repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add turny

Browse Source
This commit is contained in:
Joakim Repomaa
2025-07-23 13:19:06 +03:00
parent e317f9b0e4
commit 4a9dcd098f
8 changed files with 205 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
flake.lock generated
View File

@@ -34,11 +34,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1751144689,
"narHash": "sha256-cgIntaqhcm62V1KU6GmrAGpHpahT4UExEWW2ryS02ZU=",
"lastModified": 1752287590,
"narHash": "sha256-U1IqFnxlgCRrPaeT5IGCdH0j9CNLPFcI/fRAidi0aDQ=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "3ceec72cfb396a8a8de5fe96a9d75a9ce88cc18e",
"rev": "d2beb694d54db653399b8597c0f6e15e20b26405",
"type": "github"
},
"original": {
@@ -49,11 +49,11 @@
},
"crane": {
"locked": {
"lastModified": 1750266157,
"narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=",
"lastModified": 1751562746,
"narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=",
"owner": "ipetkov",
"repo": "crane",
"rev": "e37c943371b73ed87faf33f7583860f81f1d5a48",
"rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd",
"type": "github"
},
"original": {
@@ -194,11 +194,11 @@
]
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
@@ -389,11 +389,11 @@
]
},
"locked": {
"lastModified": 1751810233,
"narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=",
"lastModified": 1752780124,
"narHash": "sha256-5dn97vIYxn6VozKePOQSDxVCsrl38nDdMJXx86KIJH0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068",
"rev": "c718918222bdb104397762dea67e6b397a7927fe",
"type": "github"
},
"original": {
@@ -450,11 +450,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1751381593,
"narHash": "sha256-js1XwtJpYhvQrrTaVzViybpztkHJVZ63aXOlFAcTENM=",
"lastModified": 1752673703,
"narHash": "sha256-9Cc0YqL9ZUpaybJsrRJfXex91QlPmQNqpTLgw/KvJGA=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "f4eb75540307c2b33521322c04b7fea74e48a66f",
"rev": "5a776450d904b7ccd377c2a759703152b2553e98",
"type": "github"
},
"original": {
@@ -486,11 +486,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1751432711,
"narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
"lastModified": 1752666637,
"narHash": "sha256-P8J72psdc/rWliIvp8jUpoQ6qRDlVzgSDDlgkaXQ0Fw=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
"rev": "d1bfa8f6ccfb5c383e1eba609c1eb67ca24ed153",
"type": "github"
},
"original": {
@@ -557,11 +557,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"lastModified": 1752687322,
"narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251",
"type": "github"
},
"original": {
@@ -589,11 +589,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1751203939,
"narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=",
"lastModified": 1751791007,
"narHash": "sha256-JBrPWGksmjAw2X71W+kV6moKqPtnxmwsndMQSi+xcu4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe",
"rev": "e8612a671c4f120f93a5c8dbf0cc225e745a4521",
"type": "github"
},
"original": {
@@ -605,11 +605,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1751741127,
"narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=",
"lastModified": 1752620740,
"narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "29e290002bfff26af1db6f64d070698019460302",
"rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e",
"type": "github"
},
"original": {
@@ -680,6 +680,7 @@
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"syntax-renderer": "syntax-renderer",
"turny": "turny",
"workout-sync": "workout-sync"
}
},
@@ -691,11 +692,11 @@
]
},
"locked": {
"lastModified": 1751165203,
"narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=",
"lastModified": 1751769931,
"narHash": "sha256-QR2Rp/41NkA5YxcpvZEKD1S2QE1Pb9U415aK8M/4tJc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3",
"rev": "3ac4f630e375177ea8317e22f5c804156de177e8",
"type": "github"
},
"original": {
@@ -796,6 +797,29 @@
"type": "github"
}
},
"turny": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752874301,
"narHash": "sha256-A6IZz46Lfopm5UhMtFfBDimepEUt9lGwhWoEIEQHsgk=",
"owner": "~repomaa",
"repo": "turny",
"rev": "133c05151e77616c7973c1c1038506b2fdee8eab",
"type": "sourcehut"
},
"original": {
"owner": "~repomaa",
"repo": "turny",
"type": "sourcehut"
}
},
"workout-sync": {
"inputs": {
"nixpkgs": [

