From eacffaed39a3c82c2e9f3cc1ec4bd8262e7a1534 Mon Sep 17 00:00:00 2001
From: ChaotiCryptidz <chaoticryptidz@owo.monster>
Date: Mon, 3 Jan 2022 16:50:22 +0000
Subject: [PATCH] add raspberry pi, add home.dev.small, add cross to lappy

---
 flake.lock                       | 18 +++++++++---------
 home/dev/{ => all}/archives.nix  |  0
 home/dev/{ => all}/debugging.nix |  0
 home/dev/{ => all}/editors.nix   |  0
 home/dev/{ => all}/extra.nix     |  0
 home/dev/{ => all}/git.nix       |  0
 home/dev/{ => all}/info.nix      |  0
 home/dev/{ => all}/network.nix   |  0
 home/dev/{ => all}/vcs.nix       |  0
 home/dev/small/small.nix         | 12 ++++++++++++
 hosts/default.nix                |  7 +++++++
 hosts/hetzner-vm/hetzner-vm.nix  | 14 ++++----------
 hosts/lappy/lappy.nix            | 11 +++++++++--
 hosts/raspberry/raspberry.nix    | 32 ++++++++++++++++++++++++++++++++
 hosts/rescue/rescue.nix          |  4 ++--
 outputs.nix                      | 13 +++++++++++--
 profiles/base/deployrs.nix       |  6 ++++++
 profiles/base/hardware.nix       |  6 +++---
 profiles/dnscrypt/dnscrypt.nix   |  1 +
 profiles/hardening/hardening.nix |  2 +-
 20 files changed, 97 insertions(+), 29 deletions(-)
 rename home/dev/{ => all}/archives.nix (100%)
 rename home/dev/{ => all}/debugging.nix (100%)
 rename home/dev/{ => all}/editors.nix (100%)
 rename home/dev/{ => all}/extra.nix (100%)
 rename home/dev/{ => all}/git.nix (100%)
 rename home/dev/{ => all}/info.nix (100%)
 rename home/dev/{ => all}/network.nix (100%)
 rename home/dev/{ => all}/vcs.nix (100%)
 create mode 100644 home/dev/small/small.nix
 create mode 100644 hosts/raspberry/raspberry.nix
 create mode 100644 profiles/base/deployrs.nix

diff --git a/flake.lock b/flake.lock
index 510f6ac..bc4fa24 100644
--- a/flake.lock
+++ b/flake.lock
@@ -41,11 +41,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1640943848,
-        "narHash": "sha256-AXmbspe5EXTr2WsGdtBhFgKtGvzMmPBgqOanFvQq974=",
+        "lastModified": 1641121012,
+        "narHash": "sha256-svaOMxNMQgFHjcxdmLojOxTxfqSENtnO+S3kb+npIwY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "89bdef7994a20b5285454bf42c7d2b53b98d5754",
+        "rev": "8e7a10602d1eb1d242c9d3f9b822203d5751a8c6",
         "type": "github"
       },
       "original": {
@@ -72,11 +72,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1641016545,
-        "narHash": "sha256-JMNwvnBzG0RjGG3eH27Y5/GlJ9ryeCdGJfqGbqxnmZY=",
+        "lastModified": 1641194805,
+        "narHash": "sha256-LyPsFnE/yjzeQbqFVampztn6mKkWTD5Q2TRyrReqcZE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6f05cfdb1e78d36c0337516df674560e4b51c79b",
+        "rev": "c38ca58c0b4b5d9423609c58636988a9f81325d6",
         "type": "github"
       },
       "original": {
@@ -86,11 +86,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1640871638,
-        "narHash": "sha256-ty6sGnJUQEkCd43At5U3DRQZD7rPARz5VginSW6hZ3k=",
+        "lastModified": 1640959792,
+        "narHash": "sha256-zYSR//06FU2TDOpKKj0Hkff6unsxk3NwwNFuB1loU6E=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3",
+        "rev": "59bfda72480496f32787cec8c557182738b1bd3f",
         "type": "github"
       },
       "original": {
diff --git a/home/dev/archives.nix b/home/dev/all/archives.nix
similarity index 100%
rename from home/dev/archives.nix
rename to home/dev/all/archives.nix
diff --git a/home/dev/debugging.nix b/home/dev/all/debugging.nix
similarity index 100%
rename from home/dev/debugging.nix
rename to home/dev/all/debugging.nix
diff --git a/home/dev/editors.nix b/home/dev/all/editors.nix
similarity index 100%
rename from home/dev/editors.nix
rename to home/dev/all/editors.nix
diff --git a/home/dev/extra.nix b/home/dev/all/extra.nix
similarity index 100%
rename from home/dev/extra.nix
rename to home/dev/all/extra.nix
diff --git a/home/dev/git.nix b/home/dev/all/git.nix
similarity index 100%
rename from home/dev/git.nix
rename to home/dev/all/git.nix
diff --git a/home/dev/info.nix b/home/dev/all/info.nix
similarity index 100%
rename from home/dev/info.nix
rename to home/dev/all/info.nix
diff --git a/home/dev/network.nix b/home/dev/all/network.nix
similarity index 100%
rename from home/dev/network.nix
rename to home/dev/all/network.nix
diff --git a/home/dev/vcs.nix b/home/dev/all/vcs.nix
similarity index 100%
rename from home/dev/vcs.nix
rename to home/dev/all/vcs.nix
diff --git a/home/dev/small/small.nix b/home/dev/small/small.nix
new file mode 100644
index 0000000..57f6ae1
--- /dev/null
+++ b/home/dev/small/small.nix
@@ -0,0 +1,12 @@
+{tree, ...}: {
+    # basically everything apart from home.dev.debugging
+    imports = with tree; [
+        home.dev.all.archives
+        home.dev.all.editors
+        home.dev.all.extra
+        home.dev.all.git
+        home.dev.all.info
+        home.dev.all.network
+        home.dev.all.vcs
+    ];
+}
\ No newline at end of file
diff --git a/hosts/default.nix b/hosts/default.nix
index c75bbad..d7cfc2d 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -28,4 +28,11 @@ in {
     system = "x86_64-linux";
     modules = defaultModules ++ [ ./hetzner-vm/hetzner-vm.nix ];
   };
+
+  # nix --no-sandbox build .#nixosConfigurations.raspberry.config.system.build.sdImage
+  raspberry = nixpkgs.lib.nixosSystem {
+    specialArgs = defaultSpecialArgs;
+    system = "aarch64-linux";
+    modules = defaultModules ++ [ ./raspberry/raspberry.nix ];
+  };
 }
diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix
index c44fe9f..51ffd8f 100644
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@@ -18,17 +18,11 @@
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
 
