs.btrfs -f -L nixos /dev/nvme0n1p1
|
||||||
|
|||||||
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
||||||
mount /dev/disk/by-label/nixos /mnt
|
mount /dev/disk/by-label/nixos /mnt
|
||||||
mkdir -p /mnt/boot
|
mkdir -p /mnt/boot
|
||||||
|
@ -43,17 +43,26 @@ let
|
||||||
nixos-install --no-root-password --flake /mnt/etc/nixos#artiq
|
nixos-install --no-root-password --flake /mnt/etc/nixos#artiq
|
||||||
'';
|
'';
|
||||||
|
|
||||||
customModule = {
|
customModule = mlabs:
|
||||||
environment.systemPackages = [ autoInstall pkgs.git ];
|
let storeUrl = "https://nixbld.m-labs.hk" + (if mlabs then "?priority=10" else "");
|
||||||
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
in
|
||||||
nix.settings.substituters = ["https://nixbld.m-labs.hk?priority=10"];
|
{
|
||||||
};
|
system.stateVersion = "24.05";
|
||||||
|
environment.systemPackages = [ autoInstall pkgs.git ];
|
||||||
|
documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215
|
||||||
|
documentation.man.enable = false;
|
||||||
|
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
||||||
|
nix.settings.substituters = [ storeUrl ];
|
||||||
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
makeNetboot {
|
{ mlabs ? false }:
|
||||||
modules = [
|
let module = customModule mlabs;
|
||||||
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
in
|
||||||
customModule
|
makeNetboot {
|
||||||
];
|
modules = [
|
||||||
system = "x86_64-linux";
|
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
||||||
}
|
module
|
||||||
|
];
|
||||||
|
system = "x86_64-linux";
|
||||||
|
}
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
console.keyMap = "us";
|
console.keyMap = "us";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
time.timeZone = "Asia/Hong_Kong";
|
time.timeZone = "UTC";
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -84,11 +84,11 @@
|
||||||
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
||||||
|
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.layout = "us";
|
services.xserver.xkb.layout = "us";
|
||||||
|
|
||||||
services.xserver.displayManager.gdm.enable = true;
|
services.xserver.displayManager.gdm.enable = true;
|
||||||
services.xserver.displayManager.autoLogin.enable = true;
|
services.displayManager.autoLogin.enable = true;
|
||||||
services.xserver.displayManager.autoLogin.user = "rabi";
|
services.displayManager.autoLogin.user = "rabi";
|
||||||
# https://github.com/NixOS/nixpkgs/issues/103746
|
# https://github.com/NixOS/nixpkgs/issues/103746
|
||||||
systemd.services."getty@tty1".enable = false;
|
systemd.services."getty@tty1".enable = false;
|
||||||
systemd.services."autovt@tty1".enable = false;
|
systemd.services."autovt@tty1".enable = false;
|
||||||
|
@ -106,8 +106,16 @@
|
||||||
extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
|
extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
|
||||||
initialPassword = "rabi";
|
initialPassword = "rabi";
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
# m-labs
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
|
||||||
|
# m-labs
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
|
||||||
|
# quartiq rj
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ=="
|
||||||
|
# quartiq rj
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY"
|
||||||
|
# quartiq pk
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu6yhjCoZ62eamYrAXtFefDhplTRUIdD4tncwlkyAEH"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
nixos-rebuild boot
|
||||||
|
nix-collect-garbage -d
|
Loading…
Reference in New Issue
According to Phoronix benchmarks, btrfs is slower than ext4 and I think most desktop users won't need the advanced btrfs features. Why do you want it?
If this is controversial we can also make it configurable at netboot image build time, just like the nixbld.m-labs.hk substituter priority.