diff --git a/Makefile b/Makefile index 07ba9337..fba181c8 100644 --- a/Makefile +++ b/Makefile @@ -68,7 +68,10 @@ add-idols-ssh-key: ssh-add ~/.ssh/ai-idols idols: add-idols-ssh-key - colmena apply --on '@dist-build' --show-trace + colmena apply --on '@dist-build' + +idols-debug: add-idols-ssh-key + colmena apply --on '@dist-build' --verbose --show-trace # only used once to setup the virtual machines idols-image: @@ -82,6 +85,12 @@ idols-image: nom build .#kana scp result root@um560:/var/lib/vz/dump/vzdump-qemu-kana.vma.zst +roll: add-idols-ssh-key + colmena apply --on '@riscv' + +roll-debug: add-idols-ssh-key + colmena apply --on '@dist-build' --verbose --show-trace + ############################################################################ # diff --git a/flake.lock b/flake.lock index bad0a760..03f1ec2c 100644 --- a/flake.lock +++ b/flake.lock @@ -461,7 +461,7 @@ "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -514,6 +514,25 @@ "type": "github" } }, + "nixos-licheepi4a": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "thead-kernel": "thead-kernel" + }, + "locked": { + "lastModified": 1692112611, + "narHash": "sha256-dJMd6drX1EISxlrPOdl50cHS2PKkDaEgpq8f3b3wVnA=", + "owner": "ryan4yin", + "repo": "nixos-licheepi4a", + "rev": "d7775148caf626c19fea91c52c5d95140f60e917", + "type": "github" + }, + "original": { + "owner": "ryan4yin", + "repo": "nixos-licheepi4a", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1677676435, @@ -582,7 +601,7 @@ "flake-compat": "flake-compat", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs_sirula": "nixpkgs_sirula" }, "locked": { @@ -616,6 +635,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1691280485, + "narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "240472b7e47a641e9e7675f58b64d3626ca7824d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1691693223, "narHash": "sha256-9t8ZY1XNAsWqxAJmXgg+GXqF5chORMVnBT6PSHaRV3I=", @@ -631,7 +666,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1691629382, "narHash": "sha256-6bil2OX12qy2CD6dLDxSTKRu6aUKRZfT/Qw3pg1050Q=", @@ -647,7 +682,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1691654369, "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", @@ -715,7 +750,8 @@ "mysecrets": "mysecrets", "nix-darwin": "nix-darwin", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3", + "nixos-licheepi4a": "nixos-licheepi4a", + "nixpkgs": "nixpkgs_4", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-wayland": "nixpkgs-wayland", @@ -738,6 +774,23 @@ "type": "github" } }, + "thead-kernel": { + "flake": false, + "locked": { + "lastModified": 1687607314, + "narHash": "sha256-9R+XY18uDuMWjVzLkg4lTmxDltsvyI51qvm34SNVI4I=", + "owner": "revyos", + "repo": "thead-kernel", + "rev": "9c58afc7addc5a4a5deef24dfe6a4a103549d3da", + "type": "github" + }, + "original": { + "owner": "revyos", + "ref": "lpi4a", + "repo": "thead-kernel", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 7f0de20e..c08b0eec 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ nix-darwin, home-manager, nixos-generators, + nixos-licheepi4a, ... }: let username = "ryan"; @@ -28,6 +29,7 @@ x64_system = "x86_64-linux"; x64_darwin = "x86_64-darwin"; + riscv64_system = "riscv64-linux"; allSystems = [x64_system x64_darwin]; nixosSystem = import ./lib/nixosSystem.nix; @@ -77,6 +79,24 @@ }; idol_kana_tags = ["dist-build"]; + # 森友 望未, Moritomo Nozomi + rolling_nozomi_modules = { + nixos-modules = [ + ./hosts/rolling_girls/nozomi + ]; + # home-module = import ./home/linux/server-riscv64.nix; + }; + rolling_nozomi_tags = ["riscv"]; + + # 小坂 結季奈, Kosaka Yukina + rolling_yukina_modules = { + nixos-modules = [ + ./hosts/rolling_girls/yukina + ]; + # home-module = import ./home/linux/server-riscv64.nix; + }; + rolling_yukina_tags = ["riscv"]; + x64_specialArgs = { inherit username userfullname useremail; @@ -110,20 +130,47 @@ # colmena - remote deployment via SSH colmena = let - base_args = { + x64_base_args = { inherit home-manager; nixpkgs = nixpkgs; # or nixpkgs-unstable specialArgs = x64_specialArgs; }; + + # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache. + lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs { system = x64_system; }; + lpi4a_specialArgs = { + inherit username userfullname useremail; + pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross; + } // inputs; + lpi4a_base_args = { + inherit home-manager; + nixpkgs = nixos-licheepi4a.inputs.nixpkgs; # or nixpkgs-unstable + specialArgs = lpi4a_specialArgs; + targetUser = "root"; + }; in { meta = { nixpkgs = import nixpkgs { system = x64_system; }; specialArgs = x64_specialArgs; + + nodeSpecialArgs = { + nozomi = lpi4a_specialArgs; + # yukina = lpi4a_specialArgs; + }; + nodeNixpkgs = { + nozomi = lpi4a_pkgs; + # yukina = lpi4a_pkgs; + }; }; - aquamarine = colemnaSystem (idol_aquamarine_modules // base_args // { host_tags = idol_aquamarine_tags; }); - ruby = colemnaSystem (idol_ruby_modules // base_args // { host_tags = idol_ruby_tags; }); - kana = colemnaSystem (idol_kana_modules // base_args // { host_tags = idol_kana_tags; }); + # proxmox virtual machines(x86_64) + aquamarine = colemnaSystem (idol_aquamarine_modules // x64_base_args // { host_tags = idol_aquamarine_tags; }); + ruby = colemnaSystem (idol_ruby_modules // x64_base_args // { host_tags = idol_ruby_tags; }); + kana = colemnaSystem (idol_kana_modules // x64_base_args // { host_tags = idol_kana_tags; }); + + # riscv64 SBCs + nozomi = colemnaSystem (rolling_nozomi_modules // lpi4a_base_args // { host_tags = rolling_nozomi_tags; }); + # yukina = colemnaSystem (rolling_yukina_modules // lpi4a_base_args // { host_tags = rolling_yukina_tags; }); }; # take system images for idols @@ -253,6 +300,8 @@ flake = false; }; + nixos-licheepi4a.url = "github:ryan4yin/nixos-licheepi4a"; + # color scheme - catppuccin catppuccin-btop = { url = "github:catppuccin/btop"; diff --git a/home/linux/server-riscv64.nix b/home/linux/server-riscv64.nix new file mode 100644 index 00000000..5c184844 --- /dev/null +++ b/home/linux/server-riscv64.nix @@ -0,0 +1,24 @@ +{ username, ... }: { + imports = [ + ]; + + # Home Manager needs a bit of information about you and the + # paths it should manage. + home = { + username = username; + homeDirectory = "/home/${username}"; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + stateVersion = "23.05"; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/hosts/README.md b/hosts/README.md index 9a79f899..7124d2dc 100644 --- a/hosts/README.md +++ b/hosts/README.md @@ -6,6 +6,10 @@ 2. `aquamarine`: My NixOS virtual machine with R9-5900HX(8C16T), for distributed building & testing. 3. `kana`: Yet another NixOS vm on another physical machine with R5-5625U(6C12T). 4. `ruby`: Another NixOS vm on another physical machine with R7-5825U(8C16T). +3. `rolling_girls`: My RISCV64 hosts. + 1. `nozomi`: Lichee Pi 4A, TH1520(4xC910@2.0G), 8GB RAM + 32G eMMC + 64G SD Card. + 2. `yukina`: Lichee Pi 4A(Internal Test Version), TH1520(4xC910@2.0G), 8GB RAM + 8G eMMC + 128G SD Card. + 3. `chiaya`: Milk-V Mars, JH7110(4xU74@1.5 GHz), 4G RAM + No eMMC + 64G SD Card. # idols - Oshi no Ko diff --git a/hosts/rolling_girls/chiaya/default.nix b/hosts/rolling_girls/chiaya/default.nix new file mode 100644 index 00000000..38254602 --- /dev/null +++ b/hosts/rolling_girls/chiaya/default.nix @@ -0,0 +1,69 @@ +{ + config, + username, + # nixos-jh7110, + ... +} @ args: +############################################################# +# +# Chiaya - NixOS Configuration for Milk-V Mars +# +# WIP, not working yet. +# +############################################################# +{ + imports = [ + { + # cross-compilation this flake. + nixpkgs.crossSystem = { + system = "riscv64-linux"; + }; + } + + # TODO + + ../../../modules/nixos/core-riscv64.nix + ../../../modules/nixos/user-group.nix + ]; + + users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; + + # Set static IP address / gateway / DNS servers. + networking = { + hostName = "chiaya"; # Define your hostname. + wireless.enable = false; + + # Failed to enable firewall due to the following error: + # firewall-start[2300]: iptables: Failed to initialize nft: Protocol not supported + firewall.enable = false; + + defaultGateway = "192.168.5.201"; + nameservers = [ + "119.29.29.29" # DNSPod + "223.5.5.5" # AliDNS + ]; + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # milkv-mars RJ45 port + interfaces.end0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.5.106"; + prefixLength = 24; + } + ]; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/rolling_girls/nozomi/default.nix b/hosts/rolling_girls/nozomi/default.nix new file mode 100644 index 00000000..9ef541b1 --- /dev/null +++ b/hosts/rolling_girls/nozomi/default.nix @@ -0,0 +1,80 @@ +{ + config, + username, + nixos-licheepi4a, + ... +} @ args: +############################################################# +# +# Nozomi - NixOS configuration for Lichee Pi 4A +# +############################################################# +{ + imports = [ + { + # cross-compilation this flake. + nixpkgs.crossSystem = { + system = "riscv64-linux"; + }; + } + + # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware + (nixos-licheepi4a + "/modules/licheepi4a.nix") + # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card. + (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix") + + ../../../modules/nixos/core-riscv64.nix + ../../../modules/nixos/user-group.nix + ]; + + users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; + + # Set static IP address / gateway / DNS servers. + networking = { + hostName = "nozomi"; # Define your hostname. + wireless.enable = false; + + # Failed to enable firewall due to the following error: + # firewall-start[2300]: iptables: Failed to initialize nft: Protocol not supported + firewall.enable = false; + + defaultGateway = "192.168.5.201"; + nameservers = [ + "119.29.29.29" # DNSPod + "223.5.5.5" # AliDNS + ]; + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # LPI4A's first ethernet interface + interfaces.end0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.5.104"; + prefixLength = 24; + } + ]; + }; + # LPI4A's second ethernet interface + # interfaces.end1 = { + # useDHCP = false; + # ipv4.addresses = [ + # { + # address = "192.168.xx.xx"; + # prefixLength = 24; + # } + # ]; + # }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/rolling_girls/yukina/default.nix b/hosts/rolling_girls/yukina/default.nix new file mode 100644 index 00000000..d225090d --- /dev/null +++ b/hosts/rolling_girls/yukina/default.nix @@ -0,0 +1,80 @@ +{ + config, + username, + nixos-licheepi4a, + ... +} @ args: +############################################################# +# +# Yukina - NixOS configuration for Lichee Pi 4A +# +############################################################# +{ + imports = [ + { + # cross-compilation this flake. + nixpkgs.crossSystem = { + system = "riscv64-linux"; + }; + } + + # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware + (nixos-licheepi4a + "/modules/licheepi4a.nix") + # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card. + (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix") + + ../../../modules/nixos/core-riscv64.nix + ../../../modules/nixos/user-group.nix + ]; + + users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; + + # Set static IP address / gateway / DNS servers. + networking = { + hostName = "yukina"; # Define your hostname. + wireless.enable = false; + + # Failed to enable firewall due to the following error: + # firewall-start[2300]: iptables: Failed to initialize nft: Protocol not supported + firewall.enable = false; + + defaultGateway = "192.168.5.201"; + nameservers = [ + "119.29.29.29" # DNSPod + "223.5.5.5" # AliDNS + ]; + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # LPI4A's first ethernet interface + interfaces.end0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.5.105"; + prefixLength = 24; + } + ]; + }; + # LPI4A's second ethernet interface + # interfaces.end1 = { + # useDHCP = false; + # ipv4.addresses = [ + # { + # address = "192.168.xx.xx"; + # prefixLength = 24; + # } + # ]; + # }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/lib/colmenaSystem.nix b/lib/colmenaSystem.nix index b38e95af..9c4f2d88 100644 --- a/lib/colmenaSystem.nix +++ b/lib/colmenaSystem.nix @@ -4,15 +4,16 @@ home-manager, specialArgs, nixos-modules, - home-module, + home-module ? null, host_tags, + targetUser ? specialArgs.username, }: let username = specialArgs.username; in { name, nodes, ... }: { deployment = { targetHost = name; # hostName or IP address - targetUser = username; + targetUser = targetUser; tags = host_tags; }; @@ -26,7 +27,7 @@ in environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}"; nix.nixPath = ["/etc/nix/inputs"]; } - + ] ++ (if (home-module != null) then [ home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; @@ -35,5 +36,5 @@ in home-manager.extraSpecialArgs = specialArgs; home-manager.users."${username}" = home-module; } - ]; + ] else []); } diff --git a/modules/nixos/core-riscv64.nix b/modules/nixos/core-riscv64.nix new file mode 100644 index 00000000..73323156 --- /dev/null +++ b/modules/nixos/core-riscv64.nix @@ -0,0 +1,74 @@ +{config, pkgs, nixpkgs, ...}: { + + # ========================================================================= + # Base NixOS Configuration + # ========================================================================= + + # Set your time zone. + time.timeZone = "Asia/Shanghai"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + nix.settings = { + # Manual optimise storage: nix-store --optimise + # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store + auto-optimise-store = true; + builders-use-substitutes = true; + # enable flakes globally + experimental-features = ["nix-command" "flakes"]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # + # TODO feel free to add or remove packages here. + environment.systemPackages = with pkgs; [ + neovim + + # networking + mtr # A network diagnostic tool + iperf3 # A tool for measuring TCP and UDP bandwidth performance + nmap # A utility for network discovery and security auditing + ldns # replacement of dig, it provide the command `drill` + socat # replacement of openbsd-netcat + tcpdump # A powerful command-line packet analyzer + + # archives + zip + xz + unzip + p7zip + zstd + gnutar + + # misc + file + which + tree + gnused + gawk + tmux + docker-compose + ]; + + # replace default editor with neovim + environment.variables.EDITOR = "nvim"; + + virtualisation.docker = { + enable = true; + # start dockerd on boot. + # This is required for containers which are created with the `--restart=always` flag to work. + enableOnBoot = true; + }; + + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "prohibit-password"; # disable root login with password + PasswordAuthentication = false; # disable password login + }; + openFirewall = true; + }; +} diff --git a/modules/nixos/remote-building.nix b/modules/nixos/remote-building.nix index 2d3cd3c9..94fea2e5 100644 --- a/modules/nixos/remote-building.nix +++ b/modules/nixos/remote-building.nix @@ -73,6 +73,7 @@ # define the host alias for remote builders # this config will be written to /etc/ssh/ssh_config programs.ssh.extraConfig = '' + # idols Host ai HostName 192.168.5.100 Port 22 @@ -88,6 +89,19 @@ Host kana HostName 192.168.5.103 Port 22 + + # rolling girls + Host nozomi + HostName 192.168.5.104 + Port 22 + + Host yukina + HostName 192.168.5.105 + Port 22 + + Host chiaya + HostName 192.168.5.106 + Port 22 ''; # define the host key for remote builders so that nix can verify all the remote builders