Minor improvements and normalization towards Quartiq workflow #6
|
@ -0,0 +1 @@
|
||||||
|
result
|
12
README
12
README
|
@ -1,10 +1,16 @@
|
||||||
|
On build device:
|
||||||
|
* nix-build
|
||||||
|
* (for LAN builds) nix-build --arg mlabs true
|
||||||
|
|
||||||
|
On target device:
|
||||||
* Enter BIOS, disable secure boot, enable UEFI PXE network boot
|
* Enter BIOS, disable secure boot, enable UEFI PXE network boot
|
||||||
* sudo auto-install
|
* sudo auto-install
|
||||||
* sudo reboot
|
* sudo reboot
|
||||||
|
|||||||
* Run memtest86
|
* Run memtest86
|
||||||
* Copy device database to ~/artiq
|
* Copy device database to ~/artiq
|
||||||
* Set timezone
|
* Set timezone and kb layout
|
||||||
* Comment out openssh.authorizedKeys.keys
|
* Comment out openssh.authorizedKeys.keys
|
||||||
* sudo nixos-rebuild boot
|
|
||||||
* sudo nix-collect-garbage -d
|
|
||||||
* history clear
|
* history clear
|
||||||
|
|
||||||
|
On build device:
|
||||||
|
* cat sealoff.sh | ssh rabi@artiq "sudo sh"
|
||||||
|
|
17
default.nix
17
default.nix
|
@ -33,7 +33,7 @@ let
|
||||||
parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
|
parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
|
||||||
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
|
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
|
||||||
parted /dev/nvme0n1 -- set 2 esp on
|
parted /dev/nvme0n1 -- set 2 esp on
|
||||||
mkfs.ext4 -L nixos /dev/nvme0n1p1
|
mkfs.btrfs -f -L nixos /dev/nvme0n1p1
|
||||||
sb10q
commented
According to Phoronix benchmarks, btrfs is slower than ext4 and I think most desktop users won't need the advanced btrfs features. Why do you want it? If this is controversial we can also make it configurable at netboot image build time, just like the nixbld.m-labs.hk substituter priority. According to Phoronix benchmarks, btrfs is slower than ext4 and I think most desktop users won't need the advanced btrfs features. Why do you want it?
If this is controversial we can also make it configurable at netboot image build time, just like the nixbld.m-labs.hk substituter priority.
|
|||||||
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
||||||
mount /dev/disk/by-label/nixos /mnt
|
mount /dev/disk/by-label/nixos /mnt
|
||||||
mkdir -p /mnt/boot
|
mkdir -p /mnt/boot
|
||||||
|
@ -43,17 +43,26 @@ let
|
||||||
nixos-install --no-root-password --flake /mnt/etc/nixos#artiq
|
nixos-install --no-root-password --flake /mnt/etc/nixos#artiq
|
||||||
'';
|
'';
|
||||||
|
|
||||||
customModule = {
|
customModule = mlabs:
|
||||||
|
let storeUrl = "https://nixbld.m-labs.hk" + (if mlabs then "?priority=10" else "");
|
||||||
|
in
|
||||||
|
{
|
||||||
|
system.stateVersion = "24.05";
|
||||||
environment.systemPackages = [ autoInstall pkgs.git ];
|
environment.systemPackages = [ autoInstall pkgs.git ];
|
||||||
|
documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215
|
||||||
|
documentation.man.enable = false;
|
||||||
sb10q marked this conversation as resolved
Outdated
sb10q
commented
The priority setting is there for a reason: most packages get downloaded from the LAN when we install here. The priority setting is there for a reason: most packages get downloaded from the LAN when we install here.
It's probably not what you want from Germany, so make it configurable (i.e. option in default.nix, which can be off by default, and which would be turned on when building the netboot image on nixbld).
|
|||||||
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
||||||
nix.settings.substituters = ["https://nixbld.m-labs.hk?priority=10"];
|
nix.settings.substituters = [ storeUrl ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
in
|
||||||
|
{ mlabs ? false }:
|
||||||
|
let module = customModule mlabs;
|
||||||
in
|
in
|
||||||
makeNetboot {
|
makeNetboot {
|
||||||
modules = [
|
modules = [
|
||||||
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
||||||
customModule
|
module
|
||||||
];
|
];
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
console.keyMap = "us";
|
console.keyMap = "us";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
time.timeZone = "Asia/Hong_Kong";
|
time.timeZone = "UTC";
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -84,11 +84,11 @@
|
||||||
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
||||||
|
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.layout = "us";
|
services.xserver.xkb.layout = "us";
|
||||||
|
|
||||||
services.xserver.displayManager.gdm.enable = true;
|
services.xserver.displayManager.gdm.enable = true;
|
||||||
services.xserver.displayManager.autoLogin.enable = true;
|
services.displayManager.autoLogin.enable = true;
|
||||||
services.xserver.displayManager.autoLogin.user = "rabi";
|
services.displayManager.autoLogin.user = "rabi";
|
||||||
# https://github.com/NixOS/nixpkgs/issues/103746
|
# https://github.com/NixOS/nixpkgs/issues/103746
|
||||||
systemd.services."getty@tty1".enable = false;
|
systemd.services."getty@tty1".enable = false;
|
||||||
systemd.services."autovt@tty1".enable = false;
|
systemd.services."autovt@tty1".enable = false;
|
||||||
|
@ -106,8 +106,16 @@
|
||||||
extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
|
extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
|
||||||
initialPassword = "rabi";
|
initialPassword = "rabi";
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
# m-labs
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
|
||||||
|
# m-labs
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
|
||||||
|
# quartiq rj
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ=="
|
||||||
|
# quartiq rj
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY"
|
||||||
|
# quartiq pk
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu6yhjCoZ62eamYrAXtFefDhplTRUIdD4tncwlkyAEH"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
nixos-rebuild boot
|
||||||
|
nix-collect-garbage -d
|
Loading…
Reference in New Issue
The issue with auto-reboot here is you need to monitor the installation and then select memtest86 after it has finished.
Either somehow set up the bootloader so it runs memtest86 on the first boot, or move memtest86 at the end (but user reboot is still necessary so it's not clear what has been added with auto-reboot, and also auto-reboot loses any messages printed by nixos-install), or revert this change.