hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:88969087feaaafbb97f223edb46749aaccdea0c2
Branches Tags
hektor:main
...
compare: hektor:1d5c1a7c2a73df548e1f709554d9b4dcfb31398e
Branches Tags
hektor:main

4 Commits
88969087fe ... 1d5c1a7c2a

Author SHA1 Message Date
Hektor Misplon
1d5c1a7c2a fix(ssh): harden ARM SD installer image SSH 2026-02-01 22:57:08 +01:00
Hektor Misplon
0f7f9585b3 feat(host): add 'eetion' host (as a test for Orange Pi Zero2 H616) 2026-02-01 22:56:12 +01:00
Hektor Misplon
ed24f55d15 fix(deploy): add colmena to 'builder' hosts 2026-02-01 22:48:57 +01:00
Hektor Misplon
f5a490d452 refactor: move disko module out of 'common' module 2026-02-01 22:47:24 +01:00
10 changed files with 130 additions and 9 deletions
Expand all files Collapse all files

19
deploy/colmena.nix
View File

@@ -19,10 +19,27 @@ inputs.colmena.lib.makeHive {
vm.deployment.tags = [ "local" ]; vm.deployment.tags = [ "local" ];
hecuba.deployment = { hecuba =
{ ... }:
{
imports = [ ../hosts/hecuba ];
deployment = {
targetHost = "hecuba"; targetHost = "hecuba";
targetUser = "username"; targetUser = "username";
targetPort = 22; targetPort = 22;
tags = [ "cloud" ]; tags = [ "cloud" ];
}; };
};
eetion =
{ ... }:
{
imports = [ ../hosts/eetion ];
deployment = {
targetHost = "eetion";
targetUser = "h";
targetPort = 22;
tags = [ "arm" ];
};
};
} }

9
flake.nix
View File

@@ -77,7 +77,7 @@
"nixpkgs=${inputs.nixpkgs}" "nixpkgs=${inputs.nixpkgs}"
]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md> ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
nixosConfigurations = nixosConfigurations =
(lib.genAttrs hostDirNames ( (lib.genAttrs (lib.filter (h: h != "eetion") hostDirNames) (
host: host:
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ ./hosts/${host} ]; modules = [ ./hosts/${host} ];
@@ -87,6 +87,13 @@
} }
)) ))
// { // {
eetion = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [ ./hosts/eetion ];
specialArgs = {
inherit inputs outputs dotsPath;
};
};
sd-image-aarch64 = nixpkgs.lib.nixosSystem { sd-image-aarch64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [

7
hosts/andromache/default.nix
View File

@@ -13,6 +13,7 @@ let
in in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
../../modules/common ../../modules/common
./hard.nix ./hard.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
@@ -89,6 +90,12 @@ in
}; };
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
];
services = { services = {
xserver = { xserver = {

2
hosts/astyanax/default.nix
View File

@@ -13,6 +13,7 @@ let
in in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
../../modules/common ../../modules/common
./hard.nix ./hard.nix
inputs.nixos-hardware.nixosModules.common-pc inputs.nixos-hardware.nixosModules.common-pc
@@ -75,6 +76,7 @@ in
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "wol-andromache"; name = "wol-andromache";
runtimeInputs = [ pkgs.wakeonlan ]; runtimeInputs = [ pkgs.wakeonlan ];

62
hosts/eetion/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{ pkgs, ... }:
# Orange Pi Zero2 H616
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Orange_Pi_Zero2_H616>
let
username = "h";
hostName = "eetion";
in
{
imports = [
./hard.nix
../../modules/ssh/hardened-openssh.nix
];
ssh.username = username;
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
boot.loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
networking.hostName = hostName;
networking.networkmanager.enable = true;
users.users = {
root.hashedPassword = "!";
${username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
};
environment.systemPackages = with pkgs; [
vim
git
];
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"@wheel"
];
};
system.stateVersion = "26.05";
}

22
hosts/eetion/hard.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

1
hosts/hecuba/default.nix
View File

@@ -15,6 +15,7 @@ let
in in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
../../modules/common ../../modules/common
./hard.nix ./hard.nix
../../modules/ssh/hardened-openssh.nix ../../modules/ssh/hardened-openssh.nix

1
hosts/vm/default.nix
View File

@@ -12,6 +12,7 @@ let
in in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
../../modules/common ../../modules/common
./hard.nix ./hard.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops

5
images/sd-image-aarch64.nix
View File

@@ -37,7 +37,10 @@ in
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
services.openssh.enable = true; services.openssh = {
enable = true;
harden = true;
};
# sdImage.postBuildCommands = # sdImage.postBuildCommands =
# let # let

1
modules/common/default.nix
View File

@@ -7,7 +7,6 @@
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
]; ];