diff --git a/Justfile b/Justfile index 1a30f59f..462e2f03 100644 --- a/Justfile +++ b/Justfile @@ -202,10 +202,18 @@ aarch: colmena apply --on '@aarch' --verbose --show-trace suzu: - colmena apply --on '@suzu' --verbose --show-trace + colmena apply --on '@suzu' --build-on-target --verbose --show-trace -suzu-debug: - colmena apply --on '@suzu' --verbose --show-trace +suzu-local mode="default": + use utils.nu *; \ + nixos-switch suzu {{mode}} + +rakushun: + colmena apply --on '@rakushun' --build-on-target --verbose --show-trace + +rakushun-local mode="default": + use utils.nu *; \ + nixos-switch rakushun {{mode}} ############################################################################ # diff --git a/_img/2024-03-07_orangepi5_suzu.webp b/_img/2024-03-07_orangepi5_suzu.webp new file mode 100644 index 00000000..66a25d43 Binary files /dev/null and b/_img/2024-03-07_orangepi5_suzu.webp differ diff --git a/_img/2024-03-07_orangepi5plus_rakushun.webp b/_img/2024-03-07_orangepi5plus_rakushun.webp new file mode 100644 index 00000000..bbb5bc28 Binary files /dev/null and b/_img/2024-03-07_orangepi5plus_rakushun.webp differ diff --git a/flake.lock b/flake.lock index bc1dd12b..8a5d7eed 100644 --- a/flake.lock +++ b/flake.lock @@ -773,6 +773,21 @@ "type": "github" } }, + "nixlib_2": { + "locked": { + "lastModified": 1709426687, + "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -794,6 +809,28 @@ "type": "github" } }, + "nixos-generators_2": { + "inputs": { + "nixlib": "nixlib_2", + "nixpkgs": [ + "nixos-rk3588", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709557527, + "narHash": "sha256-PV8oYqhTHX6FGZMQ1m5dhRuS914AhofPwgnAMhUZtwE=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d048d6fc4bada612ff08d4b9d5edc48d45389431", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1707842204, @@ -831,15 +868,16 @@ "nixos-rk3588": { "inputs": { "flake-utils": "flake-utils_5", + "nixos-generators": "nixos-generators_2", "nixpkgs": "nixpkgs_5", "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { - "lastModified": 1709478567, - "narHash": "sha256-cfY5vuB9B5KdiVIzdHelldxfOcag/wPPTcbERQpzULs=", + "lastModified": 1709742375, + "narHash": "sha256-UxXWq1k5KLKZJjCz34yMZt69Tlpz41fIxLTHLL1GVN4=", "owner": "ryan4yin", "repo": "nixos-rk3588", - "rev": "0eea4e4cf05f997833e5cd7c48847c83e0c5b193", + "rev": "3a492b825532656b5f1b9f26cc9668ecd64c0189", "type": "github" }, "original": { diff --git a/hosts/12kingdoms_rakushun/README.md b/hosts/12kingdoms_rakushun/README.md new file mode 100644 index 00000000..ddecf435 --- /dev/null +++ b/hosts/12kingdoms_rakushun/README.md @@ -0,0 +1,119 @@ +# Rakushun - Orange Pi 5 Plus + +LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus. + +## Showcases + +![](../../_img/2024-03-07_orangepi5plus_rakushun.webp) + +Disk layout: + +```bash +[ryan@rakushun:~]$ lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 1 58.6G 0 disk +└─sda1 8:1 1 487M 0 part +mtdblock0 31:0 0 16M 0 disk +zram0 254:0 0 0B 0 disk +nvme0n1 259:0 0 1.8T 0 disk +├─nvme0n1p1 259:1 0 630M 0 part /boot +└─nvme0n1p2 259:2 0 1.8T 0 part + └─crypted 253:0 0 1.8T 0 crypt /tmp + /swap + /snapshots + /home + /nix/store + /var/lib + /nix + / +``` + +CPU info: + +```bash +[ryan@rakushun:~]$ lscpu +Architecture: aarch64 + CPU op-mode(s): 32-bit, 64-bit + Byte Order: Little Endian +CPU(s): 8 + On-line CPU(s) list: 0-7 +Vendor ID: ARM + Model name: Cortex-A55 + Model: 0 + Thread(s) per core: 1 + Core(s) per socket: 4 + Socket(s): 1 + Stepping: r2p0 + CPU(s) scaling MHz: 67% + CPU max MHz: 1800.0000 + CPU min MHz: 408.0000 + BogoMIPS: 48.00 + Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp + Model name: Cortex-A76 + Model: 0 + Thread(s) per core: 1 + Core(s) per socket: 2 + Socket(s): 2 + Stepping: r4p0 + CPU(s) scaling MHz: 18% + CPU max MHz: 2256.0000 + CPU min MHz: 408.0000 + BogoMIPS: 48.00 + Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp +Caches (sum of all): + L1d: 384 KiB (8 instances) + L1i: 384 KiB (8 instances) + L2: 2.5 MiB (8 instances) + L3: 3 MiB (1 instance) +``` + +## How to install NixOS on Orange Pi 5 Plus + +### 1. Prepare a USB LUKS key + +Generate LUKS keyfile to encrypt the root partition, it's used by disko. + +```bash +# partition the usb stick +DEV=/dev/sdX +parted ${DEV} -- mklabel gpt +parted ${DEV} -- mkpart OPI5P_DSC fat32 0% 512MB +mkfs.fat -F 32 -n OPI5P_DSC ${DEV}1 + +# Generate a keyfile from the true random number generator +KEYFILE=./orangepi5plus-luks-keyfile +dd bs=512 count=64 iflag=fullblock if=/dev/random of=$KEYFILE + +# copy the keyfile and token to the usb stick +KEYFILE=./orangepi5plus-luks-keyfile +DEVICE=/dev/disk/by-label/OPI5P_DSC +# seek=128 skip N obs-sized output blocks to avoid overwriting the filesystem header +dd bs=512 count=64 iflag=fullblock seek=128 if=$KEYFILE of=$DEVICE +``` + +### 2. Partition the SSD & install NixOS via disko + +First, follow [UEFI - ryan4yin/nixos-rk3588](https://github.com/ryan4yin/nixos-rk3588/blob/main/UEFI.md) to install UEFI bootloader and boot into NixOS live environment via a USB stick. + +Then, run the following commands: + +```bash +# transfer the nix-config to the target machine +rsync -avzP ~/nix-config rk@:/home/rk/ + +# login via ssh +ssh rk@ + +cd ~/nix-config/hosts/12kingdoms_rakushun +# 1. change the disk device path in ./disko-fs.nix to the disk you want to use +# 2. partition & format the disk via disko +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./disko-fs.nix + + +cd ~/nix-config +# install nixos +# NOTE: the root password you set here will be discarded when reboot +sudo nixos-install --root /mnt --flake .#rakushun --no-root-password --show-trace --verbose +``` + + diff --git a/hosts/12kingdoms_rakushun/default.nix b/hosts/12kingdoms_rakushun/default.nix new file mode 100644 index 00000000..eeb3fbf5 --- /dev/null +++ b/hosts/12kingdoms_rakushun/default.nix @@ -0,0 +1,48 @@ +{ + disko, + nixos-rk3588, + vars_networking, + ... +}: +############################################################# +# +# Suzu - Orange Pi 5 Plus, RK3588 + 16GB RAM +# +############################################################# +let + hostName = "rakushun"; # Define your hostname. + hostAddress = vars_networking.hostAddress.${hostName}; +in { + imports = [ + # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware + nixos-rk3588.nixosModules.orangepi5plus.core + disko.nixosModules.default + ./disko-fs.nix + ./hardware-configuration.nix + ]; + + networking = { + inherit hostName; + inherit (vars_networking) defaultGateway nameservers; + + networkmanager.enable = false; + # RJ45 port 1 + interfaces.enP4p65s0 = { + useDHCP = false; + ipv4.addresses = [hostAddress]; + }; + # RJ45 port 2 + # interfaces.enP3p49s0 = { + # useDHCP = false; + # ipv4.addresses = [hostAddress]; + # }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/12kingdoms_rakushun/disko-fs.nix b/hosts/12kingdoms_rakushun/disko-fs.nix new file mode 100644 index 00000000..5780db4c --- /dev/null +++ b/hosts/12kingdoms_rakushun/disko-fs.nix @@ -0,0 +1,98 @@ +{ + disko.devices = { + # TODO: rename to nvme0n1 + disk.sda = { + type = "disk"; + # When using disko-install, we will overwrite this value from the commandline + device = "/dev/nvme0n1"; # The device to partition + content = { + type = "gpt"; + partitions = { + # The EFI & Boot partition + ESP = { + size = "630M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + # The root partition + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings = { + keyFile = "/dev/disk/by-label/OPI5P_DSC"; # The keyfile is stored on a USB stick + # The maxium size of the keyfile is 8192 bytes + keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command + keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command + fallbackToPassword = true; + allowDiscards = true; + }; + # Whether to add a boot.initrd.luks.devices entry for the specified disk. + initrdUnlock = true; + + # encrypt the root partition with luks2 and argon2id, will prompt for a passphrase, which will be used to unlock the partition. + # cryptsetup luksFormat + extraFormatArgs = [ + "--type luks2" + "--cipher aes-xts-plain64" + "--hash sha512" + "--iter-time 5000" + "--key-size 256" + "--pbkdf argon2id" + # use true random data from /dev/random, will block until enough entropy is available + "--use-random" + ]; + extraOpenArgs = [ + "--timeout 10" + ]; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + # TODO: tmpfs on root + "@root" = { + mountpoint = "/"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = ["compress-force=zstd:1"]; + }; + "@lib" = { + mountpoint = "/var/lib"; + mountOptions = ["compress-force=zstd:1"]; + }; + + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@tmp" = { + mountpoint = "/tmp"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@snapshots" = { + mountpoint = "/snapshots"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "16384M"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/12kingdoms_rakushun/hardware-configuration.nix b/hosts/12kingdoms_rakushun/hardware-configuration.nix new file mode 100644 index 00000000..ea194483 --- /dev/null +++ b/hosts/12kingdoms_rakushun/hardware-configuration.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.loader = { + # depending on how you configured your disk mounts, change this to /boot or /boot/efi. + efi.efiSysMountPoint = "/boot/"; + efi.canTouchEfiVariables = true; + # do not use systemd-boot here, it has problems when running `nixos-install` + grub = { + device = "nodev"; + efiSupport = true; + }; + }; + # clear /tmp on boot to get a stateless /tmp directory. + boot.tmp.cleanOnBoot = true; + + boot.initrd.availableKernelModules = ["nvme" "usbhid" "usb_storage"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enP3p49s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enP4p65s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/12kingdoms_suzu/README.md b/hosts/12kingdoms_suzu/README.md new file mode 100644 index 00000000..a74307b4 --- /dev/null +++ b/hosts/12kingdoms_suzu/README.md @@ -0,0 +1,120 @@ +# Suzu - Orange Pi 5 + +LUKS encrypted SSD for NixOS, on Orange Pi 5. + + +## Showcases + +![](../../_img/2024-03-07_orangepi5_suzu.webp) + +Disk layout: + +```bash +[ryan@suzu:~]$ lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 1 58.6G 0 disk +└─sda1 8:1 1 486M 0 part +mtdblock0 31:0 0 16M 0 disk +zram0 254:0 0 0B 0 disk +nvme0n1 259:0 0 238.5G 0 disk +├─nvme0n1p1 259:1 0 630M 0 part /boot +└─nvme0n1p2 259:2 0 237.9G 0 part + └─crypted 253:0 0 237.8G 0 crypt /tmp + /snapshots + /swap + /home + /nix/store + /var/lib + /nix + / +``` + +CPU info: + +```bash +[ryan@suzu:~]$ lscpu +Architecture: aarch64 + CPU op-mode(s): 32-bit, 64-bit + Byte Order: Little Endian +CPU(s): 8 + On-line CPU(s) list: 0-7 +Vendor ID: ARM + Model name: Cortex-A55 + Model: 0 + Thread(s) per core: 1 + Core(s) per socket: 4 + Socket(s): 1 + Stepping: r2p0 + CPU(s) scaling MHz: 56% + CPU max MHz: 1800.0000 + CPU min MHz: 408.0000 + BogoMIPS: 48.00 + Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp + Model name: Cortex-A76 + Model: 0 + Thread(s) per core: 1 + Core(s) per socket: 2 + Socket(s): 2 + Stepping: r4p0 + CPU(s) scaling MHz: 18% + CPU max MHz: 2256.0000 + CPU min MHz: 408.0000 + BogoMIPS: 