added a nixos configuration to build and deploy the gateway

This commit is contained in:
Sebastian Wendel 2023-02-20 23:03:41 +01:00
parent a52bc6326a
commit 2ce1df7f50
No known key found for this signature in database
GPG key ID: 14ED8B1EC3371ECE
14 changed files with 616 additions and 86 deletions

9
.envrc
View file

@ -2,8 +2,13 @@
use flake
use_flake() {
watch_file flake.nix
watch_file flake.lock
watch_file nix/shell.nix
eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile")"
}
layout python3
watch_file ./nix/shell.nix
eval "$shellHook"

View file

@ -1,13 +1,86 @@
{
"nodes": {
"darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1674127017,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -17,6 +90,232 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1676367705,
"narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1675359654,
"narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1676297861,
"narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "1e0a05219f2a557d4622bc38f542abb360518795",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1676699914,
"narHash": "sha256-cM2Hd+odgCYWSUiYPZGW/4B+OI64S0lrdf9YR9ts9I4=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "9bbcc37b011b0d925f3115888ea77f58487619b8",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1673800717,
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1676569297,
"narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": [
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1676513100,
"narHash": "sha256-MK39nQV86L2ag4TmcK5/+r1ULpzRLPbbfvWbPvIoYJE=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "5f0cba88ac4d6dd8cad5c6f6f1540b3d6a21a798",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"darwin": "darwin",
"deploy-rs": "deploy-rs",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"impermanence": "impermanence",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks"
}
},
"utils": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -30,53 +329,6 @@
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1667991831,
"narHash": "sha256-DHgEsLZI044B9T4AjA3K6+yB9/DqLr4dyA7OIx0FG7o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "872fceeed60ae6b7766cc0a4cd5bf5901b9098ec",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1667992213,
"narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks"
}
}
},
"root": "root",

View file

@ -1,34 +1,107 @@
{
description = "IoT Platform";
description = "FabNet IoT Platform";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
flake-utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
darwin = {
url = "github:lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:nixos/nixos-hardware";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
deploy-rs.url = "github:serokell/deploy-rs";
};
outputs = {
self,
darwin,
nixpkgs,
deploy-rs,
flake-utils,
nixos-hardware,
nixos-generators,
...
} @ inputs:
flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (system: {
devShells.default = import ./nix/shell.nix inputs system;
checks = import ./nix/checks.nix inputs system;
flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"] (localSystem: {
checks = import ./nix/checks.nix inputs localSystem;
devShells.default = import ./nix/shell.nix inputs localSystem;
packages = {
default = self.packages.x86_64-linux.gateway-vm;
gateway-vm = nixos-generators.nixosGenerate {
pkgs = import nixpkgs {inherit localSystem;};
system = "x86_64-linux";
format = "vm";
modules = [
./software/gateway
];
};
gateway-raspi = nixos-generators.nixosGenerate {
pkgs = import nixpkgs {inherit localSystem;};
system = "aarch64-linux";
format = "sd-aarch64";
modules = [
./software/gateway
];
};
};
nixosConfigurations.gateway = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./software/gateway
];
};
pkgs = import nixpkgs {
inherit system;
inherit localSystem;
config.allowUnfree = true;
config.allowAliases = true;
config.allowUnsupportedSystem = true;
};
deploy.nodes.gateway = {
hostname = "fabnet";
fastConnection = true;
profiles = {
system = {
sshUser = "fabnet";
path =
deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.gateway;
user = "root";
};
};
};
});
}

View file

@ -10,31 +10,6 @@ with self.pkgs.${system}; {
src = lib.cleanSource ../.;
hooks = {
alejandra.enable = true;
nix-linter.enable = true;
};
settings = {
nix-linter.checks = [
"DIYInherit"
"EmptyInherit"
"EmptyLet"
"EtaReduce"
"LetInInheritRecset"
"ListLiteralConcat"
"NegateAtom"
"SequentialLet"
"SetLiteralUpdate"
"UnfortunateArgName"
"UnneededRec"
"UnusedArg"
"UnusedLetBind"
"UpdateEmptySet"
"BetaReduction"
"EmptyVariadicParamSet"
"UnneededAntiquote"
"no-FreeLetInFunc"
"no-AlphabeticalArgs"
"no-AlphabeticalBindings"
];
};
};
}

View file

@ -1,7 +1,7 @@
{self, ...}: system:
with self.pkgs.${system};
mkShell {
name = "iot-platform";
name = "FabNet";
nativeBuildInputs =
[
# Development
@ -27,9 +27,9 @@ with self.pkgs.${system};
yamllint
# Nix
deploy-rs
alejandra
nix
nix-linter
nixUnstable
rnix-lsp
# Service
@ -37,8 +37,12 @@ with self.pkgs.${system};
# Misc
reuse
zstd
wget
raspberrypi-eeprom
];
shellHook = ''
${self.checks.${system}.pre-commit-check.shellHook}
'';
allowUnsupportedSystem = true;
}

View file

@ -0,0 +1,5 @@
{lib, ...}: {
boot.kernel.sysctl = lib.mkDefault {"vm.swappiness" = 10;};
boot.tmpOnTmpfs = lib.mkDefault true;
boot.cleanTmpDir = lib.mkDefault true;
}

