add raspberry pi, add home.dev.small, add cross to lappy

flake.lock

@@ -41,11 +41,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1640943848,
+        "lastModified": 1641121012,
-        "narHash": "sha256-AXmbspe5EXTr2WsGdtBhFgKtGvzMmPBgqOanFvQq974=",
+        "narHash": "sha256-svaOMxNMQgFHjcxdmLojOxTxfqSENtnO+S3kb+npIwY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "89bdef7994a20b5285454bf42c7d2b53b98d5754",
+        "rev": "8e7a10602d1eb1d242c9d3f9b822203d5751a8c6",
         "type": "github"
       },
       "original": {
@@ -72,11 +72,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1641016545,
+        "lastModified": 1641194805,
-        "narHash": "sha256-JMNwvnBzG0RjGG3eH27Y5/GlJ9ryeCdGJfqGbqxnmZY=",
+        "narHash": "sha256-LyPsFnE/yjzeQbqFVampztn6mKkWTD5Q2TRyrReqcZE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6f05cfdb1e78d36c0337516df674560e4b51c79b",
+        "rev": "c38ca58c0b4b5d9423609c58636988a9f81325d6",
         "type": "github"
       },
       "original": {
@@ -86,11 +86,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1640871638,
+        "lastModified": 1640959792,
-        "narHash": "sha256-ty6sGnJUQEkCd43At5U3DRQZD7rPARz5VginSW6hZ3k=",
+        "narHash": "sha256-zYSR//06FU2TDOpKKj0Hkff6unsxk3NwwNFuB1loU6E=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3",
+        "rev": "59bfda72480496f32787cec8c557182738b1bd3f",
         "type": "github"
       },
       "original": {

home/dev/small/small.nix

@@ -0,0 +1,12 @@
+{tree, ...}: {
+    # basically everything apart from home.dev.debugging
+    imports = with tree; [
+        home.dev.all.archives
+        home.dev.all.editors
+        home.dev.all.extra
+        home.dev.all.git
+        home.dev.all.info
+        home.dev.all.network
+        home.dev.all.vcs
+    ];
+}

hosts/default.nix

@@ -28,4 +28,11 @@ in {
     system = "x86_64-linux";
     modules = defaultModules ++ [ ./hetzner-vm/hetzner-vm.nix ];
   };
+
+  # nix --no-sandbox build .#nixosConfigurations.raspberry.config.system.build.sdImage
+  raspberry = nixpkgs.lib.nixosSystem {
+    specialArgs = defaultSpecialArgs;
+    system = "aarch64-linux";
+    modules = defaultModules ++ [ ./raspberry/raspberry.nix ];
+  };
 }

hosts/hetzner-vm/hetzner-vm.nix

@@ -18,17 +18,11 @@
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
 
-  home-manager.users.root = { imports = with tree; [ home.base ]; };
+  home-manager.users.root = {
+    imports = with tree; [ home.base home.dev.small ];
+  };
   home-manager.users.chaoticryptidz = {
-    imports = with tree; [
+    imports = with tree; [ home.base home.dev.small ];
-      home.base
-      home.dev.archives
-      home.dev.editors
-      home.dev.git
-      home.dev.info
-      home.dev.network
-      home.dev.vcs
-    ];
   };
 
   networking.hostName = "hetzner-vm";

hosts/lappy/lappy.nix

@@ -5,7 +5,7 @@
     users.root
     users.chaoticryptidz
 
-    profiles.hardening
+    #profiles.hardening
     profiles.tailscale
     profiles.gui
     profiles.laptop
@@ -28,7 +28,7 @@
       #home.bluetooth
       home.gui
       #home.gaming
-      home.dev
+      home.dev.all
       home.network_manager
       home.sway
       #home.reversing
@@ -41,6 +41,13 @@
     ];
   };
 
