rigel: init (raspi-pls)

machines/rigel/README.md

@@ -0,0 +1,3 @@
+Put pls key in keys.keys
+
+Put pls mac in networking.nix

machines/rigel/_configuration.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: let
+  launchpad =
+    pkgs.python3.withPackages ( ps: [ (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix {}; })]);
+in
+  {
+  imports = [
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+    ./bootloader.nix
+    ./networking.nix
+    ./nix-conf.nix
+    ./programs.nix
+    ./ssh.nix
+    ./users.nix
+  ];
+
+  nix.settings.substituters = lib.mkForce [];
+
+
+  networking.hostName = "rigel"; # Define your hostname.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  environment.systemPackages = [
+    launchpad
+  ];
+
+  systemd.services.launchpad = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    path = [ launchpad pkgs.unixtools.ping ];
+    script = ''
+      while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null
+      do
+          echo "waiting eos"
+      done
+      sleep 0.1
+      python -m eos_midi 10.1.1.2
+      '';
+  };
+  environment.shellAliases = {
+    r = "systemctl restart launchpad.service";
+  };
+
+  fonts.enableDefaultPackages = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "unstable"; # Did you read the comment?
+}

machines/rigel/bootloader.nix

@@ -0,0 +1,4 @@
+{pkgs, ...}: {
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+}

machines/rigel/keys.keys

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRA2W8T8rnWIn0xnP2LXSmmB92YuQygkLwLK60rpBG+ PLS@DESKTOP-KK74B9P

machines/rigel/kfet_lauchpad_controller.nix

@@ -0,0 +1,37 @@
+{ lib
+, buildPythonPackage
+, fetchgit
+, poetry
+, lpminimk3
+, python-osc
+}:
+
+buildPythonPackage rec {
+  pname = "kfet-launchpad-controller";
+  version = "unstable";
+  pyproject = true;
+
+  src = fetchgit {
+    url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
+    rev = "58f1086ca7a8a9258da7240987bf26c03182b152";
+    hash = "sha256-c21BbRKK1AK6roIjdEg3zfMThyijRTK5Z87DBBBjoL0=";
+  };
+
+  nativeBuildInputs = [
+    poetry
+  ];
+
+  propagatedBuildInputs = [
+    lpminimk3
+    python-osc
+  ];
+
+  pythonImportsCheck = [ "eos_midi" ];
+
+  meta = with lib; {
+    description = "";
+    homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+  };
+}

machines/rigel/launchpad.nix

@@ -0,0 +1,39 @@
+{ lib
+, buildPythonPackage
+, fetchgit
+, poetry-core
+, lpminimk3
+, python-osc
+}:
+
+buildPythonPackage rec {
+  pname = "kfet-launchpad-controller";
+  version = "unstable";
+  pyproject = true;
+
+  src = fetchgit {
+    url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
+    rev = "6d7df83cfd2f558d4837474ea101f98439a4f8c5";
+    hash = "sha256-HkaR1+9NxvyRQ3+iP6pq3Wn6QT+qQRFJBvxHNH6qM0k=";
+  };
+
+  patches = [ ./launchpad.patch ];
+
+  nativeBuildInputs = [
+    poetry-core
+  ];
+
+  propagatedBuildInputs = [
+    lpminimk3
+    python-osc
+  ];
+
+  pythonImportsCheck = [ "eos_midi" ];
+
+  meta = with lib; {
+    description = "";
+    homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+  };
+}

machines/rigel/launchpad.patch

@@ -0,0 +1,13 @@
+diff --git a/pyproject.toml b/pyproject.toml
+index dd2e48c..48339c9 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -42,7 +42,7 @@ black = "*"
+ 
+ 
+ [build-system]
+-requires = ["poetry>=1.7.1"]
++requires = ["poetry-core"]
+ build-backend = "poetry.core.masonry.api"
+ 
+ [tool.isort]

machines/rigel/lpminimk3.nix

@@ -0,0 +1,42 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, setuptools
+, wheel
+, jsonschema
+, python-rtmidi
+, websockets
+}:
+
+buildPythonPackage rec {
+  pname = "lpminimk3";
+  version = "0.6.2";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "obeezzy";
+    repo = "lpminimk3";
+    rev = "v${version}";
+    hash = "sha256-CVjBUKjLOFaIgCpwNIO/PJ55s7nQ0WMRKKqVS3xOI3g=";
+  };
+
+  nativeBuildInputs = [
+    setuptools
+    wheel
+  ];
+
+  propagatedBuildInputs = [
+    jsonschema
+    python-rtmidi
+    websockets
+  ];
+
+  pythonImportsCheck = [ "lpminimk3" ];
+
+  meta = with lib; {
+    description = "Python API for the Launchpad Mini MK3";
+    homepage = "https://github.com/obeezzy/lpminimk3";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+  };
+}

machines/rigel/networking.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  networking.useDHCP = false;
+  networking.firewall.allowedUDPPorts = [ 67 ];
+
+  systemd.network = {
+    enable = true;
+    networks = {
+      "10-uplink" = {
+        name = "end0";
+        networkConfig = {
+          Address = "10.1.1.1/24";
+          DHCPServer = "yes";
+          IPMasquerade = "ipv4";
+        };
+        dhcpServerConfig = {
+          PoolOffset=100;
+          PoolSize=20;
+          UplinkInterface = ":none";
+          EmitDNS="no";
+          EmitNTP="no";
+          EmitSIP="no";
+          EmitRouter="no";
+        };
+        dhcpServerStaticLeases = [
+          {
+            dhcpServerStaticLeaseConfig = {
+              Address = "10.1.1.2";
+              MACAddress = "14:b3:1f:06:3c:2e";
+            };
+          }
+        ];
+      };
+    };
+  };
+  networking.nameservers = [
+    "2620:fe::fe"
+    "2620:fe::9"
+    "9.9.9.9"
+    "149.112.112.112"
+  ];
+}

machines/rigel/nix-conf.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  pkgs,
+  config,
+  metadata,
+  nodes,
+  name,
+  ...
+}: {
+  nix.settings = {
+    trusted-users = ["root" "@wheel"];
+    extra-experimental-features = ["nix-command" "flakes"];
+  };
+}

machines/rigel/programs.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    sqlite-web
+    dhcpdump
+    dig
+    git
+    htop
+    jq
+    nmap
+    npins
+    ripgrep
+    screen
+    tcpdump
+    unzip
+    vim
+    wireguard-tools
+  ];
+
+  programs.mtr.enable = true;
+
+  programs.vim.defaultEditor = true;
+}

machines/rigel/ssh.nix

@@ -0,0 +1,4 @@
+{...}: {
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = true;
+}

machines/rigel/users.nix

@@ -0,0 +1,11 @@
+{...}: {
+  users.mutableUsers = false;
+  users.users.root = {
+    openssh.authorizedKeys.keyFiles = [
+      ../../pubkeys/sinavir.keys
+      ../../pubkeys/soyouzpanda.keys
+      ./keys.keys
+    ];
+    hashedPassword = "$y$j9T$p6Fe9Gm/C4iLIQBYXCjBn.$zLCzaxrsUDd4/2H5eTXqNch.bVJubrpZNOZgAZqbeV/";
+  };
+}

meta.nix

@@ -14,6 +14,12 @@ let
         };
         imports = [agenix];
       };
+      rigel = {
+        deployment = {
+          targetHost = "10.1.1.1";
+        };
+        arch = "aarch64-linux";
+      };
       hackens-org = {
         deployment = {
           targetHost = "server1.hackens.org"; # todo make something with ens firewall