fix: suzu

flake.lock

@@ -628,23 +628,6 @@
         "type": "github"
       }
     },
-    "mesa-panfork": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1670633863,
-        "narHash": "sha256-4eZHMiYS+sRDHNBtLZTA8ELZnLns7yT3USU5YQswxQ0=",
-        "owner": "panfork",
-        "repo": "mesa",
-        "rev": "120202c675749c5ef81ae4c8cdc30019b4de08f4",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "panfork",
-        "ref": "csf",
-        "repo": "mesa",
-        "type": "gitlab"
-      }
-    },
     "mysecrets": {
       "flake": false,
       "locked": {
@@ -775,16 +758,15 @@
     "nixos-rk3588": {
       "inputs": {
         "flake-utils": "flake-utils_4",
-        "mesa-panfork": "mesa-panfork",
         "nixpkgs": "nixpkgs_4",
         "pre-commit-hooks": "pre-commit-hooks_2"
       },
       "locked": {
-        "lastModified": 1703010942,
-        "narHash": "sha256-YYNCF1cnVyQk6OPVnwyvpeg3brwS/ICRGAvFwe2RCZc=",
+        "lastModified": 1709478567,
+        "narHash": "sha256-cfY5vuB9B5KdiVIzdHelldxfOcag/wPPTcbERQpzULs=",
         "owner": "ryan4yin",
         "repo": "nixos-rk3588",
-        "rev": "fce637ae61bc0fce3c68c39c117d08bcc8e2bedf",
+        "rev": "0eea4e4cf05f997833e5cd7c48847c83e0c5b193",
         "type": "github"
       },
       "original": {
@@ -975,16 +957,16 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1691486536,
-        "narHash": "sha256-W2jYTn6rNiJEpjXkOiZxNltgxxwgeZE5cQ967NgsrHU=",
+        "lastModified": 1709309926,
+        "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8fa39adf946a4470610b38fd7aff0a73ad4356c3",
+        "rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05-small",
+        "ref": "nixos-23.11",
         "repo": "nixpkgs",
         "type": "github"
       }

modules/nixos/base/core.nix

@@ -0,0 +1,16 @@
+{lib, ...}: {
+  boot.loader.systemd-boot = {
+    # we use Git for version control, so we don't need to keep too many generations.
+    configurationLimit = lib.mkDefault 10;
+    # pick the highest resolution for systemd-boot's console.
+    consoleMode = lib.mkDefault "max";
+  };
+
+  # for power management
+  services = {
+    power-profiles-daemon = {
+      enable = true;
+    };
+    upower.enable = true;
+  };
+}

