From ab9453690e4585350698a7481dbaa885a9652fc6 Mon Sep 17 00:00:00 2001 From: sstent Date: Sat, 25 Nov 2023 03:01:34 +0000 Subject: [PATCH] updates --- hosts/StuPC-WSL/default.nix | 1 + hosts/binfmt.nix | 26 ++++++++++ hosts/common.nix | 95 +++++++++++++++++++++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 hosts/binfmt.nix diff --git a/hosts/StuPC-WSL/default.nix b/hosts/StuPC-WSL/default.nix index d81286c..f9d5934 100644 --- a/hosts/StuPC-WSL/default.nix +++ b/hosts/StuPC-WSL/default.nix @@ -14,6 +14,7 @@ # system.stateVersion = "22.11"; nixpkgs.hostPlatform.system = "x86_64-linux"; networking.hostName = "StuPC-WSL"; + services.openssh.enable = true; custom = { mullvad.enable = true; mnt_public.enable = true; diff --git a/hosts/binfmt.nix b/hosts/binfmt.nix new file mode 100644 index 0000000..b87b097 --- /dev/null +++ b/hosts/binfmt.nix @@ -0,0 +1,26 @@ + +{ lib, inputs, outputs, pkgs, config, ... }: +# Define qemu-arm-static source. +let qemu-arm-static = pkgs.stdenv.mkDerivation { + name = "qemu-arm-static"; + src = builtins.fetchurl { + url = "https://github.com/multiarch/qemu-user-static/releases/download/v6.1.0-8/qemu-arm-static"; + sha256 = "06344d77d4f08b3e1b26ff440cb115179c63ca8047afb978602d7922a51231e3"; + }; + dontUnpack = true; + installPhase = "install -D -m 0755 $src $out/bin/qemu-arm-static"; +}; +in { + # Enable binfmt emulation of extra binary formats (armv7l-linux, for exmaple). + boot.binfmt.registrations.arm = { + interpreter = "${qemu-arm-static}/bin/qemu-arm-static"; + magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; + mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; + }; + + # Define additional settings for nix. + nix.extraOptions = '' + extra-platforms = armv7l-linux aarch64-linux + ''; + nix.settings.extra-sandbox-paths = [ "/run/binfmt/arm=${qemu-arm-static}/bin/qemu-arm-static" ]; +} diff --git a/hosts/common.nix b/hosts/common.nix index 74ba961..d918d71 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,3 +1,4 @@ +<<<<<<< HEAD # This file (and the global directory) holds config that i use on all hosts { lib, @@ -83,3 +84,97 @@ }; }; } +======= +# This file (and the global directory) holds config that i use on all hosts +{ lib, inputs, outputs, pkgs, config, ... }: +{ + imports = [ + inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops + # ./binfmt.nix + ]++ (builtins.attrValues outputs.nixosModules); + +###dotfiles path variable + options._dotfiles = lib.mkOption { + type = lib.types.str; + default = "${inputs.self}/home-manager/dotfiles"; + description = "Path to the dotfiles in this repository"; + }; + +###secrets path variable + options._secrets = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000/secrets"; + description = "Path to the Secrets runtime"; + }; + + +###secretstore path variable + options._secretstore = lib.mkOption { + type = lib.types.str; + default = "${inputs.self}/secrets"; + description = "Path to the Secrets storage"; + }; + +config = { + system.stateVersion = "23.05"; + + + sops = { + defaultSopsFile = "${config._secretstore}/host-secrets.yaml"; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; +}; + + + home-manager = { + useUserPackages = true; + extraSpecialArgs = { inherit inputs outputs; }; + sharedModules = [ + inputs.sops-nix.homeManagerModules.sops + ]; + }; + + nixpkgs.config.allowUnfree = true; + programs.fuse.userAllowOther = true; + security.sudo.wheelNeedsPassword = false; + + # nixpkgs.overlays = overlays; + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; +nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; +# nix.extra-platforms = aarch64-linux i686-linux; + +# nix.nixPath = [ "nixpkgs=pkgs.outPath" ]; +# boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; +boot.binfmt.emulatedSystems = ["armv7l-linux" "aarch64-linux"]; + +nix.settings.substituters = [ + "https://fbleagh.cachix.org" + "https://cache.armv7l.xyz" + "https://arm.cachix.org" + "https://thefloweringash-armv7.cachix.org" ]; +nix.settings.trusted-public-keys = [ + "fbleagh.cachix.org-1:HNgEVkx9HfKmEQdR+9IeCwqFza0k8d8fJgcYvOTVDB8=" + "cache.armv7l.xyz-1:kBY/eGnBAYiqYfg0fy0inWhshUo+pGFM3Pj7kIkmlBk=" + "arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8=" + "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" +]; +nix.settings.trusted-users = [ "root" "sstent" ]; + +#services.envfs.enable = true; + environment.systemPackages = [ + pkgs.git + pkgs.home-manager + pkgs.sops + pkgs.ssh-to-age + pkgs.age + pkgs.qemu + pkgs.cachix + ]; + +}; +} +>>>>>>> dacf7df (updates)