[NixOS] Add airgapped machine

2021-07-25 16:03:59 -06:00 · 2021-07-25 16:03:59 -06:00 · 8866d80e75
commit 8866d80e75
parent 7eec5d3392
6 changed files with 23 additions and 9 deletions
--- a/nixos/base.nix
+++ b/nixos/base.nix
@ -6,10 +6,6 @@
    ./essential.nix
  ];

-  nixpkgs.overlays = [
-    (import ../dotfiles/config/xmonad/overlay.nix)
-  ];
-
  # Allow all the things
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.permittedInsecurePackages = [
@ -19,7 +15,6 @@
  # Disabling these waits disables the stuck on boot up issue
  systemd.services.systemd-udev-settle.enable = false;
  systemd.services.NetworkManager-wait-online.enable = false;
-  networking.firewall.enable = false;

  # Security
  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
@ -30,6 +25,7 @@
    include ipsec.d/ipsec.nm-l2tp.secrets
  '';

+  networking.firewall.enable = false;
  networking.networkmanager = {
    enable = true;
    enableStrongSwan = true;
--- a/nixos/essential.nix
+++ b/nixos/essential.nix
@ -15,6 +15,9 @@ let
  python-with-my-packages = pkgs.python3.withPackages my-python-packages;
 in
 {
+  nixpkgs.overlays = [
+    (import ../dotfiles/config/xmonad/overlay.nix)
+  ];
  environment.systemPackages = with pkgs; [
    python-with-my-packages

@ -75,6 +78,7 @@ in
    playerctl

    # Tools
+    cachix
    binutils
    gawk
    gitFull
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -78,6 +78,10 @@
        system = "aarch64-linux";
        modules = [ forAll piHardware ./machines/biskcomp.nix ];
      };
+      air-gapped-pi = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [ forAll piHardware ./machines/air-gapped-pi.nix ];
+      };
    };
  };
 }
--- a/nixos/machines/air-gapped-pi.nix
+++ b/nixos/machines/air-gapped-pi.nix
@ -0,0 +1,13 @@
+{
+  imports = [
+    ../internet-computer.nix
+    ../raspberry-pi.nix
+    ../base.nix
+  ];
+
+  networking.hostName = "air-gapped-pi";
+  hardware.video.hidpi.enable = true;
+  networking.enable = false;
+
+  system.stateVersion = "21.05";
+}
--- a/nixos/machines/biskcomp.nix
+++ b/nixos/machines/biskcomp.nix
@ -2,6 +2,7 @@
  imports = [
    ../internet-computer.nix
    ../raspberry-pi.nix
+    ../base.nix
  ];

  networking.hostName = "biskcomp";
--- a/nixos/raspberry-pi.nix
+++ b/nixos/raspberry-pi.nix
@ -1,10 +1,6 @@
 { config, pkgs, ... }:

 {
-  imports = [
-    ./base.nix
-  ];
-
  hardware.raspberry-pi."4".fkms-3d.enable = true;

  boot = {