48.00 + Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp +Caches (sum of all): + L1d: 384 KiB (8 instances) + L1i: 384 KiB (8 instances) + L2: 2.5 MiB (8 instances) + L3: 3 MiB (1 instance) +``` + +## How to install NixOS on Orange Pi 5 + +### 1. Prepare a USB LUKS key + +Generate LUKS keyfile to encrypt the root partition, it's used by disko. + +```bash +# partition the usb stick +DEV=/dev/sdX +parted ${DEV} -- mklabel gpt +parted ${DEV} -- mkpart primary 2M 512MB +mkfs.fat -F 32 -n OPI5_DSC ${DEV}1 + + +# Generate a keyfile from the true random number generator +KEYFILE=./orangepi5-luks-keyfile +dd bs=512 count=64 iflag=fullblock if=/dev/random of=$KEYFILE + +# copy the keyfile and token to the usb stick +KEYFILE=./orangepi5-luks-keyfile +DEVICE=/dev/disk/by-label/OPI5_DSC +# seek=128 skip N obs-sized output blocks to avoid overwriting the filesystem header +dd bs=512 count=64 iflag=fullblock seek=128 if=$KEYFILE of=$DEVICE +``` + +### 2. Partition the SSD & install NixOS via disko + +First, follow [UEFI - ryan4yin/nixos-rk3588](https://github.com/ryan4yin/nixos-rk3588/blob/main/UEFI.md) to install UEFI bootloader and boot into NixOS live environment via a USB stick. + +Then, run the following commands: + +```bash +# login via ssh +ssh rk@ + +git clone https://github.com/ryan4yin/nix-config.git + +cd ~/nix-config/hosts/12kingdoms_suzu +# 1. change the disk device path in ./disko-fs.nix to the disk you want to use +# 2. partition & format the disk via disko +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./disko-fs.nix + + +cd ~/nix-config +# install nixos +# NOTE: the root password you set here will be discarded when reboot +sudo nixos-install --root /mnt --flake .#suzu --no-root-password --show-trace --verbose +``` + + diff --git a/hosts/12kingdoms_suzu/default.nix b/hosts/12kingdoms_suzu/default.nix index 127534f3..5a57b742 100644 --- a/hosts/12kingdoms_suzu/default.nix +++ b/hosts/12kingdoms_suzu/default.nix @@ -1,11 +1,12 @@ { + disko, nixos-rk3588, vars_networking, ... }: ############################################################# # -# Suzu - Orange Pi 5, RK3588s +# Suzu - Orange Pi 5 Plus, RK3588 + 16GB RAM # ############################################################# let @@ -14,7 +15,10 @@ let in { imports = [ # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware - nixos-rk3588.nixosModules.orangepi5 + nixos-rk3588.nixosModules.orangepi5plus.core + disko.nixosModules.default + ./disko-fs.nix + ./hardware-configuration.nix ]; networking = { diff --git a/hosts/12kingdoms_suzu/disko-fs.nix b/hosts/12kingdoms_suzu/disko-fs.nix new file mode 100644 index 00000000..c2be3d41 --- /dev/null +++ b/hosts/12kingdoms_suzu/disko-fs.nix @@ -0,0 +1,98 @@ +{ + disko.devices = { + # TODO: rename to nvme0n1 + disk.sda = { + type = "disk"; + # When using disko-install, we will overwrite this value from the commandline + device = "/dev/nvme0n1"; # The device to partition + content = { + type = "gpt"; + partitions = { + # The EFI & Boot partition + ESP = { + size = "630M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + # The root partition + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings = { + keyFile = "/dev/disk/by-label/OPI5_DSC"; # The keyfile is stored on a USB stick + # The maxium size of the keyfile is 8192 bytes + keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command + keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command + fallbackToPassword = true; + allowDiscards = true; + }; + # Whether to add a boot.initrd.luks.devices entry for the specified disk. + initrdUnlock = true; + + # encrypt the root partition with luks2 and argon2id, will prompt for a passphrase, which will be used to unlock the partition. + # cryptsetup