+  boot.binfmt = {
+    emulatedSystems = [ "aarch64-linux" ];
+    registrations.aarch64-linux = {
+      interpreter = lib.mkForce "${pkgs.qemu}/bin/qemu-aarch64";
+    };
+  };
+
   services.getty.extraArgs =
     [ "--skip-login" "--login-options" "chaoticryptidz" ];
 

hosts/raspberry/raspberry.nix

@@ -0,0 +1,32 @@
+{ tree, modulesPath, config, pkgs, lib, ... }:
+
+{
+  imports = with tree; [
+    users.root
+    users.chaoticryptidz
+    profiles.tailscale
+    profiles.sshd
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+  ];
+
+  home-manager.users.root = { imports = with tree; [ home.base home.dev ]; };
+  home-manager.users.chaoticryptidz = { imports = with tree; [ home.base home.dev ]; };
+
+
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  networking.hostName = "raspberry";
+  time.timeZone = "Europe/London";
+
+  networking.useDHCP = true;
+  networking.wireless = {
+    enable = true;
+    environmentFile = "/secrets/wifi-env";
+    networks.BT-JGA898.psk = "@PSK_HOME@";
+  };
+
+  sdImage.compressImage = lib.mkForce false;
+
+  system.stateVersion = "21.11";
+}
+

hosts/rescue/rescue.nix

@@ -12,12 +12,12 @@
     (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
   ];
 
-  home-manager.users.root = { imports = with tree; [ home.base ]; };
+  home-manager.users.root = { imports = with tree; [ home.base home.dev.all ]; };
   home-manager.users.chaoticryptidz = {
     imports = with tree; [
       home.base
       home.gui
-      home.dev
+      home.dev.all
       home.network_manager
       home.sway
       home.apps.vivaldi

outputs.nix

@@ -30,7 +30,7 @@ in {
   nixosConfigurations = import ./hosts ({ inherit tree; } // inputs);
 
   deploy.nodes.lappy = {
-    hostname = "lappy.tailscale-internal.owo.monster";
+    hostname = "lappy.tailscale-internal.genderfucked.monster";
     profiles.system = {
       user = "root";
       path = deploy-rs.lib.x86_64-linux.activate.nixos
@@ -38,7 +38,7 @@ in {
     };
   };
   deploy.nodes.hetzner-vm = {
-    hostname = "hetzner-vm.tailscale-internal.owo.monster";
+    hostname = "hetzner-vm.tailscale-internal.genderfucked.monster";
     username = "root";
     profiles.system = {
       user = "root";
@@ -46,4 +46,13 @@ in {
         self.nixosConfigurations.hetzner-vm;
     };
   };
+  deploy.nodes.raspberry = {
+    hostname = "raspberry.tailscale-internal.genderfucked.monster";
+    username = "root";
+    profiles.system = {
+      user = "root";
+      path = deploy-rs.lib.aarch64-linux.activate.nixos
+        self.nixosConfigurations.raspberry;
+    };
+  };
 }

profiles/base/deployrs.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  nix.binaryCaches = [ "https://cachix.org/api/v1/cache/serokell" ];
+
+  nix.binaryCachePublicKeys =
+    [ "serokell.cachix.org-1:5DscEJD6c1dD1Mc/phTIbs13+iW22AVbx0HqiSb+Lq8=" ];
+}

profiles/base/hardware.nix

@@ -1,7 +1,7 @@
-{ ... }: {
+{ lib, pkgs, ... }: {
   hardware.enableRedistributableFirmware = true;
   hardware.enableAllFirmware = true;
-  hardware.cpu.intel.updateMicrocode = true;
+  hardware.cpu.intel.updateMicrocode = lib.mkIf ("${pkgs.system}" == "x86_64-linux") true;
-  hardware.cpu.amd.updateMicrocode = true;
+  hardware.cpu.amd.updateMicrocode = lib.mkIf ("${pkgs.system}" == "x86_64-linux") true;
   hardware.wirelessRegulatoryDatabase = true;
 }

profiles/dnscrypt/dnscrypt.nix

@@ -21,6 +21,7 @@
       };
 
       server_names = [
+        "cloudflare"
         "acsacsar-ams-ipv4"
         "acsacsar-ams-ipv6"
         "dnscrypt.eu-dk"

profiles/hardening/hardening.nix

@@ -2,7 +2,7 @@
   # modified from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
   # but with some stuff not turned on
 
-  boot.kernelPackages = pkgs.linuxPackages_hardened;
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
 
   environment.memoryAllocator.provider = "scudo";
   environment.variables.SCUDO_OPTIONS = "ZeroContents=1";