From 9eac5d825a301727540d267d0c403248e63c3e4f Mon Sep 17 00:00:00 2001 From: Sebastian Date: Fri, 9 Feb 2024 17:44:56 +0100 Subject: [PATCH] Initial commit First working deployment --- .gitignore | 1 + flake.lock | 123 ++++++++++++++++++++ flake.nix | 82 ++++++++++++++ machines/dl1ssk/configuration.nix | 126 +++++++++++++++++++++ machines/dl1ssk/hardware-configuration.nix | 34 ++++++ machines/dl1ssk/satnogs-docker-compose.yml | 49 ++++++++ modules/common-packages.nix | 14 +++ modules/locale.nix | 12 ++ modules/rpi.nix | 5 + modules/ssh.nix | 8 ++ modules/users.nix | 13 +++ modules/vimrc | 16 +++ ssh-keys.nix | 9 ++ 13 files changed, 492 insertions(+) create mode 100644 .gitignore create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 machines/dl1ssk/configuration.nix create mode 100644 machines/dl1ssk/hardware-configuration.nix create mode 100644 machines/dl1ssk/satnogs-docker-compose.yml create mode 100644 modules/common-packages.nix create mode 100644 modules/locale.nix create mode 100644 modules/rpi.nix create mode 100644 modules/ssh.nix create mode 100644 modules/users.nix create mode 100644 modules/vimrc create mode 100644 ssh-keys.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2f5dd2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..2e2f30a --- /dev/null +++ b/flake.lock @@ -0,0 +1,123 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "owner": "ryantm", + "repo": "agenix", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1701282334, + "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..7cf65d4 --- /dev/null +++ b/flake.nix @@ -0,0 +1,82 @@ +{ + # see https://nixops.readthedocs.io/en/latest/guides/deploy-without-root.html + description = "Satnogs Deployment Flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/23.11"; + agenix.url = "github:ryantm/agenix"; + }; + + outputs = { self, nixpkgs, agenix, ... }: + let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + in + { + + formatter.x86_64-linux = pkgs.nixpkgs-fmt; + + devShells.x86_64-linux.default = pkgs.mkShell { + buildInputs = with pkgs; [ + colmena + agenix.packages.x86_64-linux.default + ]; + }; + + colmena = { + meta = { + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + }; + }; + + + + defaults = { config, pkgs, ... }: { + imports = [ + ./modules/users.nix + ./modules/ssh.nix + ./modules/locale.nix + agenix.nixosModules.default + ]; + }; + + dl1ssk = { config, pkgs, ... }: + { + deployment = { + tags = [ "satnogs" ]; + targetHost = "192.168.42.22"; + }; + + imports = [ + ./modules/common-packages.nix + ./machines/dl1ssk/configuration.nix + ]; + }; + }; + + + + nixosConfigurations.rpi4_bootstrap = nixpkgs.lib.nixosSystem { + modules = [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + { + imports = [ + ./modules/rpi.nix + ./modules/common-packages.nix + ./modules/locale.nix + ./modules/ssh.nix + ./modules/users.nix + ]; + + + networking.firewall.enable = false; + + system.stateVersion = "23.11"; + } + ]; + }; + + + images.rpi4_bootstrap = self.nixosConfigurations.rpi4_bootstrap.config.system.build.sdImage; + }; +} diff --git a/machines/dl1ssk/configuration.nix b/machines/dl1ssk/configuration.nix new file mode 100644 index 0000000..f7afe54 --- /dev/null +++ b/machines/dl1ssk/configuration.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) + boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + networking.hostName = "satnogs-dl1ssk"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + #time.timeZone = "Europe/Berlin"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # firefox + # tree + # ]; + # }; + + virtualisation.docker.enable = true; + + systemd.services.satnogs-docker-compose = { + script = '' + ${pkgs.docker-compose}/bin/docker-compose -f ${./satnogs-docker-compose.yml} up + ''; + wantedBy = ["multi-user.target"]; + after = ["docker.service" "docker.socket"]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/machines/dl1ssk/hardware-configuration.nix b/machines/dl1ssk/hardware-configuration.nix new file mode 100644 index 0000000..4701672 --- /dev/null +++ b/machines/dl1ssk/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/machines/dl1ssk/satnogs-docker-compose.yml b/machines/dl1ssk/satnogs-docker-compose.yml new file mode 100644 index 0000000..3b2ebf4 --- /dev/null +++ b/machines/dl1ssk/satnogs-docker-compose.yml @@ -0,0 +1,49 @@ +version: '3.8' +services: + + rigctld: + image: librespace/hamlib:latest + user: '999' + read_only: true + environment: + MODEL: '1' + restart: 'unless-stopped' + command: 'rigctld' + + satnogs_client: + image: librespace/satnogs-client:master # LSF stable docker image + #image: librespace/satnogs-client:master-unstable # LSF experimental docker