toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: toph:6cdd4651f6aad1f8a3303a0e3691201181314f40
Branches Tags
toph:main
toph:user-expansion
...
compare: toph:526abcaf28a3ccfd9b44fbe7b06de64aa252a4f1
Branches Tags
toph:main
toph:user-expansion

3 commits
6cdd4651f6 ... 526abcaf28

Author SHA1 Message Date
Chris Toph
526abcaf28 Enable ISO ARM cross-compilation & update CI config
Some checks are pending
Build NixOS ISOs / build-iso (arm, desktop) (push) Waiting to run
Details
Build NixOS ISOs / build-iso (arm, server) (push) Waiting to run
Details
Build NixOS ISOs / build-iso (x86, desktop) (push) Waiting to run
Details
Build NixOS ISOs / build-iso (x86, server) (push) Waiting to run
Details
Build NixOS ISOs / create-release (push) Blocked by required conditions
Details 
- Allow rune to cross compile ARM binaries
 2025-06-16 18:21:00 -04:00
Chris Toph
d9eaddc9db Enhance ISO configuration: add ARM-specific options and update system settings; ensure no password conflicts for users 2025-06-16 14:13:05 -04:00
Chris Toph
15699b2a30 Replaced ceanus bootloader with systemd-boot 2025-06-16 14:12:38 -04:00
6 changed files with 65 additions and 32 deletions
Show stats Expand all files Collapse all files

49
.github/workflows/build-iso.yml vendored
View file

@ -17,22 +17,16 @@ jobs:
strategy: strategy:
matrix: matrix:
include: include:
# x86 ISOs on x86 runners
- iso-type: server - iso-type: server
arch: x86 arch: x86
runner: ubuntu-latest
- iso-type: desktop
arch: x86
runner: ubuntu-latest
# ARM ISOs on ARM runners
- iso-type: server - iso-type: server
arch: arm arch: arm
runner: ubuntu-latest-arm64 - iso-type: desktop
arch: x86
- iso-type: desktop - iso-type: desktop
arch: arm arch: arm
runner: ubuntu-latest-arm64
runs-on: ${{ matrix.runner }} runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
@ -41,9 +35,22 @@ jobs:
- name: Install Nix - name: Install Nix
uses: DeterminateSystems/nix-installer-action@v9 uses: DeterminateSystems/nix-installer-action@v9
- name: Setup QEMU for ARM emulation
if: ${{ matrix.arch == 'arm' }}
uses: docker/setup-qemu-action@v3
with:
platforms: arm64
- name: Setup Nix cache - name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v2 uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Enable ARM emulation
if: ${{ matrix.arch == 'arm' }}
run: |
echo "extra-platforms = aarch64-linux" >> $HOME/.config/nix/nix.conf
echo "extra-sandbox-paths = /run/binfmt" >> $HOME/.config/nix/nix.conf
sudo systemctl restart nix-daemon.service
- name: Build ISO (with retry) - name: Build ISO (with retry)
uses: nick-fields/retry@v3 uses: nick-fields/retry@v3
with: with:
@ -52,15 +59,27 @@ jobs:
retry_wait_seconds: 30 retry_wait_seconds: 30
command: | command: |
cd iso cd iso
nix build .#${{ matrix.iso-type }}-iso-${{ matrix.arch }} \ if [ "${{ matrix.arch }}" = "arm" ]; then
--print-build-logs \ nix build .#${{ matrix.iso-type }}-iso-arm \
--accept-flake-config --system x86_64-linux \
--extra-platforms aarch64-linux \
--print-build-logs \
--accept-flake-config
else
nix build .#${{ matrix.iso-type }}-iso-x86 \
--print-build-logs \
--accept-flake-config
fi
- name: Get ISO filename - name: Get ISO filename
id: iso-info id: iso-info
run: | run: |
cd iso cd iso
ISO_PATH=$(nix build .#${{ matrix.iso-type }}-iso-${{ matrix.arch }} --print-out-paths --no-link) if [ "${{ matrix.arch }}" = "arm" ]; then
ISO_PATH=$(nix build .#${{ matrix.iso-type }}-iso-arm --print-out-paths --no-link)
else
ISO_PATH=$(nix build .#${{ matrix.iso-type }}-iso-x86 --print-out-paths --no-link)
fi
ISO_FILE=$(find $ISO_PATH -name "*.iso" -o -name "*.iso.zst" | head -1) ISO_FILE=$(find $ISO_PATH -name "*.iso" -o -name "*.iso.zst" | head -1)
ISO_NAME=$(basename "$ISO_FILE") ISO_NAME=$(basename "$ISO_FILE")
echo "iso-path=$ISO_FILE" >> $GITHUB_OUTPUT echo "iso-path=$ISO_FILE" >> $GITHUB_OUTPUT
@ -99,7 +118,7 @@ jobs:
- **Server ISOs**: Minimal server environment with SSH access - **Server ISOs**: Minimal server environment with SSH access
- **Desktop ISOs**: GNOME desktop environment for installation - **Desktop ISOs**: GNOME desktop environment for installation
- **x86**: Intel/AMD 64-bit systems - **x86**: Intel/AMD 64-bit systems
- **ARM**: ARM64 systems - **ARM**: ARM64 systems (cross-compiled)
### Usage: ### Usage:
1. Download the appropriate ISO for your system 1. Download the appropriate ISO for your system
@ -109,4 +128,4 @@ jobs:
Built automatically from commit: ${{ github.sha }} Built automatically from commit: ${{ github.sha }}
draft: false draft: false
prerelease: false prerelease: false