-  home-manager.users.root = { imports = with tree; [ home.base ]; };
+  home-manager.users.root = {
+    imports = with tree; [ home.base home.dev.small ];
+  };
   home-manager.users.chaoticryptidz = {
-    imports = with tree; [
-      home.base
-      home.dev.archives
-      home.dev.editors
-      home.dev.git
-      home.dev.info
-      home.dev.network
-      home.dev.vcs
-    ];
+    imports = with tree; [ home.base home.dev.small ];
   };
 
   networking.hostName = "hetzner-vm";
diff --git a/hosts/lappy/lappy.nix b/hosts/lappy/lappy.nix
index 28a42f7..a3d9beb 100644
--- a/hosts/lappy/lappy.nix
+++ b/hosts/lappy/lappy.nix
@@ -5,7 +5,7 @@
     users.root
     users.chaoticryptidz
 
-    profiles.hardening
+    #profiles.hardening
     profiles.tailscale
     profiles.gui
     profiles.laptop
@@ -28,7 +28,7 @@
       #home.bluetooth
       home.gui
       #home.gaming
-      home.dev
+      home.dev.all
       home.network_manager
       home.sway
       #home.reversing
@@ -41,6 +41,13 @@
     ];
   };
 
+  boot.binfmt = {
+    emulatedSystems = [ "aarch64-linux" ];
+    registrations.aarch64-linux = {
+      interpreter = lib.mkForce "${pkgs.qemu}/bin/qemu-aarch64";
+    };
+  };
+
   services.getty.extraArgs =
     [ "--skip-login" "--login-options" "chaoticryptidz" ];
 
diff --git a/hosts/raspberry/raspberry.nix b/hosts/raspberry/raspberry.nix
new file mode 100644
index 0000000..f5faa6c
--- /dev/null
+++ b/hosts/raspberry/raspberry.nix
@@ -0,0 +1,32 @@
+{ tree, modulesPath, config, pkgs, lib, ... }:
+
+{
+  imports = with tree; [
+    users.root
+    users.chaoticryptidz
+    profiles.tailscale
+    profiles.sshd
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+  ];
+
+  home-manager.users.root = { imports = with tree; [ home.base home.dev ]; };
+  home-manager.users.chaoticryptidz = { imports = with tree; [ home.base home.dev ]; };
+
+
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  networking.hostName = "raspberry";
+  time.timeZone = "Europe/London";
+
+  networking.useDHCP = true;
+  networking.wireless = {
+    enable = true;
+    environmentFile = "/secrets/wifi-env";
+    networks.BT-JGA898.psk = "@PSK_HOME@";
+  };
+
+  sdImage.compressImage = lib.mkForce false;
+
+  system.stateVersion = "21.11";
+}
+
diff --git a/hosts/rescue/rescue.nix b/hosts/rescue/rescue.nix
index 7a34644..1d00040 100644
--- a/hosts/rescue/rescue.nix
+++ b/hosts/rescue/rescue.nix
@@ -12,12 +12,12 @@
     (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
   ];
 
