mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
README: nixos-anywhere and Raspberry Pi
This commit is contained in:
parent
aa60fe1eaa
commit
363a6118f1
61
README.md
61
README.md
@ -2,6 +2,12 @@
|
||||
|
||||
- [NixOS](#nixos)
|
||||
- [NixOS installation](#nixos-installation)
|
||||
- [Graphical installation](#graphical-installation)
|
||||
- [Remote installation: disko and nixos-anywhere](#remote-installation-disko-and-nixos-anywhere)
|
||||
- [ARM device: Raspberry Pi 3B+](#arm-device-raspberry-pi-3b)
|
||||
- [ISO](#iso)
|
||||
- [Default configuration](#default-configuration)
|
||||
- [Apply modified configuration](#apply-modified-configuration)
|
||||
- [Update, build and switch](#update-build-and-switch)
|
||||
- [Update](#update)
|
||||
- [Build and switch: Using Colmena](#build-and-switch-using-colmena)
|
||||
@ -12,7 +18,6 @@
|
||||
- [niv: Dependency management](#niv-dependency-management)
|
||||
- [Add Home Manager with niv](#add-home-manager-with-niv)
|
||||
- [Add NUR with niv](#add-nur-with-niv)
|
||||
- [disko and nixos-anywhere: Remote installation](#disko-and-nixos-anywhere-remote-installation)
|
||||
- [Colmena: Deployment and secret management](#colmena-deployment-and-secret-management)
|
||||
- [BTRFS swap file](#btrfs-swap-file)
|
||||
- [LUKS Parameters](#luks-parameters)
|
||||
@ -38,6 +43,8 @@
|
||||
|
||||
## NixOS installation
|
||||
|
||||
### Graphical installation
|
||||
|
||||
For beginners, NixOS can be installed with a graphical installer.
|
||||
|
||||
Getting the ISO:
|
||||
@ -55,6 +62,52 @@ During installation:
|
||||
* One 512MB (or larger) Fat32 partition, mounted at `/boot`, "boot" flag enabled
|
||||
* Another partition (e.g. BTRFS) covering the rest of the drive, mounted at `/`, encryption enabled
|
||||
|
||||
## Remote installation: disko and nixos-anywhere
|
||||
|
||||
Install NixOS via SSH everywhere.
|
||||
|
||||
There is a separate repository for these steps. Its README can be found here: https://codeberg.org/privacy1st/nixos-anywhere-example/src/template/README.md
|
||||
|
||||
## ARM device: Raspberry Pi 3B+
|
||||
|
||||
### ISO
|
||||
|
||||
If you are on an architecture other than aarch64, enable emulation: `boot.binfmt.emulatedSystems = [ "aarch64-linux" ];`.
|
||||
|
||||
An ISO for the Raspberry Pi 3B+ can then be built with:
|
||||
|
||||
```shell
|
||||
# If on aarch64
|
||||
#nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./iso-aarch64.nix
|
||||
# If not on aarch64
|
||||
nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./iso-aarch64.nix --argstr system aarch64-linux
|
||||
|
||||
ls result/sd-image/*.img
|
||||
```
|
||||
|
||||
**Note** about cross compilation
|
||||
|
||||
Alternatively to emulating the aarch64 architecture we could also cross compile from e.g. x86 to it. However, this has one big drawback: The binary cache (https://cache.nixos.org/) won't be used. The reason for this is that packages built with cross compilation are (slightly) different from native built ones. Their checksums don't match.
|
||||
|
||||
### Default configuration
|
||||
|
||||
When the Raspberry Pi is booted, run `nixos-generate-config` to generate the default `configuration.nix` and `hardware-configuration.nix` files.
|
||||
|
||||
### Apply modified configuration
|
||||
|
||||
The Rapberry Pi 3B+ has only 1GB RAM, which is not enough for `nixos-rebuild`. It is recommended to create and activate a SWAP file first: https://wiki.archlinux.org/title/swap#Swap_file_creation
|
||||
|
||||
```shell
|
||||
nix-channel --list
|
||||
#=> nixos https://nixos.org/channels/nixos-23.05
|
||||
nix-channel --update nixos
|
||||
```
|
||||
|
||||
```shell
|
||||
nixos-rebuild boot
|
||||
reboot
|
||||
```
|
||||
|
||||
## Update, build and switch
|
||||
|
||||
Local (yodaTux):
|
||||
@ -199,12 +252,6 @@ niv add nix-community/home-manager -n home-manager -b release-23.05
|
||||
niv add nix-community/NUR -n NUR
|
||||
```
|
||||
|
||||
## disko and nixos-anywhere: Remote installation
|
||||
|
||||
Install NixOS via SSH everywhere.
|
||||
|
||||
There is a separate repository for these steps. Its README can be found here: https://codeberg.org/privacy1st/nixos-anywhere-example/src/template/README.md
|
||||
|
||||
## Colmena: Deployment and secret management
|
||||
|
||||
* https://github.com/zhaofengli/colmena#colmena
|
||||
|
41
iso-aarch64.nix
Normal file
41
iso-aarch64.nix
Normal file
@ -0,0 +1,41 @@
|
||||
# Great overview: https://rbf.dev/blog/2020/05/custom-nixos-build-for-raspberry-pis/
|
||||
|
||||
# https://nixos.wiki/wiki/NixOS_on_ARM#Cross-compiling
|
||||
# https://nixos.wiki/wiki/NixOS_on_ARM#Compiling_through_binfmt_QEMU
|
||||
# https://nix.dev/tutorials/nixos/installing-nixos-on-a-raspberry-pi
|
||||
|
||||
# Using the 64-bit AArch64 image is highly recommended.
|
||||
# https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi#Raspberry_Pi_3_.2F_3B.2B
|
||||
|
||||
{ config, pkgs, lib, ... }: {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
||||
];
|
||||
boot = {
|
||||
# New tags are published not so often ...
|
||||
# https://github.com/raspberrypi/linux/tags
|
||||
#kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
|
||||
|
||||
# The mainline kernel is also supported.
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
# TODO:
|
||||
# Not every kernel (pkgs.linuxPackages_latest) is ZFS compatible.
|
||||
# In that case, we can use mkForce to remove "zfs" from the list.
|
||||
#
|
||||
# Open issue to build two kernels, one with and one without zfs: https://github.com/NixOS/nixpkgs/issues/189184
|
||||
# List values were taken from here: https://github.com/NixOS/nixpkgs/blob/3f339f3cf44d090e2cc624f89df81fdb29810a0a/nixos/modules/profiles/base.nix#L54
|
||||
supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
|
||||
};
|
||||
# Compression takes loads of time with emulation, skip it.
|
||||
sdImage.compressImage = false;
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
};
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
(builtins.readFile ./assets/ssh/nitrokey.pub)
|
||||
];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
system.stateVersion = "23.05";
|
||||
}
|
Loading…
Reference in New Issue
Block a user