View file

@ -0,0 +1,66 @@
{
lib,
pkgs,
config,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/all-hardware.nix")
(modulesPath + "/profiles/minimal.nix")
(modulesPath + "/profiles/base.nix")
./boot.nix
./hardware.nix
./locale.nix
./networking.nix
./nix.nix
./security.nix
./users.nix
./tools.nix
];
system.stateVersion = lib.mkForce "23.05";
networking.hostName = "fabnet";
networking.hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName);
networking.firewall.allowedTCPPorts = lib.mkDefault [
1880 # Node-Red
1883 # Mosquitto
5000 # Octoprint
3000 # Grafana
8086 # InfluxDB
9090 # Prometheus
];
services.openssh.enable = lib.mkForce true;
services.haveged.enable = lib.mkDefault true;
services.fail2ban.enable = lib.mkDefault true;
services.node-red.enable = lib.mkDefault true;
services.influxdb2.enable = lib.mkDefault true;
services.prometheus.enable = lib.mkDefault true;
services.octoprint.enable = lib.mkDefault true;
services.grafana.enable = lib.mkDefault true;
services.grafana.settings.server.http_port = 7878;
services.grafana.provision.datasources.settings.datasources = lib.mkForce [
{
name = "influxdb";
type = "influxdb";
url = "http://0.0.0.0:8086";
}
{
type = "prometheus";
name = "prometheus";
url = "http://0.0.0.0:9090";
}
];
services.mosquitto.enable = lib.mkDefault true;
services.mosquitto.listeners = lib.mkDefault [
{
address = "0.0.0.0";
acl = ["pattern readwrite #"];
omitPasswordAuth = lib.mkDefault true;
}
];
}

View file

@ -0,0 +1,25 @@
{
lib,
pkgs,
config,
...
}: {
hardware.bluetooth.enable = lib.mkDefault true;
hardware.i2c.enable = lib.mkDefault true;
hardware.sensor.iio.enable = lib.mkDefault true;
services.fwupd.enable = lib.mkDefault true;
services.upower.enable = lib.mkDefault true;
services.tlp.enable = lib.mkDefault true;
programs.usbtop.enable = lib.mkDefault true;
environment.systemPackages = with pkgs; [
dmidecode
lshw
pciutils
usbutils
];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

View file

@ -0,0 +1,11 @@
{lib, ...}: {
time.timeZone = lib.mkDefault "Europe/Berlin";
console.keyMap = lib.mkDefault "de";
i18n.supportedLocales = lib.mkDefault ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"];
i18n.extraLocaleSettings = lib.mkDefault {
LANG = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
}

View file

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}: {
networking.firewall.enable = lib.mkForce true;
networking.wireless.enable = lib.mkDefault true;
networking.networkmanager.enable = lib.mkDefault true;
services.avahi.enable = lib.mkDefault true;
services.avahi.nssmdns = lib.mkDefault true;
services.avahi.publish.enable = lib.mkDefault true;
services.avahi.publish.addresses = lib.mkDefault true;
services.avahi.publish.domain = lib.mkDefault true;
services.avahi.publish.userServices = lib.mkDefault true;
services.avahi.publish.workstation = lib.mkDefault true;
services.avahi.extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
}

28
software/gateway/nix.nix Normal file
View file

@ -0,0 +1,28 @@
{
pkgs,
lib,
...
}: {
nix.package = pkgs.nixUnstable;
nix.gc.automatic = lib.mkForce true;
nix.optimise.automatic = lib.mkDefault true;
nix.settings.require-sigs = lib.mkForce true;
nix.settings.auto-optimise-store = lib.mkDefault true;
nix.settings.allowed-users = lib.mkDefault ["@wheel"];
nix.settings.trusted-users = lib.mkDefault ["root" "@wheel"];
nix.settings.substituters = lib.mkDefault [
"https://arm.cachix.org/"
"https://nix-community.cachix.org"
"https://nix-config.cachix.org"
];
nix.settings.trusted-public-keys = lib.mkDefault [
"arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4="
];
nix.extraOptions = ''
experimental-features = nix-command flakes
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
}

View file

@ -0,0 +1,14 @@
{
pkgs,
lib,
...
}: {
security.protectKernelImage = lib.mkDefault true;
security.forcePageTableIsolation = lib.mkDefault true;
security.polkit.enable = lib.mkDefault true;
security.apparmor.enable = lib.mkDefault true;
security.sudo.enable = lib.mkDefault true;
security.sudo.wheelNeedsPassword = lib.mkDefault false;
}

View file

@ -0,0 +1,39 @@
{
pkgs,
lib,
...
}: {
programs.neovim.enable = lib.mkDefault true;
programs.neovim.viAlias = lib.mkDefault true;
programs.neovim.vimAlias = lib.mkDefault true;
programs.neovim.defaultEditor = lib.mkDefault true;
programs.zsh.enable = lib.mkDefault true;
programs.zsh.ohMyZsh.enable = lib.mkDefault true;
programs.zsh.enableCompletion = lib.mkDefault true;
programs.zsh.enableBashCompletion = lib.mkDefault true;
programs.zsh.enableGlobalCompInit = lib.mkDefault false;
programs.zsh.autosuggestions.enable = lib.mkDefault true;
programs.zsh.interactiveShellInit = lib.mkDefault "source '${pkgs.grml-zsh-config}/etc/zsh/zshrc'";
programs.mtr.enable = lib.mkDefault true;
environment.systemPackages = with pkgs; [
exfat
sshfs
strace
tmux
curl
httpie
gotop
htop
mc
git
neofetch
pstree
ranger
screen
tree
whois
];
}

View file

@ -0,0 +1,14 @@
{
lib,
pkgs,
...
}: {
users.mutableUsers = lib.mkDefault true;
users.users.fabnet = {
isNormalUser = lib.mkDefault true;
initialPassword = lib.mkDefault "fabnet";
extraGroups = lib.mkDefault ["wheel"];
createHome = lib.mkDefault true;
shell = lib.mkForce pkgs.zsh;
};
}