luksFormat + extraFormatArgs = [ + "--type luks2" + "--cipher aes-xts-plain64" + "--hash sha512" + "--iter-time 5000" + "--key-size 256" + "--pbkdf argon2id" + # use true random data from /dev/random, will block until enough entropy is available + "--use-random" + ]; + extraOpenArgs = [ + "--timeout 10" + ]; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + # TODO: tmpfs on root + "@root" = { + mountpoint = "/"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = ["compress-force=zstd:1"]; + }; + "@lib" = { + mountpoint = "/var/lib"; + mountOptions = ["compress-force=zstd:1"]; + }; + + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@tmp" = { + mountpoint = "/tmp"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@snapshots" = { + mountpoint = "/snapshots"; + mountOptions = ["compress-force=zstd:1" "noatime"]; + }; + "@swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "8192M"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/12kingdoms_suzu/hardware-configuration.nix b/hosts/12kingdoms_suzu/hardware-configuration.nix new file mode 100644 index 00000000..ea194483 --- /dev/null +++ b/hosts/12kingdoms_suzu/hardware-configuration.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.loader = { + # depending on how you configured your disk mounts, change this to /boot or /boot/efi. + efi.efiSysMountPoint = "/boot/"; + efi.canTouchEfiVariables = true; + # do not use systemd-boot here, it has problems when running `nixos-install` + grub = { + device = "nodev"; + efiSupport = true; + }; + }; + # clear /tmp on boot to get a stateless /tmp directory. + boot.tmp.cleanOnBoot = true; + + boot.initrd.availableKernelModules = ["nvme" "usbhid" "usb_storage"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enP3p49s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enP4p65s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/README.md b/hosts/README.md index a255dcec..dd754025 100644 --- a/hosts/README.md +++ b/hosts/README.md @@ -6,17 +6,18 @@ 2. `idols` 1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. 2. `aquamarine`: My NixOS virtual machine as a router(IPv4 only) with a tranparent proxy to bypass the G|F|W. - 4. `ruby`: Another NixOS VM running operation and maintenance related services, such as prometheus, grafana, restic, etc. - 3. `kana`: Yet another NixOS VM running some common applications, such as hompage, file browser, torrent downloader, etc. + 3. `ruby`: Another NixOS VM running operation and maintenance related services, such as prometheus, grafana, restic, etc. + 4. `kana`: Yet another NixOS VM running some common applications, such as hompage, file browser, torrent downloader, etc. 3. Homelab: 1. `tailscale_gw`: A tailscale subnet router(gateway) for accessing my homelab remotely. NixOS VM running on Proxmox. 4. `rolling_girls`: My RISCV64 hosts. 1. `nozomi`: Lichee Pi 4A, TH1520(4xC910@2.0G), 8GB RAM + 32G eMMC + 64G SD Card. 2. `yukina`: Lichee Pi 4A(Internal Test Version), TH1520(4xC910@2.0G), 8GB RAM + 8G eMMC + 128G SD Card. 3. `chiaya`: Milk-V Mars, JH7110(4xU74@1.5 GHz), 4G RAM + No eMMC + 64G SD Card. -5. `12kingdoms`: +5. `12kingdoms`: 1. `shoukei`: NixOS on Macbook Pro 2020 Intel i5, 13.3-inch, 16G RAM + 512G SSD. 1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM + 256G SSD. + 1. `rakushun`: Orange Pi 5 Plus, RK3588(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 16G RAM + 2T SSD. 6. `kubernetes`: My Kubernetes Cluster ## idols - Oshi no Ko @@ -29,7 +30,6 @@ My All RISCV64 hosts. ![](/_img/nixos-riscv-cluster.webp) - ## Distributed Building I usually run the build command on `Ai` and nix will distribute the build to other NixOS machines, which is convenient and fast. @@ -40,7 +40,6 @@ When building some packages for riscv64 or