From 8866d80e7577c5b687d2447a86a376a78a5f99ca Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Sun, 25 Jul 2021 16:03:59 -0600 Subject: [PATCH] [NixOS] Add airgapped machine --- nixos/base.nix | 6 +----- nixos/essential.nix | 4 ++++ nixos/flake.nix | 4 ++++ nixos/machines/air-gapped-pi.nix | 13 +++++++++++++ nixos/machines/biskcomp.nix | 1 + nixos/raspberry-pi.nix | 4 ---- 6 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 nixos/machines/air-gapped-pi.nix diff --git a/nixos/base.nix b/nixos/base.nix index 14b39c9a..3afc6cee 100644 --- a/nixos/base.nix +++ b/nixos/base.nix @@ -6,10 +6,6 @@ ./essential.nix ]; - nixpkgs.overlays = [ - (import ../dotfiles/config/xmonad/overlay.nix) - ]; - # Allow all the things nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ @@ -19,7 +15,6 @@ # Disabling these waits disables the stuck on boot up issue systemd.services.systemd-udev-settle.enable = false; systemd.services.NetworkManager-wait-online.enable = false; - networking.firewall.enable = false; # Security programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; @@ -30,6 +25,7 @@ include ipsec.d/ipsec.nm-l2tp.secrets ''; + networking.firewall.enable = false; networking.networkmanager = { enable = true; enableStrongSwan = true; diff --git a/nixos/essential.nix b/nixos/essential.nix index c91f9046..f0966ede 100644 --- a/nixos/essential.nix +++ b/nixos/essential.nix @@ -15,6 +15,9 @@ let python-with-my-packages = pkgs.python3.withPackages my-python-packages; in { + nixpkgs.overlays = [ + (import ../dotfiles/config/xmonad/overlay.nix) + ]; environment.systemPackages = with pkgs; [ python-with-my-packages @@ -75,6 +78,7 @@ in playerctl # Tools + cachix binutils gawk gitFull diff --git a/nixos/flake.nix b/nixos/flake.nix index ae207387..2144a5a8 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -78,6 +78,10 @@ system = "aarch64-linux"; modules = [ forAll piHardware ./machines/biskcomp.nix ]; }; + air-gapped-pi = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ forAll piHardware ./machines/air-gapped-pi.nix ]; + }; }; }; } diff --git a/nixos/machines/air-gapped-pi.nix b/nixos/machines/air-gapped-pi.nix new file mode 100644 index 00000000..a0e0f4e0 --- /dev/null +++ b/nixos/machines/air-gapped-pi.nix @@ -0,0 +1,13 @@ +{ + imports = [ + ../internet-computer.nix + ../raspberry-pi.nix + ../base.nix + ]; + + networking.hostName = "air-gapped-pi"; + hardware.video.hidpi.enable = true; + networking.enable = false; + + system.stateVersion = "21.05"; +} diff --git a/nixos/machines/biskcomp.nix b/nixos/machines/biskcomp.nix index a0e791b0..f1e67273 100644 --- a/nixos/machines/biskcomp.nix +++ b/nixos/machines/biskcomp.nix @@ -2,6 +2,7 @@ imports = [ ../internet-computer.nix ../raspberry-pi.nix + ../base.nix ]; networking.hostName = "biskcomp"; diff --git a/nixos/raspberry-pi.nix b/nixos/raspberry-pi.nix index 00640ba3..4ac4cbcf 100644 --- a/nixos/raspberry-pi.nix +++ b/nixos/raspberry-pi.nix @@ -1,10 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ./base.nix - ]; - hardware.raspberry-pi."4".fkms-3d.enable = true; boot = {