28
flake.nix
View File

@@ -44,6 +44,11 @@
url = "sourcehut:~repomaa/syntax-renderer";
flake = false;
};
turny = {
url = "sourcehut:~repomaa/turny";
inputs.flake-parts.follows = "flake-parts";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
@@ -94,22 +99,30 @@
nixosConfigurations =
let
mkConfiguration =
name:
{
name,
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./modules
./hosts/${name}
];
] ++ extraModules;
};
in
{
radish = mkConfiguration "radish";
radish-vm = mkConfiguration "radish-vm";
freun-dev = mkConfiguration "freun-dev";
apu = mkConfiguration "apu";
radish = mkConfiguration { name = "radish"; };
radish-vm = mkConfiguration { name = "radish-vm"; };
freun-dev = mkConfiguration { name = "freun-dev"; };
apu = mkConfiguration { name = "apu"; };
turny = mkConfiguration {
name = "turny";
extraModules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];
};
};
images.turny = self.nixosConfigurations.turny.config.system.build.sdImage;
colmenaHive = colmena.lib.makeHive self.outputs.colmena;
colmena =
@@ -119,6 +132,9 @@
allowLocalDeployment = true;
targetHost = null;
};
turny = {
targetHost = "10.10.1.233";
};
};
in
{

98
hosts/turny/configuration.nix Normal file
View File

@@ -0,0 +1,98 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{
pkgs,
ssh,
config,
inputs,
...
}:
let
secrets = config.age.secrets;
in
{
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
networking = {
hostName = "turny"; # Define your hostname.
useDHCP = true;
useNetworkd = true;
nftables.enable = true;
wireless = {
enable = true;
networks = {
KotiWLANi.pskRaw = "ext:psk_kotiwlani";
};
secretsFile = secrets.wpa_supplicant.path;
};
};
services.avahi = {
publish.enable = true;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
# Set your time zone.
time.timeZone = "Europe/Helsinki";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Define a user account. Don't forget to set a password with passwd.
users.users.jokke = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [ pkgs.nh ];
openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
initialPassword = "changeme";
};
users.users.root.openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
nix.settings.trusted-users = [ "jokke" ];
environment.systemPackages = with pkgs; [
vim
wget
htop
git
inputs.turny.packages.${stdenv.hostPlatform.system}.default
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
modules.firewall = {
enable = true;
allInterfaces = [ "ssh" ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.05"; # Did you read the comment?
}

9
hosts/turny/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ inputs, ... }:
{
imports = [
./hardware-configuration.nix
./configuration.nix
./secrets.nix
inputs.nixos-hardware.nixosModules.raspberry-pi-3
];
}

4
hosts/turny/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,4 @@
{ lib, ... }:
{
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

15
hosts/turny/secrets.nix Normal file
View File

@@ -0,0 +1,15 @@
{ lib, ... }:
{
age.secrets = lib.listToAttrs (
map
(secret: {
name = secret;
value = {
file = ../../secrets/${secret}.age;
};
})
[
"wpa_supplicant"
]
);
}

3
secrets/secrets.nix
View File

@@ -9,11 +9,13 @@ let
apu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAZkIuXtpP9a9bHkBl+MJI//q3ClMqzx03Rd/Xe4rjc";
freun-dev = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvCSjIjipog1Xf9mPc683r5VSGSjVc8v1UZg5VrbbxM";
radish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQ0fy4n3yyD64+g55eZazeI5g9FurJnlC6fRiOXbbks";
turny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODeWhDvzDGyTGkCoxay80NtgU2OVPL37qXjbhJP7oPJ";
hosts = [
apu
freun-dev
radish
turny
];
in
{
@@ -41,4 +43,5 @@ in
freun-dev
];
"hledger-basic-auth.age".publicKeys = users ++ [ freun-dev ];
"wpa_supplicant.age".publicKeys = users ++ [ turny ];
}

BIN
secrets/wpa_supplicant.age Normal file
View File

Binary file not shown.