diff --git a/nixops/nixops.nix b/nixops/nixops.nix index 617f7e5..561a1da 100644 --- a/nixops/nixops.nix +++ b/nixops/nixops.nix @@ -9,7 +9,6 @@ rpi-2 = import ./rpi.nix { host = "rpi-2"; rpi4 = false; experimental-users = true; }; rpi-3 = import ./rpi.nix { host = "rpi-3"; rpi4 = true; }; rpi-4 = import ./rpi.nix { host = "rpi-4"; rpi4 = true; }; - rpi-ext = import ./rpi-server.nix { host = "rpi-ext"; rpi4 = true; }; zeus = import ./desktop.nix { host = "zeus"; }; hera = import ./desktop.nix { host = "hera"; }; hestia = import ./desktop.nix { host = "hestia"; }; diff --git a/nixops/rpi-server.nix b/nixops/rpi-server.nix deleted file mode 100644 index 6505419..0000000 --- a/nixops/rpi-server.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ host, rpi4 }: - -{ config, pkgs, ... }: -{ - deployment.targetHost = host; - deployment.hasFastConnection = true; - nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; - programs.command-not-found.dbPath = "${pkgs.path}/programs.sqlite"; - nixpkgs.system = "aarch64-linux"; - - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.kernelParams = ["cma=64M"]; # work around https://github.com/raspberrypi/linux/issues/3208 - boot.kernelPackages = pkgs.linuxPackages_rpi4; - boot.initrd.includeDefaultModules = false; - - fileSystems = { - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.extraConfig = - '' - StreamLocalBindUnlink yes - ''; - programs.mosh.enable = true; - - networking.hostName = host; - time.timeZone = "Asia/Hong_Kong"; - - hardware.enableRedistributableFirmware = true; - services.hostapd = { - enable = true; - interface = "wlan0"; - hwMode = "g"; - ssid = "M-Labs-ext"; - wpaPassphrase = (import /etc/nixos/secret/wifi_ext_password.nix); - extraConfig = '' - ieee80211d=1 - country_code=HK - ieee80211n=1 - wmm_enabled=1 - auth_algs=1 - wpa_key_mgmt=WPA-PSK - rsn_pairwise=CCMP - ''; - }; - networking.interfaces.eth0 = { - ipv4.addresses = [{ - address = "192.168.1.30"; - prefixLength = 24; - }]; - ipv6.addresses = [{ - address = "2001:470:f821:1:dea6:32ff:fe95:2fcf"; - prefixLength = 64; - }]; - ipv4.routes = [{ - address = "0.0.0.0"; - prefixLength = 0; - via = "192.168.1.1"; - }]; - ipv6.routes = [{ - address = "::"; - prefixLength = 0; - via = "fe80::523e:aaff:fe0c:e49d"; - }]; - }; - networking.interfaces.wlan0 = { - ipv4.addresses = [{ - address = "192.168.13.1"; - prefixLength = 24; - }]; - ipv6.addresses = [{ - address = "2001:470:f821:3::"; - prefixLength = 64; - }]; - }; - services.dnsmasq = { - enable = true; - servers = ["192.168.1.1#53"]; - extraConfig = '' - interface=wlan0 - bind-interfaces - dhcp-range=192.168.13.10,192.168.13.254,24h - enable-ra - dhcp-range=::,constructor:wlan0,ra-only - no-resolv - ''; - }; - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = "1"; - boot.kernel.sysctl."net.ipv6.conf.default.forwarding" = "1"; - - users.extraGroups.plugdev = { }; - users.mutableUsers = false; - users.defaultUserShell = pkgs.fish; - users.extraUsers = import ./common-users.nix { inherit pkgs; }; - security.sudo.wheelNeedsPassword = false; - services.udev.extraRules = (import ./extra-udev.nix); - - documentation.enable = false; - environment.systemPackages = with pkgs; [ - psmisc wget vim git sshfs usbutils lm_sensors file mosh tmux - imagemagick - ]; - programs.fish.enable = true; - - networking.firewall.allowedTCPPorts = [ 631 ]; - networking.firewall.interfaces.wlan0.allowedUDPPorts = [ 53 67 ]; - - nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; - nix.settings.substituters = ["https://nixbld.m-labs.hk" "https://cache.nixos.org"]; - nix.settings.trusted-users = ["root" "sb"]; - - nix.extraOptions = '' - experimental-features = nix-command flakes impure-derivations - ''; -}