modules/nixos/base/misc.nix

@@ -1,112 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  ###################################################################################
-  #
-  #  NixOS's core configuration suitable for all my machines
-  #
-  ###################################################################################
-
-  # to install chrome, you need to enable unfree packages
-  nixpkgs.config.allowUnfree = lib.mkForce true;
-
-  boot.loader.systemd-boot = {
-    # we use Git for version control, so we don't need to keep too many generations.
-    configurationLimit = lib.mkDefault 10;
-    # pick the highest resolution for systemd-boot's console.
-    consoleMode = lib.mkDefault "max";
-  };
-
-  # do garbage collection weekly to keep disk usage low
-  nix.gc = {
-    automatic = lib.mkDefault true;
-    dates = lib.mkDefault "weekly";
-    options = lib.mkDefault "--delete-older-than 7d";
-  };
-
-  # Add terminfo database of all known terminals to the system profile.
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix
-  environment.enableAllTerminfo = true;
-
-  # Manual optimise storage: nix-store --optimise
-  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
-  nix.settings.auto-optimise-store = true;
-
-  # Enable in-memory compressed devices and swap space provided by the zram kernel module.
-  # By enable this, we can store more data in memory instead of fallback to disk-based swap devices directly,
-  # and thus improve I/O performance when we have a lot of memory.
-  #
-  #   https://www.kernel.org/doc/Documentation/blockdev/zram.txt
-  zramSwap = {
-    enable = true;
-    # one of "lzo", "lz4", "zstd"
-    algorithm = "zstd";
-    # Priority of the zram swap devices.
-    # It should be a number higher than the priority of your disk-based swap devices
-    # (so that the system will fill the zram swap devices before falling back to disk swap).
-    priority = 5;
-    # Maximum total amount of memory that can be stored in the zram swap devices (as a percentage of your total memory).
-    # Defaults to 1/2 of your total RAM. Run zramctl to check how good memory is compressed.
-    # This doesn’t define how much memory will be used by the zram swap devices.
-    memoryPercent = 50;
-  };
-
-  # for power management
-  services = {
-    power-profiles-daemon = {
-      enable = true;
-    };
-    upower.enable = true;
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    neofetch
-    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-
-    # system call monitoring
-    strace # system call monitoring
-    ltrace # library call monitoring
-    bpftrace # powerful tracing tool
-    tcpdump # network sniffer
-    lsof # list open files
-
-    # system monitoring
-    sysstat
-    iotop
-    iftop
-    btop
-    nmon
-
-    # system tools
-    psmisc # killall/pstree/prtstat/fuser/...
-    lm_sensors # for `sensors` command
-    ethtool
-    pciutils # lspci
-    usbutils # lsusb
-    hdparm # for disk performance, command
-    dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
-    parted
-
-    # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
-    (
-      let
-        base = pkgs.appimageTools.defaultFhsEnvArgs;
-      in
-        pkgs.buildFHSUserEnv (base
-          // {
-            name = "fhs";
-            targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
-            profile = "export FHS=1";
-            runScript = "bash";
-            extraOutputsToInstall = ["dev"];
-          })
-    )
-  ];
-
-  # replace default editor with neovim
-  environment.variables.EDITOR = "nvim";
-}

modules/nixos/base/networking.nix

@@ -1,26 +1,4 @@
-{
-  lib,
-  vars_networking,
-  ...
-}: {
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = lib.mkDefault false;
-
-  programs.ssh = vars_networking.ssh;
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
-      PasswordAuthentication = false; # disable password login
-    };
-    openFirewall = true;
-  };
-
+_: {
   # Network discovery, mDNS
   # With this enabled, you can access your machine at <hostname>.local
   # it's more convenient than using the IP address.

modules/nixos/base/nix.nix

@@ -3,6 +3,20 @@
   nixpkgs,
   ...
 }: {
+  # to install chrome, you need to enable unfree packages
+  nixpkgs.config.allowUnfree = lib.mkForce true;
+
+  # do garbage collection weekly to keep disk usage low
+  nix.gc = {
+    automatic = lib.mkDefault true;
+    dates = lib.mkDefault "weekly";
+    options = lib.mkDefault "--delete-older-than 7d";
+  };
+
+  # Manual optimise storage: nix-store --optimise
+  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
+  nix.settings.auto-optimise-store = true;
+
   # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
   nix.registry.nixpkgs.flake = nixpkgs;
   nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.

modules/nixos/base/packages.nix

@@ -0,0 +1,50 @@
+{pkgs, ...}: {
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neofetch
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+
+    # system call monitoring
+    strace # system call monitoring
+    ltrace # library call monitoring
+    bpftrace # powerful tracing tool
+    tcpdump # network sniffer
+    lsof # list open files
+
+    # system monitoring
+    sysstat
+    iotop
+    iftop
+    btop
+    nmon
+
+    # system tools
+    psmisc # killall/pstree/prtstat/fuser/...
+    lm_sensors # for `sensors` command
+    ethtool
+    pciutils # lspci
+    usbutils # lsusb
+    hdparm # for disk performance, command
+    dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
+    parted
+
+    # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
+    (
+      let
+        base = pkgs.appimageTools.defaultFhsEnvArgs;
+      in
+        pkgs.buildFHSUserEnv (base
+          // {
+            name = "fhs";
+            targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
+            profile = "export FHS=1";
+            runScript = "bash";
+            extraOutputsToInstall = ["dev"];
+          })
+    )
+  ];
+
+  # replace default editor with neovim
+  environment.variables.EDITOR = "nvim";
+}

