diff --git a/aether/secrets/secrets.nix b/aether/secrets/secrets.nix index 42b10f4..d078f3d 100644 --- a/aether/secrets/secrets.nix +++ b/aether/secrets/secrets.nix @@ -9,14 +9,14 @@ let "EtbDcTMZ8qF0JKgVjir6X1hPxodDEiXy4XTGqqDKpyqwhMSPmTdgQFCeJEOrPhSc85vB6SJ" + "dVSC7YVRqIDpebiWFelen1PwsAMdL09bQKA2R3GMqJN/n6XlapKf8U= kiana@toki-earth"; fire-key = - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpUgBuz7ti5ZVhkfr3s3EDWnPsZTplntF" + - "D1rEudrs1RnJV/XtG9iIiI9L0BSyyMcAMNLVhw+IJmBzTH5PS8ZWZ6vTDXMgu+6FYohyGhI" + - "nLtqNxAnrAJj/j6RrIWqNVTk6cPW6R7WJ+DHiV0Vvin5yTBT0liBq6OcI0gnmgMD2mVMEYc" + - "lgaWdGscJxpm5Kk6sCOMjTqxgQD2S6aUM27JhO2ESKj/iXmwoXWOnVN11ULP+4zcKPJ2rE/" + - "c/V6l/vIIvrXhKlhWpAl7m7+mhsvUVlfBAJwf2zqFVENNt48pAdchCzU9BOdvUabEyLtHkt" + - "GzygZi8oYYjlnjShf+CwfKBk4Zu1GVKs50V9jnpnNjUwkcddky4B72BgMs88XCgx0sVdfod" + - "fU7ngMnv/UV4YrzJ4vItLJ5hxq+pnytG33/y3JCOe8/xSk3za83S5dVr5cML7H1Hn0V1g0e" + - "apeWJD+iTHMQ6DnwLC8rCCt9wof0b+IB6IOlTUD6XzgaLcjLOxWMcE= kiana@toki-fire"; + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDemOeWGP40M495KAuylZfRHXKKr9av0QH" + + "YjQwuG5EKzoy+KH0EAtBM3MbDLX5+bCd4O4oB9H/ZWxDZFfaitTPf1nrBMA89GWAxiGwVT3" + + "U2kQL2KUIP9rXjH/KLwocqnqsljRka1McF0mijtpMhNR0jpXAOfZboHFWRE07kRacvXmhkl" + + "tcJhXiCGMYmUfFT/HroxSgV+1BM9csYItzHlHFhoB2laEQOoTE5jLxkTkqZ55W0V9QUlM1N" + + "830fvhv9z/I6PQcIPXttB4nm+339r2qA3qncRkF7j0+JIXbUkIxK7nQhv25EyFUS8WplnI7" + + "mbb2T9JWVeLsAO24WrAApbPxmu+ItKq003Qi4a/0+v6D2PCXm+YoxJlM5aHh8FZdXoIhMv7" + + "6j3lk0P0sN9Sr09gjoWkV+/rSN+3ZLCJBGS5a3LpBk3HC2ZP/mvfsd1LTDhYQBJSW0LiBZO" + + "5aRuKZrTbyY9+i75cTWjnJuvZyBDn3giSYMiVhIAcZg5dU0ySG4M28= kiana@toki-fire"; keys = [ earth-key fire-key ]; in { inherit keys; diff --git a/deploy/rpi5/default.nix b/deploy/rpi5/default.nix index 502ae6c..8a3cfbf 100644 --- a/deploy/rpi5/default.nix +++ b/deploy/rpi5/default.nix @@ -1,6 +1,20 @@ { config, lib, ... }: { - nixpkgs.system = "aarch64-linux"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = false; + options.aether.deploy.rpi5 = { + _internal.kernelPackages = lib.mkOption { + type = lib.types.raw; + description = '' + Kernel package to use for Raspberry Pi 5 support. + ''; + }; + }; + + config = + let cfg = config.aether.deploy.rpi5; + in { + nixpkgs.system = "aarch64-linux"; + boot.kernelPackages = cfg._internal.kernelPackages; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + }; } diff --git a/flake.lock b/flake.lock index 899858d..c563597 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,20 @@ "type": "github" } }, + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, "forgejo-tokyo-night": { "flake": false, "locked": { @@ -58,28 +72,13 @@ "type": "github" } }, - "nixos-hardware": { - "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixos-hardware", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1743583204, - "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "type": "github" }, "original": { @@ -93,8 +92,29 @@ "inputs": { "agenix": "agenix", "forgejo-tokyo-night": "forgejo-tokyo-night", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "rpi5-kernel": "rpi5-kernel" + } + }, + "rpi5-kernel": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704485878, + "narHash": "sha256-i7UH31IZyil99EUB5qnQJAiszFkea1B1yZf5pQEDIYg=", + "owner": "vriska", + "repo": "nix-rpi5", + "rev": "ac9942532e1dc2f825ad2aa3a6d31bfbd3b42eed", + "type": "gitlab" + }, + "original": { + "owner": "vriska", + "repo": "nix-rpi5", + "type": "gitlab" } }, "systems": { diff --git a/flake.nix b/flake.nix index 24356df..bd59b40 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,9 @@ description = "Aether - web server configuration"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixos-hardware.url = "github:NixOS/nixos-hardware"; + + rpi5-kernel.url = "gitlab:vriska/nix-rpi5"; + rpi5-kernel.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; @@ -13,7 +15,7 @@ inputs = { forgejo-tokyo-night.flake = false; }; -outputs = inputs@{ self, nixpkgs, nixos-hardware, agenix, ... }: +outputs = inputs@{ self, nixpkgs, agenix, rpi5-kernel, ... }: let inherit (nixpkgs) lib; @@ -21,7 +23,8 @@ outputs = inputs@{ self, nixpkgs, nixos-hardware, agenix, ... }: # (Mostly used for injecting flake inputs) extraConfig = { deploy-rpi5 = { - imports = [ nixos-hardware.nixosModules.raspberry-pi-5 ]; + aether.deploy.rpi5._internal.kernelPackages = lib.mkDefault + rpi5-kernel.legacyPackages.aarch64-linux.linuxPackages_rpi5; }; }; @@ -44,11 +47,11 @@ outputs = inputs@{ self, nixpkgs, nixos-hardware, agenix, ... }: (name: ./deploy/${lib.removePrefix "deploy-" name}); modulesWithCfg = builtins.mapAttrs (k: v: { - imports = [ v (extraConfig.${k} or {}) ]; - }) modules; + imports = [ v ]; + } // extraConfig.${k} or {}) modules; deploymentsWithCfg = builtins.mapAttrs (k: v: { - imports = [ v (extraConfig.${k} or {}) ]; - }) deployments; + imports = [ v ]; + } // extraConfig.${k} or {}) deployments; in { nixosModules = modulesWithCfg // deploymentsWithCfg // {