aarch64, I often have no cache availa ![](/_img/nix-distributed-building-log.webp) - ## References [Oshi no Ko 【推しの子】 - Wikipedia](https://en.wikipedia.org/wiki/Oshi_no_Ko): diff --git a/modules/nixos/base/packages.nix b/modules/nixos/base/packages.nix index b3058208..9c5f2bdc 100644 --- a/modules/nixos/base/packages.nix +++ b/modules/nixos/base/packages.nix @@ -18,6 +18,7 @@ iftop btop nmon + sysbench # system tools psmisc # killall/pstree/prtstat/fuser/... diff --git a/modules/nixos/server/server-aarch64.nix b/modules/nixos/server/server-aarch64.nix index 0e7dd8dd..2f05c050 100644 --- a/modules/nixos/server/server-aarch64.nix +++ b/modules/nixos/server/server-aarch64.nix @@ -15,6 +15,7 @@ ../../base.nix ]; + boot.loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry # Fix: jasper is marked as broken, refusing to evaluate. environment.enableAllTerminfo = lib.mkForce false; } diff --git a/modules/nixos/server/server-riscv64.nix b/modules/nixos/server/server-riscv64.nix index 8796e440..3b9c2e06 100644 --- a/modules/nixos/server/server-riscv64.nix +++ b/modules/nixos/server/server-riscv64.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{lib, ...}: { # ========================================================================= # Base NixOS Configuration # ========================================================================= @@ -14,4 +14,6 @@ ../../base.nix ]; + + boot.loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry } diff --git a/nixos-installer/README.md b/nixos-installer/README.md index 7bf5d618..717e4979 100644 --- a/nixos-installer/README.md +++ b/nixos-installer/README.md @@ -200,11 +200,11 @@ rm -rf /mnt/etc # install nixos # NOTE: the root password you set here will be discarded when reboot -nixos-install --root /mnt --flake .#ai --no-root-password --show-trace # instlall-1 +nixos-install --root /mnt --flake .#ai --no-root-password --show-trace --verbose # instlall-1 # if you want to use a cache mirror, run this command instead # replace the mirror url with your own -nixos-install --root /mnt --flake .#ai --no-root-password --show-trace --option substituters "https://mirror.sjtu.edu.cn/nix-channels/store" # install-2 +nixos-install --root /mnt --flake .#ai --no-root-password --show-trace --verbose --option substituters "https://mirror.sjtu.edu.cn/nix-channels/store" # install-2 # enter into the installed system, check password & users # `su ryan` => `sudo -i` => enter ryan's password => successfully login diff --git a/nixos-installer/README.shoukei.md b/nixos-installer/README.shoukei.md index d6f15f89..1ad64558 100755 --- a/nixos-installer/README.shoukei.md +++ b/nixos-installer/README.shoukei.md @@ -180,11 +180,11 @@ rm -rf /mnt/etc # install nixos # NOTE: the root password you set here will be discarded when reboot -nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace # install-1 +nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace --verbose # install-1 # if you want to use a cache mirror, run this command instead # replace the mirror url with your own -nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace --option substituters "https://mirror.sjtu.edu.cn/nix-channels/store" # install-2 +nixos-install --root /mnt --flake .