forked from M-Labs/defenestrate
Compare commits
12 Commits
Author | SHA1 | Date | |
---|---|---|---|
81a81b5d03 | |||
bf5533e297 | |||
7b35a5b1d1 | |||
ce0dff385d | |||
4612f3c721 | |||
070b0fae68 | |||
9600954a74 | |||
54f613967f | |||
eeba5b3368 | |||
d1b9ebcc85 | |||
a0d2adfb55 | |||
90aebc778e |
12
README
12
README
@ -1,16 +1,10 @@
|
||||
On build device:
|
||||
* nix-build
|
||||
* (for LAN builds) nix-build --arg mlabs true
|
||||
|
||||
On target device:
|
||||
* Enter BIOS, disable secure boot, enable UEFI PXE network boot
|
||||
* sudo auto-install
|
||||
* sudo reboot
|
||||
* Run memtest86
|
||||
* Copy device database to ~/artiq
|
||||
* Set timezone and kb layout
|
||||
* Set timezone and keyboard layout
|
||||
* Comment out openssh.authorizedKeys.keys
|
||||
* sudo nixos-rebuild boot
|
||||
* sudo nix-collect-garbage -d
|
||||
* history clear
|
||||
|
||||
On build device:
|
||||
* cat sealoff.sh | ssh rabi@artiq "sudo sh"
|
||||
|
38
default.nix
38
default.nix
@ -33,7 +33,7 @@ let
|
||||
parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
|
||||
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
|
||||
parted /dev/nvme0n1 -- set 2 esp on
|
||||
mkfs.btrfs -f -L nixos /dev/nvme0n1p1
|
||||
mkfs.ext4 -L nixos /dev/nvme0n1p1
|
||||
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
mkdir -p /mnt/boot
|
||||
@ -43,26 +43,20 @@ let
|
||||
nixos-install --no-root-password --flake /mnt/etc/nixos#artiq
|
||||
'';
|
||||
|
||||
customModule = mlabs:
|
||||
let storeUrl = "https://nixbld.m-labs.hk" + (if mlabs then "?priority=10" else "");
|
||||
in
|
||||
{
|
||||
system.stateVersion = "24.05";
|
||||
environment.systemPackages = [ autoInstall pkgs.git ];
|
||||
documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215
|
||||
documentation.man.enable = false;
|
||||
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
||||
nix.settings.substituters = [ storeUrl ];
|
||||
};
|
||||
customModule = prioNixbld: {
|
||||
environment.systemPackages = [ autoInstall pkgs.git ];
|
||||
documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215
|
||||
documentation.man.enable = false;
|
||||
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
||||
nix.settings.substituters = [("https://nixbld.m-labs.hk" + (if prioNixbld then "?priority=10" else ""))];
|
||||
system.stateVersion = pkgs.lib.trivial.release;
|
||||
};
|
||||
|
||||
in
|
||||
{ mlabs ? false }:
|
||||
let module = customModule mlabs;
|
||||
in
|
||||
makeNetboot {
|
||||
modules = [
|
||||
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
||||
module
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
}
|
||||
{ prioNixbld ? false }: makeNetboot {
|
||||
modules = [
|
||||
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
|
||||
(customModule prioNixbld)
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
}
|
||||
|
@ -67,22 +67,18 @@
|
||||
pavucontrol
|
||||
rink
|
||||
gimp
|
||||
gnome3.gnome-tweaks
|
||||
gnome-tweaks
|
||||
libreoffice-fresh
|
||||
vscodium
|
||||
];
|
||||
environment.sessionVariables = artiq.qtPaths;
|
||||
|
||||
programs.wireshark.enable = true;
|
||||
programs.wireshark.package = pkgs.wireshark;
|
||||
|
||||
hardware.opengl.driSupport = true;
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
||||
|
||||
services.xserver.enable = true;
|
||||
services.xserver.xkb.layout = "us";
|
||||
|
||||
@ -106,10 +102,10 @@
|
||||
extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
|
||||
initialPassword = "rabi";
|
||||
openssh.authorizedKeys.keys = [
|
||||
# m-labs
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
|
||||
# m-labs
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
|
||||
# m-labs sb
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF/YybP+fQ0J+bNqM5Vgx5vDmVqVWsgUdF1moUxghv7d73GZAFaM6IFBdrXTAa33AwnWwDPMrTgP1V6SXBkb3ciJo/lD1urJGbydbSI5Ksq9d59wvOeANvyWYrQw6+eqTQ=="
|
||||
# m-labs therobs12
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK1tUg7TtceARRnGI80Ai5kNFolFfZ++LH9v1UoRCiJdxeQWPdNYO0Gj7+ejJvgZXwvN4yHGgcZHraEml4Mj/dKrEMFygfuYLDRmXtPFwX6TNMrWlxMhPzuNY+yCaxlqYg=="
|
||||
# quartiq rj
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ=="
|
||||
# quartiq rj
|
||||
@ -132,5 +128,5 @@
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "24.05"; # Did you read the comment?
|
||||
system.stateVersion = "24.11"; # Did you read the comment?
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
{
|
||||
inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-24.05;
|
||||
inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-24.11;
|
||||
inputs.artiq.url = git+https://github.com/m-labs/artiq.git?ref=release-8;
|
||||
outputs = { self, nixpkgs, artiq }: {
|
||||
nixosConfigurations.artiq = nixpkgs.lib.nixosSystem {
|
||||
|
@ -1,5 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
nixos-rebuild boot
|
||||
nix-collect-garbage -d
|
Loading…
Reference in New Issue
Block a user