image + #image: librespace/satnogs-client:lsf-addons # LSF stable + gr-satellites and addons + #image: librespace/satnogs-client:lsf-dev-addons # LSF unstable + gr-satellites and addons + user: '999' + read_only: true + init: true # init is needed when launching processes in the background + #env_file: + # - ./station.env + environment: + SATNOGS_RIG_IP: 'rigctld' + SATNOGS_RIG_PORT: '4532' + + SATNOGS_ANTENNA: 'RX' + SATNOGS_RF_GAIN: '5' + SATNOGS_RX_SAMP_RATE: '2.048e6' + SATNOGS_SOAPY_RX_DEVICE: 'driver=rtlsdr' + SATNOGS_STATION_ELEV: '225' + SATNOGS_STATION_ID: '517' + + command: 'satnogs-client' # default + device_cgroup_rules: + - 'c 189:* rwm' + devices: + - '/dev/bus/usb' + volumes: + - type: 'tmpfs' + target: '/tmp' + - type: 'volume' + source: 'satnogs-client' + target: '/var/lib/satnogs-client' + restart: 'unless-stopped' + stop_grace_period: 1s + +volumes: + satnogs-client: # persistent named volume for the station diff --git a/modules/common-packages.nix b/modules/common-packages.nix new file mode 100644 index 0000000..0367820 --- /dev/null +++ b/modules/common-packages.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + vim + wget + lsof + htop + git + screen + ]; + + programs.vim.defaultEditor = true; + programs.vim.package = pkgs.vim_configurable; + environment.etc."vimrc".source = ./vimrc; +} diff --git a/modules/locale.nix b/modules/locale.nix new file mode 100644 index 0000000..90ad006 --- /dev/null +++ b/modules/locale.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: { + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_CTYPE = "en_US.UTF-8"; + LC_TIME = "en_DK.UTF-8"; + LC_COLLATE = "C.UTF-8"; + }; + +} diff --git a/modules/rpi.nix b/modules/rpi.nix new file mode 100644 index 0000000..3163135 --- /dev/null +++ b/modules/rpi.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: { + nixpkgs.config.allowUnsupportedSystem = true; + nixpkgs.hostPlatform.system = "aarch64-linux"; + #nixpkgs.buildPlatform.system = "x86_64-linux"; #If you build on x86 other wise changes this. +} diff --git a/modules/ssh.nix b/modules/ssh.nix new file mode 100644 index 0000000..a4170bd --- /dev/null +++ b/modules/ssh.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: { + + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.extraConfig = "AcceptEnv LANG LC_*"; + +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..bc1bc79 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +let + sshkeys = import ../ssh-keys.nix; +in +{ + users = { + mutableUsers = false; + users.root = { + openssh.authorizedKeys.keys = sshkeys.root; + hashedPassword = "$y$j9T$O0iwxiavgyvToXKvEmgnS/$xvoTsXaL015rhFw4ZYw6KTBb/hpgDn1yLWxvnNxe0J1"; + }; + }; +} diff --git a/modules/vimrc b/modules/vimrc new file mode 100644 index 0000000..02b8665 --- /dev/null +++ b/modules/vimrc @@ -0,0 +1,16 @@ + +" Vim will load $VIMRUNTIME/defaults.vim if the user does not have a vimrc. +" This happens after /etc/vim/vimrc(.local) are loaded, so it will override +" any settings in these files. +" If you don't want that to happen, uncomment the below line to prevent +" defaults.vim from being loaded. +let g:skip_defaults_vim = 1 + +" Vim5 and later versions support syntax highlighting. Uncommenting the next +" line enables syntax highlighting by default. +syntax on + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + diff --git a/ssh-keys.nix b/ssh-keys.nix new file mode 100644 index 0000000..f4ea874 --- /dev/null +++ b/ssh-keys.nix @@ -0,0 +1,9 @@ +rec { + sebastian = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpW3zrPksFaXS1MYE6Mk7TTdGLWp3EDe+h0AWOZkRfrL43buYNmblvuiVH1OVrNZQe42icDstZz/9cHusypD8H6pe+DtOO1Pl/16DTMw0YQKk68BwdgXrDFJ+kjOFrqpSDNMbt1Y/KvalWTFyfMH0Ski1im/1akPmFjBhv9MtwI75eCLH4AaaVN4JGMNZaKnA38qgWFyTDE3AXiJ02CQyC5giC8S70eG2lYsYomJmbCVRoLH3BsiGyqEHG1hVxqp+3w+PSWmqB/jZ48wBNP6TQc7cUupxuyuSgho8tuIs9cv6rprQsYULe0l+P15s8mnOGvq8vAzIyX2dHROTD3YKF" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/hIwyrnaz5oCH6fvne9IxnFWi40SXrKuMpFKXqTsHJZyQMb+fVz7apMorCb2Lev/FPmJyH3As+w+1xp0RzfW/6MAIxwZE2YYdFv6mZFpIlKXPSgyEnBGASHaGqIXjPybAz8v8p+KX462c3m5EJtSdnY6F56y4hsgQ/FmhQib+HBLzgM2w8LQ+IBKVsPOyz0/B00b3NdfCBLsAAljeUK4EwuXwH9/RX/PTs/f3LdUImpPf0orrlPG6nPLMfXohwd7MSSC1TaVl9quAD5KCu8elsMnhOnw1BanmbEHFBpdxKBwZM3LrjijkHrLSprsk5M79Kk8m1M5mUvU+KXdbZwJsJbCcZaP++J5r3LsQJybLMXT3ae5/WVJfgMEQZIr1RiXcNWFRvh/sGNCYy0z/zV1kVksEYn7hECP+luN5nm8uh/S0sVU3NjLWqQSwRrCSCRzBYnDe2oU3/GKx54wAH6MPFL9jB9oeTuorjOrN4DSNqQJ+zXLLRq7drPOTWKip5kwlJSJwbwvx7IjgK8i0ykPDS2X1t2EIFKIajcT9WzMs5MNwfpA9cjBQ0bAgjDGkt5uQOxCA+iWmOxdwM2S9Gi2s3+7+8bMVirp1UasM7PFuc+nvTFqLlBL2+aHbYJkbox8moZEg6/fgl/y86GDGVqXxaEsSJpIyO4IVKM/xyUrfOQ==" + ]; + + root = sebastian; + agenix = sebastian; +}