From 5be59e32d1ffc39bfdb715ce72365d29ff293f93 Mon Sep 17 00:00:00 2001 From: sinavir Date: Fri, 8 Mar 2024 17:04:42 +0100 Subject: [PATCH] rigel: init (raspi-pls) --- machines/rigel/README.md | 3 ++ machines/rigel/_configuration.nix | 60 +++++++++++++++++++++ machines/rigel/bootloader.nix | 4 ++ machines/rigel/keys.keys | 1 + machines/rigel/kfet_lauchpad_controller.nix | 37 +++++++++++++ machines/rigel/launchpad.nix | 39 ++++++++++++++ machines/rigel/launchpad.patch | 13 +++++ machines/rigel/lpminimk3.nix | 42 +++++++++++++++ machines/rigel/networking.nix | 46 ++++++++++++++++ machines/rigel/nix-conf.nix | 14 +++++ machines/rigel/programs.nix | 27 ++++++++++ machines/rigel/ssh.nix | 4 ++ machines/rigel/users.nix | 11 ++++ meta.nix | 6 +++ 14 files changed, 307 insertions(+) create mode 100644 machines/rigel/README.md create mode 100644 machines/rigel/_configuration.nix create mode 100644 machines/rigel/bootloader.nix create mode 100644 machines/rigel/keys.keys create mode 100644 machines/rigel/kfet_lauchpad_controller.nix create mode 100644 machines/rigel/launchpad.nix create mode 100644 machines/rigel/launchpad.patch create mode 100644 machines/rigel/lpminimk3.nix create mode 100644 machines/rigel/networking.nix create mode 100644 machines/rigel/nix-conf.nix create mode 100644 machines/rigel/programs.nix create mode 100644 machines/rigel/ssh.nix create mode 100644 machines/rigel/users.nix diff --git a/machines/rigel/README.md b/machines/rigel/README.md new file mode 100644 index 0000000..0a709d8 --- /dev/null +++ b/machines/rigel/README.md @@ -0,0 +1,3 @@ +Put pls key in keys.keys + +Put pls mac in networking.nix diff --git a/machines/rigel/_configuration.nix b/machines/rigel/_configuration.nix new file mode 100644 index 0000000..3d58d50 --- /dev/null +++ b/machines/rigel/_configuration.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: let + launchpad = + pkgs.python3.withPackages ( ps: [ (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix {}; })]); +in + { + imports = [ + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + ./bootloader.nix + ./networking.nix + ./nix-conf.nix + ./programs.nix + ./ssh.nix + ./users.nix + ]; + + nix.settings.substituters = lib.mkForce []; + + + networking.hostName = "rigel"; # Define your hostname. + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + environment.systemPackages = [ + launchpad + ]; + + systemd.services.launchpad = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = [ launchpad pkgs.unixtools.ping ]; + script = '' + while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null + do + echo "waiting eos" + done + sleep 0.1 + python -m eos_midi 10.1.1.2 + ''; + }; + environment.shellAliases = { + r = "systemctl restart launchpad.service"; + }; + + fonts.enableDefaultPackages = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "unstable"; # Did you read the comment? +} diff --git a/machines/rigel/bootloader.nix b/machines/rigel/bootloader.nix new file mode 100644 index 0000000..df2338f --- /dev/null +++ b/machines/rigel/bootloader.nix @@ -0,0 +1,4 @@ +{pkgs, ...}: { + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; +} diff --git a/machines/rigel/keys.keys b/machines/rigel/keys.keys new file mode 100644 index 0000000..08a95c6 --- /dev/null +++ b/machines/rigel/keys.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRA2W8T8rnWIn0xnP2LXSmmB92YuQygkLwLK60rpBG+ PLS@DESKTOP-KK74B9P diff --git a/machines/rigel/kfet_lauchpad_controller.nix b/machines/rigel/kfet_lauchpad_controller.nix new file mode 100644 index 0000000..86cd827 --- /dev/null +++ b/machines/rigel/kfet_lauchpad_controller.nix @@ -0,0 +1,37 @@ +{ lib +, buildPythonPackage +, fetchgit +, poetry +, lpminimk3 +, python-osc +}: + +buildPythonPackage rec { + pname = "kfet-launchpad-controller"; + version = "unstable"; + pyproject = true; + + src = fetchgit { + url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git"; + rev = "58f1086ca7a8a9258da7240987bf26c03182b152"; + hash = "sha256-c21BbRKK1AK6roIjdEg3zfMThyijRTK5Z87DBBBjoL0="; + }; + + nativeBuildInputs = [ + poetry + ]; + + propagatedBuildInputs = [ + lpminimk3 + python-osc + ]; + + pythonImportsCheck = [ "eos_midi" ]; + + meta = with lib; { + description = ""; + homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + }; +} diff --git a/machines/rigel/launchpad.nix b/machines/rigel/launchpad.nix new file mode 100644 index 0000000..23f91fe --- /dev/null +++ b/machines/rigel/launchpad.nix @@ -0,0 +1,39 @@ +{ lib +, buildPythonPackage +, fetchgit +, poetry-core +, lpminimk3 +, python-osc +}: + +buildPythonPackage rec { + pname = "kfet-launchpad-controller"; + version = "unstable"; + pyproject = true; + + src = fetchgit { + url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller"; + rev = "6d7df83cfd2f558d4837474ea101f98439a4f8c5"; + hash = "sha256-HkaR1+9NxvyRQ3+iP6pq3Wn6QT+qQRFJBvxHNH6qM0k="; + }; + + patches = [ ./launchpad.patch ]; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + lpminimk3 + python-osc + ]; + + pythonImportsCheck = [ "eos_midi" ]; + + meta = with lib; { + description = ""; + homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + }; +} diff --git a/machines/rigel/launchpad.patch b/machines/rigel/launchpad.patch new file mode 100644 index 0000000..7f2e441 --- /dev/null +++ b/machines/rigel/launchpad.patch @@ -0,0 +1,13 @@ +diff --git a/pyproject.toml b/pyproject.toml +index dd2e48c..48339c9 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -42,7 +42,7 @@ black = "*" + + + [build-system] +-requires = ["poetry>=1.7.1"] ++requires = ["poetry-core"] + build-backend = "poetry.core.masonry.api" + + [tool.isort] diff --git a/machines/rigel/lpminimk3.nix b/machines/rigel/lpminimk3.nix new file mode 100644 index 0000000..faf2a52 --- /dev/null +++ b/machines/rigel/lpminimk3.nix @@ -0,0 +1,42 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, setuptools +, wheel +, jsonschema +, python-rtmidi +, websockets +}: + +buildPythonPackage rec { + pname = "lpminimk3"; + version = "0.6.2"; + pyproject = true; + + src = fetchFromGitHub { + owner = "obeezzy"; + repo = "lpminimk3"; + rev = "v${version}"; + hash = "sha256-CVjBUKjLOFaIgCpwNIO/PJ55s7nQ0WMRKKqVS3xOI3g="; + }; + + nativeBuildInputs = [ + setuptools + wheel + ]; + + propagatedBuildInputs = [ + jsonschema + python-rtmidi + websockets + ]; + + pythonImportsCheck = [ "lpminimk3" ]; + + meta = with lib; { + description = "Python API for the Launchpad Mini MK3"; + homepage = "https://github.com/obeezzy/lpminimk3"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + }; +} diff --git a/machines/rigel/networking.nix b/machines/rigel/networking.nix new file mode 100644 index 0000000..c2d4208 --- /dev/null +++ b/machines/rigel/networking.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + pkgs, + ... +}: { + networking.useDHCP = false; + networking.firewall.allowedUDPPorts = [ 67 ]; + + systemd.network = { + enable = true; + networks = { + "10-uplink" = { + name = "end0"; + networkConfig = { + Address = "10.1.1.1/24"; + DHCPServer = "yes"; + IPMasquerade = "ipv4"; + }; + dhcpServerConfig = { + PoolOffset=100; + PoolSize=20; + UplinkInterface = ":none"; + EmitDNS="no"; + EmitNTP="no"; + EmitSIP="no"; + EmitRouter="no"; + }; + dhcpServerStaticLeases = [ + { + dhcpServerStaticLeaseConfig = { + Address = "10.1.1.2"; + MACAddress = "14:b3:1f:06:3c:2e"; + }; + } + ]; + }; + }; + }; + networking.nameservers = [ + "2620:fe::fe" + "2620:fe::9" + "9.9.9.9" + "149.112.112.112" + ]; +} diff --git a/machines/rigel/nix-conf.nix b/machines/rigel/nix-conf.nix new file mode 100644 index 0000000..f90ea4b --- /dev/null +++ b/machines/rigel/nix-conf.nix @@ -0,0 +1,14 @@ +{ + lib, + pkgs, + config, + metadata, + nodes, + name, + ... +}: { + nix.settings = { + trusted-users = ["root" "@wheel"]; + extra-experimental-features = ["nix-command" "flakes"]; + }; +} diff --git a/machines/rigel/programs.nix b/machines/rigel/programs.nix new file mode 100644 index 0000000..46861d9 --- /dev/null +++ b/machines/rigel/programs.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + lib, + ... +}: { + environment.systemPackages = with pkgs; [ + sqlite-web + dhcpdump + dig + git + htop + jq + nmap + npins + ripgrep + screen + tcpdump + unzip + vim + wireguard-tools + ]; + + programs.mtr.enable = true; + + programs.vim.defaultEditor = true; +} diff --git a/machines/rigel/ssh.nix b/machines/rigel/ssh.nix new file mode 100644 index 0000000..35829f0 --- /dev/null +++ b/machines/rigel/ssh.nix @@ -0,0 +1,4 @@ +{...}: { + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = true; +} diff --git a/machines/rigel/users.nix b/machines/rigel/users.nix new file mode 100644 index 0000000..91ce8a2 --- /dev/null +++ b/machines/rigel/users.nix @@ -0,0 +1,11 @@ +{...}: { + users.mutableUsers = false; + users.users.root = { + openssh.authorizedKeys.keyFiles = [ + ../../pubkeys/sinavir.keys + ../../pubkeys/soyouzpanda.keys + ./keys.keys + ]; + hashedPassword = "$y$j9T$p6Fe9Gm/C4iLIQBYXCjBn.$zLCzaxrsUDd4/2H5eTXqNch.bVJubrpZNOZgAZqbeV/"; + }; +} diff --git a/meta.nix b/meta.nix index 650c120..a0cf6d7 100644 --- a/meta.nix +++ b/meta.nix @@ -14,6 +14,12 @@ let }; imports = [agenix]; }; + rigel = { + deployment = { + targetHost = "10.1.1.1"; + }; + arch = "aarch64-linux"; + }; hackens-org = { deployment = { targetHost = "server1.hackens.org"; # todo make something with ens firewall