#shoukei --no-root-password --show-trace --verbose --option substituters "https://mirror.ustc.edu.cn/nix-channels/store" # install-2 # enter into the installed system, check password & users # `su ryan` => `sudo -i` => enter ryan's password => successfully login diff --git a/systems/colmena.nix b/systems/colmena.nix index b1ea9556..4e830ccb 100644 --- a/systems/colmena.nix +++ b/systems/colmena.nix @@ -27,14 +27,22 @@ with allSystemAttrs; let }; # aarch64 related - # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache. - rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;}; - rk3588_specialArgs = { - inherit username userfullname useremail; + rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = aarch64_system;}; + # aarch64 related + rk3588_specialArgs = let + # using the same nixpkgs as nixos-rk3588 inherit (nixos-rk3588.inputs) nixpkgs; - # Provide rk3588 inputs as special argument - rk3588 = nixos-rk3588.inputs; - }; + # use aarch64-linux's native toolchain + pkgsKernel = import nixpkgs { + system = aarch64_system; + }; + in + allSystemSpecialArgs.aarch64_system + // { + inherit nixpkgs; + # Provide rk3588 inputs as special argument + rk3588 = {inherit nixpkgs pkgsKernel;}; + }; rk3588_base_args = { inherit home-manager; inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable @@ -55,6 +63,7 @@ in { # aarch64 SBCs suzu = rk3588_specialArgs; + rakushun = rk3588_specialArgs; }; nodeNixpkgs = { nozomi = lpi4a_pkgs; @@ -62,6 +71,7 @@ in { # aarch64 SBCs suzu = rk3588_pkgs; + rakushun = rk3588_pkgs; }; }; @@ -137,5 +147,10 @@ in { _12kingdoms_suzu_modules {host_tags = _12kingdoms_suzu_tags;} ]); + rakushun = colmenaSystem (attrs.mergeAttrsList [ + rk3588_base_args + _12kingdoms_rakushun_modules + {host_tags = _12kingdoms_rakushun_tags;} + ]); }; } diff --git a/systems/nixos.nix b/systems/nixos.nix index 32b738cf..d3168d67 100644 --- a/systems/nixos.nix +++ b/systems/nixos.nix @@ -8,6 +8,28 @@ with allSystemAttrs; let system = x64_system; specialArgs = allSystemSpecialArgs.x64_system; }; + + # aarch64 related + rk3588_specialArgs = let + # using the same nixpkgs as nixos-rk3588 + inherit (nixos-rk3588.inputs) nixpkgs; + # use aarch64-linux's native toolchain + pkgsKernel = import nixpkgs { + system = aarch64_system; + }; + in + allSystemSpecialArgs.aarch64_system + // { + inherit nixpkgs; + # Provide rk3588 inputs as special argument + rk3588 = {inherit nixpkgs pkgsKernel;}; + }; + rk3588_base_args = { + inherit home-manager nixos-generators; + inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable + system = aarch64_system; + specialArgs = rk3588_specialArgs; + }; in { nixosConfigurations = { # ai with i3 window manager @@ -32,9 +54,12 @@ in { k3s_prod_1_worker_3 = nixosSystem (k3s_prod_1_worker_3_modules // base_args); tailscale_gw = nixosSystem (homelab_tailscale_gw_modules // base_args); + + # aarch64 hosts + suzu = nixosSystem (_12kingdoms_suzu_modules // rk3588_base_args); + rakushun = nixosSystem (_12kingdoms_rakushun_modules // rk3588_base_args); }; - # take system images for idols # https://github.com/nix-community/nixos-generators packages."${x64_system}" = attrs.mergeAttrsList [ ( diff --git a/systems/vars.nix b/systems/vars.nix index 13f0155f..02816edb 100644 --- a/systems/vars.nix +++ b/systems/vars.nix @@ -246,14 +246,21 @@ in { nixos-modules = [ ../hosts/12kingdoms_suzu ../modules/nixos/server/server-aarch64.nix - - # cross-compilation this flake. - {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";} ]; # home-module.imports = []; }; _12kingdoms_suzu_tags = ["aarch" "suzu"]; + # 楽俊, Rakushun + _12kingdoms_rakushun_modules = { + nixos-modules = [ + ../hosts/12kingdoms_rakushun + ../modules/nixos/server/server-aarch64.nix + ]; + # home-module.imports = []; + }; + _12kingdoms_rakushun_tags = ["aarch" "rakushun"]; + # Shoukei (祥瓊, Shōkei) _12kingdoms_shoukei_modules_i3 = { nixos-modules = diff --git a/systems/vars_networking.nix b/systems/vars_networking.nix index 01ce11e0..32841d0e 100644 --- a/systems/vars_networking.nix +++ b/systems/vars_networking.nix @@ -28,6 +28,7 @@ "kubevirt-shoryu" = "192.168.5.176"; "kubevirt-shushou" = "192.168.5.177"; "kubevirt-youko" = "192.168.5.178"; + "rakushun" = "192.168.5.179"; "tailscale-gw" = "192.168.5.192"; };