-  home-manager.users.root = { imports = with tree; [ home.base ]; };
+  home-manager.users.root = { imports = with tree; [ home.base home.dev.all ]; };
   home-manager.users.chaoticryptidz = {
     imports = with tree; [
       home.base
       home.gui
-      home.dev
+      home.dev.all
       home.network_manager
       home.sway
       home.apps.vivaldi
diff --git a/outputs.nix b/outputs.nix
index 8badc30..b38730e 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -30,7 +30,7 @@ in {
   nixosConfigurations = import ./hosts ({ inherit tree; } // inputs);
 
   deploy.nodes.lappy = {
-    hostname = "lappy.tailscale-internal.owo.monster";
+    hostname = "lappy.tailscale-internal.genderfucked.monster";
     profiles.system = {
       user = "root";
       path = deploy-rs.lib.x86_64-linux.activate.nixos
@@ -38,7 +38,7 @@ in {
     };
   };
   deploy.nodes.hetzner-vm = {
-    hostname = "hetzner-vm.tailscale-internal.owo.monster";
+    hostname = "hetzner-vm.tailscale-internal.genderfucked.monster";
     username = "root";
     profiles.system = {
       user = "root";
@@ -46,4 +46,13 @@ in {
         self.nixosConfigurations.hetzner-vm;
     };
   };
+  deploy.nodes.raspberry = {
+    hostname = "raspberry.tailscale-internal.genderfucked.monster";
+    username = "root";
+    profiles.system = {
+      user = "root";
+      path = deploy-rs.lib.aarch64-linux.activate.nixos
+        self.nixosConfigurations.raspberry;
+    };
+  };
 }
diff --git a/profiles/base/deployrs.nix b/profiles/base/deployrs.nix
new file mode 100644
index 0000000..0e0c870
--- /dev/null
+++ b/profiles/base/deployrs.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  nix.binaryCaches = [ "https://cachix.org/api/v1/cache/serokell" ];
+
+  nix.binaryCachePublicKeys =
+    [ "serokell.cachix.org-1:5DscEJD6c1dD1Mc/phTIbs13+iW22AVbx0HqiSb+Lq8=" ];
+}
diff --git a/profiles/base/hardware.nix b/profiles/base/hardware.nix
index 693730e..d7e98cb 100644
--- a/profiles/base/hardware.nix
+++ b/profiles/base/hardware.nix
@@ -1,7 +1,7 @@
-{ ... }: {
+{ lib, pkgs, ... }: {
   hardware.enableRedistributableFirmware = true;
   hardware.enableAllFirmware = true;
-  hardware.cpu.intel.updateMicrocode = true;
-  hardware.cpu.amd.updateMicrocode = true;
+  hardware.cpu.intel.updateMicrocode = lib.mkIf ("${pkgs.system}" == "x86_64-linux") true;
+  hardware.cpu.amd.updateMicrocode = lib.mkIf ("${pkgs.system}" == "x86_64-linux") true;
   hardware.wirelessRegulatoryDatabase = true;
 }
diff --git a/profiles/dnscrypt/dnscrypt.nix b/profiles/dnscrypt/dnscrypt.nix
index 20854e0..d958834 100644
--- a/profiles/dnscrypt/dnscrypt.nix
+++ b/profiles/dnscrypt/dnscrypt.nix
@@ -21,6 +21,7 @@
       };
 
       server_names = [
+        "cloudflare"
         "acsacsar-ams-ipv4"
         "acsacsar-ams-ipv6"
         "dnscrypt.eu-dk"
diff --git a/profiles/hardening/hardening.nix b/profiles/hardening/hardening.nix
index e07ee85..3d49032 100644
--- a/profiles/hardening/hardening.nix
+++ b/profiles/hardening/hardening.nix
@@ -2,7 +2,7 @@
   # modified from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
   # but with some stuff not turned on
 
-  boot.kernelPackages = pkgs.linuxPackages_hardened;
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
 
   environment.memoryAllocator.provider = "scudo";
   environment.variables.SCUDO_OPTIONS = "ZeroContents=1";