feat(host): add 'eetion' host (as a test for Orange Pi Zero2 H616)

deploy/colmena.nix

@@ -19,10 +19,27 @@ inputs.colmena.lib.makeHive {
 
   vm.deployment.tags = [ "local" ];
 
-  hecuba.deployment = {
+  hecuba =
-    targetHost = "hecuba";
+    { ... }:
-    targetUser = "username";
+    {
-    targetPort = 22;
+      imports = [ ../hosts/hecuba ];
-    tags = [ "cloud" ];
+      deployment = {
-  };
+        targetHost = "hecuba";
+        targetUser = "username";
+        targetPort = 22;
+        tags = [ "cloud" ];
+      };
+    };
+
+  eetion =
+    { ... }:
+    {
+      imports = [ ../hosts/eetion ];
+      deployment = {
+        targetHost = "eetion";
+        targetUser = "h";
+        targetPort = 22;
+        tags = [ "arm" ];
+      };
+    };
 }

flake.nix

@@ -77,7 +77,7 @@
         "nixpkgs=${inputs.nixpkgs}"
       ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
       nixosConfigurations =
-        (lib.genAttrs hostDirNames (
+        (lib.genAttrs (lib.filter (h: h != "eetion") hostDirNames) (
           host:
           nixpkgs.lib.nixosSystem {
             modules = [ ./hosts/${host} ];
@@ -87,6 +87,13 @@
           }
         ))
         // {
+          eetion = nixpkgs.lib.nixosSystem {
+            system = "aarch64-linux";
+            modules = [ ./hosts/eetion ];
+            specialArgs = {
+              inherit inputs outputs dotsPath;
+            };
+          };
           sd-image-aarch64 = nixpkgs.lib.nixosSystem {
             system = "x86_64-linux";
             modules = [

hosts/andromache/default.nix

@@ -90,6 +90,8 @@ in
     };
   };
 
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
   environment.systemPackages = [
     inputs.colmena.packages.${pkgs.system}.colmena
   ];

hosts/eetion/default.nix

@@ -0,0 +1,62 @@
+{ pkgs, ... }:
+
+# Orange Pi Zero2 H616
+# See <https://nixos.wiki/wiki/NixOS_on_ARM/Orange_Pi_Zero2_H616>
+
+let
+  username = "h";
+  hostName = "eetion";
+in
+{
+  imports = [
+    ./hard.nix
+    ../../modules/ssh/hardened-openssh.nix
+  ];
+
+  ssh.username = username;
+  ssh.authorizedHosts = [
+    "andromache"
+    "astyanax"
+  ];
+
+  boot.loader = {
+    grub.enable = false;
+    generic-extlinux-compatible.enable = true;
+  };
+
+  networking.hostName = hostName;
+  networking.networkmanager.enable = true;
+
+  users.users = {
+    root.hashedPassword = "!";
+    ${username} = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  services.openssh = {
+    enable = true;
+    harden = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+  };
+
+  system.stateVersion = "26.05";
+}

hosts/eetion/hard.nix

@@ -0,0 +1,22 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXOS_SD";
+    fsType = "ext4";
+    options = [ "noatime" ];
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}