This repository contains a Nix flake for packages, NixOS modules & configurations across my various devices. This README can be considered as documentation for this flake and the managed devices.
The other sections describe what hosts are managed by this flake, the devices they are deployed to, and, where necessary, building, imaging, flashing and installation.
Caution
These configurations contain encrypted secrets managed by sops-nix and care should be taken when building and activating them.
Specifically, the configurations cannot be successfully activated on machines
that do not have a /var/lib/sops-nix/keys.txt file containing the age
private key corresponding to an age public key in the root .sops.yaml
file.
The age private key is used for decrypting secrets encrypted with the public
key on NixOS system activation. If the key is unavailable, you will not be
able to login and certain services will not function correctly. See sops-nix
for details.
The table below lists the managed hosts and their descriptions:
| Hostname | Device type | Description |
|---|---|---|
| ceres | Desktop | Secondary PC at work |
| deimos | Raspberry Pi Zero 2 W | - |
| eris | WSL | Primary PC at work |
| kepler | VPS | Matrix homeserver Headscale |
| luna | Raspberry Pi Compute Module 4 | NAS |
| mars | FriendlyElec NanoPC-T6 LTS | - |
| mercury | Asus ROG Flow Z13 (2022) | Personal/work laptop |
| phobos | Raspberry Pi 4 Model B | Klipper Moonraker Mainsail |
| terra | Desktop | Primary PC at home |
| venus | Lenovo ThinkPad X230 Tablet | Personal laptop |
This section contains installation guides and documentation for certain devices managed by this flake, in the order of the table provided in the previous section.
Important
Some of the following hosts can be pre-installed via generated images. In
order for NixOS activation to be successful, the age private key needs to be
inserted into the image at the expected location of
/var/lib/sops-nix/keys.txt.
A command is available to mount a partition and open a shell at its root in order to add, remove or change files:
nix run github:Electrostasy/dots#mountImage -- -i mars-sd-image*.imgThe host deimos is a Raspberry Pi Zero 2 W, currently unused.
The NixOS SD image to be flashed can be built using the following command:
nix build github:Electrostasy/dots#deimosImageThe NixOS SD image may be flashed to a selected microSD card (up to 32 GB in size) using the following command:
dd if=deimos-sd-image*.img of=/dev/sda bs=1M status=progressThe host luna is a Raspberry Pi Compute Module 4 (CM4) mounted to an Axzez Interceptor carrier board, serving as Network Attached Storage.
The NixOS SD image to be flashed can be built using the following command:
nix build github:Electrostasy/dots#nixosConfigurations.lunaImageThe NixOS SD image may be flashed to eMMC storage using the Raspberry Pi Compute Module 4 IO Board. The following is a set of steps in order to prepare the IO Board for flashing the CM4:
-
Bridge the first set of pins on the 'J2' jumper to disable eMMC boot.
-
Connect the IO Board with the host PC you will flash from using a micro USB cable.
-
Power on the IO Board.
-
Run
rpibooton the host PC to see eMMC storage as a block device:sudo rpiboot
-
Flash the image to it:
sudo dd if=luna-sd-image*.img of=/dev/sda bs=1M conv=fsync status=progress -
Disconnect the micro USB cable from the host PC.
-
Power off the IO Board.
-
Detach the CM4 and attach it to your carrier board.
Tip
For more information on interacting with and flashing a Raspberry Pi Compute Module 4, refer to this guide.
The host mars is a FriendlyElec NanoPC-T6 LTS, currently unused.
The preferred way would be to flash both u-boot and the NixOS image to SPI and
eMMC respectively, however, at the time of writing, due to limitations in
rkdeveloptool, the open-source command line flashing tool developed by
Rockchip as an alternative to the closed-source upgrade_tool, we cannot select
between SPI and eMMC flash memory when flashing. Because of this, we build an
installer image with u-boot included, and flash on the target system instead
of externally over USB.
Tip
For more information, see the comprehensive Collabora guide on hardware enablement for the RK3588 platform, primarily targeted towards the Radxa ROCK 5B SBC.
The NixOS installer SD image to be flashed can be built using the following command:
NIXPKGS_ALLOW_UNFREE=1 nix build --impure github:Electrostasy/dots#marsImageTip
Since the Rockchip proprietary bootloader blobs (TPL) for RK3588 are unfree,
which are used to build u-boot, unfree packages need to be allowed. A simple
way to do that is to export the environment variable NIXPKGS_ALLOW_UNFREE=1,
which is detected in builds only with the --impure flag, making the builds
impure.
The NixOS installer SD image may be flashed to a selected microSD card or USB flash drive using the following command:
dd if=mars-sd-image*.img of=/dev/sda bs=1M status=progressThen, when it is booted, we can write u-boot to SPI flash and install NixOS to
eMMC memory. The u-boot build suitable for SPI flash, provided in
u-boot-rockchip-spi.bin, contains the miniloader idbloader.img and u-boot
proper u-boot.itb files concatenated at their expected offsets.
In order to flash u-boot to SPI on a running system, use the following
command:
flashcp -v -p u-boot-rockchip-spi.bin /dev/mtd0In order to install NixOS to eMMC on a running system, you have to target
/dev/mmcblk0 as the target installation device.
The host phobos is a Raspberry Pi 4 Model B, used for controlling the Original Prusa MK3S+ 3D printer flashed with Klipper firmware. It serves a Mainsail web interface for remote monitoring and management of the 3D printer, and has a Raspberry Pi Camera Module 3 Wide connected over CSI interface.
The NixOS SD image to be flashed can be built using the following command:
nix build github:Electrostasy/dots#phobosImageFlash the SD image to a selected microSD card using the following command:
dd if=phobos-sd-image*.img of=/dev/sda bs=1M status=progress