modules/nixos/base/ssh.nix

@@ -0,0 +1,27 @@
+{
+  lib,
+  vars_networking,
+  ...
+}: {
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = lib.mkDefault false;
+
+  programs.ssh = vars_networking.ssh;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no"; # disable root login
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+
+  # Add terminfo database of all known terminals to the system profile.
+  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix
+  environment.enableAllTerminfo = true;
+}

modules/nixos/base/zram.nix

@@ -0,0 +1,20 @@
+{
+  # Enable in-memory compressed devices and swap space provided by the zram kernel module.
+  # By enable this, we can store more data in memory instead of fallback to disk-based swap devices directly,
+  # and thus improve I/O performance when we have a lot of memory.
+  #
+  #   https://www.kernel.org/doc/Documentation/blockdev/zram.txt
+  zramSwap = {
+    enable = true;
+    # one of "lzo", "lz4", "zstd"
+    algorithm = "zstd";
+    # Priority of the zram swap devices.
+    # It should be a number higher than the priority of your disk-based swap devices
+    # (so that the system will fill the zram swap devices before falling back to disk swap).
+    priority = 5;
+    # Maximum total amount of memory that can be stored in the zram swap devices (as a percentage of your total memory).
+    # Defaults to 1/2 of your total RAM. Run zramctl to check how good memory is compressed.
+    # This doesn’t define how much memory will be used by the zram swap devices.
+    memoryPercent = 50;
+  };
+}

modules/nixos/server/security.nix

@@ -1,6 +0,0 @@
-{username, ...}: {
-  # Public Keys that can be used to login to all my servers.
-  users.users.${username}.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMzYT0Fpcp681eHY5FJV2G8Mve53iX3hMOLGbVvfL+TF ryan@romantic"
-  ];
-}

modules/nixos/server/server-aarch64.nix

@@ -0,0 +1,19 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../base/core.nix
+    ../base/i18n.nix
+    ../base/monitoring.nix
+    ../base/nix.nix
+    ../base/ssh.nix
+    ../base/user-group.nix
+
+    ../../base.nix
+  ];
+
+  # Fix: jasper is marked as broken, refusing to evaluate.
+  environment.enableAllTerminfo = lib.mkForce false;
+}

modules/nixos/server/server-riscv64.nix

@@ -4,19 +4,16 @@
   # =========================================================================
 
   imports = [
+    ../base/core.nix
     ../base/i18n.nix
-    ../base/misc.nix
+    ../base/monitoring.nix
+    ../base/nix.nix
+    ../base/ssh.nix
     ../base/user-group.nix
 
     ../../base.nix
-    
-    ./security.nix
   ];
 
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  #
-  # TODO feel free to add or remove packages here.
   environment.systemPackages = with pkgs; [
     neovim
 
@@ -52,14 +49,4 @@
     # This is required for containers which are created with the `--restart=always` flag to work.
     enableOnBoot = true;
   };
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "prohibit-password"; # disable root login with password
-      PasswordAuthentication = false; # disable password login
-    };
-    openFirewall = true;
-  };
 }

modules/nixos/server/server.nix

@@ -2,7 +2,5 @@
   imports = [
     ../base
     ../../base.nix
-
-    ./security.nix
   ];
 }

systems/colmena.nix

@@ -38,7 +38,7 @@ with allSystemAttrs; let
     inherit home-manager;
     inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
     specialArgs = rk3588_specialArgs;
-    targetUser = "root";
+    targetUser = "ryan";
   };
 in {
   # colmena - remote deployment via SSH

systems/vars.nix

@@ -245,7 +245,7 @@ in {
   _12kingdoms_suzu_modules = {
     nixos-modules = [
       ../hosts/12kingdoms_suzu
-      ../modules/nixos/server/server-riscv64.nix
+      ../modules/nixos/server/server-aarch64.nix
 
       # cross-compilation this flake.
       {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";}