README: nixos-anywhere and Raspberry Pi

README.md

@@ -2,6 +2,12 @@
 
 - [NixOS](#nixos)
   - [NixOS installation](#nixos-installation)
+    - [Graphical installation](#graphical-installation)
+  - [Remote installation: disko and nixos-anywhere](#remote-installation-disko-and-nixos-anywhere)
+  - [ARM device: Raspberry Pi 3B+](#arm-device-raspberry-pi-3b)
+    - [ISO](#iso)
+    - [Default configuration](#default-configuration)
+    - [Apply modified configuration](#apply-modified-configuration)
   - [Update, build and switch](#update-build-and-switch)
     - [Update](#update)
     - [Build and switch: Using Colmena](#build-and-switch-using-colmena)
@@ -12,7 +18,6 @@
   - [niv: Dependency management](#niv-dependency-management)
     - [Add Home Manager with niv](#add-home-manager-with-niv)
     - [Add NUR with niv](#add-nur-with-niv)
-  - [disko and nixos-anywhere: Remote installation](#disko-and-nixos-anywhere-remote-installation)
   - [Colmena: Deployment and secret management](#colmena-deployment-and-secret-management)
   - [BTRFS swap file](#btrfs-swap-file)
   - [LUKS Parameters](#luks-parameters)
@@ -38,6 +43,8 @@
 
 ## NixOS installation
 
+### Graphical installation
+
 For beginners, NixOS can be installed with a graphical installer.
 
 Getting the ISO:
@@ -55,6 +62,52 @@ During installation:
   * One 512MB (or larger) Fat32 partition, mounted at `/boot`, "boot" flag enabled
   * Another partition (e.g. BTRFS) covering the rest of the drive, mounted at `/`, encryption enabled
 
+## Remote installation: disko and nixos-anywhere
+
+Install NixOS via SSH everywhere.
+
+There is a separate repository for these steps. Its README can be found here: https://codeberg.org/privacy1st/nixos-anywhere-example/src/template/README.md
+
+## ARM device: Raspberry Pi 3B+
+
+### ISO
+
+If you are on an architecture other than aarch64, enable emulation: `boot.binfmt.emulatedSystems = [ "aarch64-linux" ];`.
+
+An ISO for the Raspberry Pi 3B+ can then be built with:
+
+```shell
+# If on aarch64
+#nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./iso-aarch64.nix
+# If not on aarch64
+nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./iso-aarch64.nix --argstr system aarch64-linux
+
+ls result/sd-image/*.img
+```
+
+**Note** about cross compilation
+
+Alternatively to emulating the aarch64 architecture we could also cross compile from e.g. x86 to it. However, this has one big drawback: The binary cache (https://cache.nixos.org/) won't be used. The reason for this is that packages built with cross compilation are (slightly) different from native built ones. Their checksums don't match.
+
+### Default configuration
+
+When the Raspberry Pi is booted, run `nixos-generate-config` to generate the default `configuration.nix` and `hardware-configuration.nix` files.
+
+### Apply modified configuration
+
+The Rapberry Pi 3B+ has only 1GB RAM, which is not enough for `nixos-rebuild`. It is recommended to create and activate a SWAP file first: https://wiki.archlinux.org/title/swap#Swap_file_creation
+
+```shell
+nix-channel --list
+#=> nixos https://nixos.org/channels/nixos-23.05
+nix-channel --update nixos
+```
+
+```shell
+nixos-rebuild boot
+reboot
+```
+
 ## Update, build and switch
 
 Local (yodaTux):
@@ -199,12 +252,6 @@ niv add nix-community/home-manager -n home-manager -b release-23.05
 niv add nix-community/NUR -n NUR
 ```
 
-## disko and nixos-anywhere: Remote installation
-
-Install NixOS via SSH everywhere.
-
-There is a separate repository for these steps. Its README can be found here: https://codeberg.org/privacy1st/nixos-anywhere-example/src/template/README.md
-
 ## Colmena: Deployment and secret management
 
 * https://github.com/zhaofengli/colmena#colmena

iso-aarch64.nix

@@ -0,0 +1,41 @@
+# Great overview: https://rbf.dev/blog/2020/05/custom-nixos-build-for-raspberry-pis/
+
+# https://nixos.wiki/wiki/NixOS_on_ARM#Cross-compiling
+# https://nixos.wiki/wiki/NixOS_on_ARM#Compiling_through_binfmt_QEMU
+# https://nix.dev/tutorials/nixos/installing-nixos-on-a-raspberry-pi
+
+# Using the 64-bit AArch64 image is highly recommended.
+# https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi#Raspberry_Pi_3_.2F_3B.2B
+
+{ config, pkgs, lib, ... }: {
+  imports = [
+    <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
+  ];
+  boot = {
+    # New tags are published not so often ...
+    # https://github.com/raspberrypi/linux/tags
+    #kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
+    
+    # The mainline kernel is also supported.
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    # TODO:
+    # Not every kernel (pkgs.linuxPackages_latest) is ZFS compatible.
+    # In that case, we can use mkForce to remove "zfs" from the list.
+    #
+    # Open issue to build two kernels, one with and one without zfs: https://github.com/NixOS/nixpkgs/issues/189184
+    # List values were taken from here: https://github.com/NixOS/nixpkgs/blob/3f339f3cf44d090e2cc624f89df81fdb29810a0a/nixos/modules/profiles/base.nix#L54
+    supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+  };
+  # Compression takes loads of time with emulation, skip it.
+  sdImage.compressImage = false;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    (builtins.readFile ./assets/ssh/nitrokey.pub)
+  ];
+  hardware.enableRedistributableFirmware = true;
+  system.stateVersion = "23.05";
+}