8
hosts/arm/caenus/hardware.nix
View file

@ -19,18 +19,13 @@ in
## Boot ## ## Boot ##
boot = { boot = {
loader = { loader = {
grub = { systemd-boot.enable = true;
enable = true;
device = "/dev/vda";
useOSProber = true;
};
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
timeout = 3; timeout = 3;
}; };
# use latest kernel # use latest kernel
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"ahci" "ahci"
@ -42,6 +37,7 @@ in
systemd.enable = true; systemd.enable = true;
verbose = false; verbose = false;
}; };
kernelParams = [ "net.ifnames=0" ];
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };

3
hosts/x86/rune/hardware.nix
View file

@ -48,6 +48,9 @@
"amdgpu" "amdgpu"
]; ];
extraModulePackages = [ ]; extraModulePackages = [ ];
# Allow running ARM binaries on x86_64; for Cross Compilation
binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
# For less permission issues with SSHFS # For less permission issues with SSHFS

27
iso/default.nix
View file

@ -7,16 +7,20 @@
system, system,
... ...
}: }:
let
isCross = pkgs.stdenv.buildPlatform.system != pkgs.stdenv.hostPlatform.system;
in
{ {
# ISO settings
isoImage = { isoImage = {
isoName = lib.mkForce "nixos-${config.hostSpec.hostName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso"; isoName = lib.mkForce "nixos-${config.hostSpec.hostName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
makeEfiBootable = true; makeEfiBootable = true;
makeUsbBootable = true; makeUsbBootable = true;
compressImage = false; compressImage = false;
squashfsCompression = lib.mkIf isARM "gzip";
includeSystemBuildDependencies = lib.mkIf (isARM || isCross) false;
}; };
# Enable root SSH access ## SSH & NETWORK ##
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
@ -31,7 +35,7 @@
enableIPv6 = false; enableIPv6 = false;
}; };
# Extra pkgs; iso tools ## PKGS ##
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
parted parted
gptfdisk gptfdisk
@ -39,11 +43,10 @@
gparted gparted
]; ];
# VM guest additions to improve host-guest interaction ## VM additions ##
services.spice-vdagentd.enable = true; services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86; virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86;
# https://github.com/torvalds/linux/blob/00b827f0cffa50abb6773ad4c34f4cd909dae1c8/drivers/hv/Kconfig#L7-L8
virtualisation.hypervGuest.enable = virtualisation.hypervGuest.enable =
pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64; pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64;
services.xe-guest-utilities.enable = pkgs.stdenv.hostPlatform.isx86; services.xe-guest-utilities.enable = pkgs.stdenv.hostPlatform.isx86;
@ -51,9 +54,19 @@
# which lags behind kernel releases, potentially causing broken builds. # which lags behind kernel releases, potentially causing broken builds.
virtualisation.virtualbox.guest.enable = false; virtualisation.virtualbox.guest.enable = false;
# Basic system settings ## System ##
system.stateVersion = "25.05"; system.stateVersion = "25.05";
nixpkgs.hostPlatform = system; nixpkgs.hostPlatform = system;
nixpkgs.config.allowUnsupportedSystem = true; # Cross-compilation
users.mutableUsers = lib.mkForce true; # Allow password changes users.mutableUsers = lib.mkForce true; # Allow password changes
nixpkgs.config = {
allowUnsupportedSystem = true;
allowUnfree = true;
allowBroken = false;
};
systemd.services = lib.mkIf isARM {
systemd-firstboot.enable = lib.mkForce false;
systemd-machine-id-commit.enable = lib.mkForce false;
};
} }

6
iso/flake.nix
View file

@ -87,7 +87,7 @@
}) configs }) configs
); );
# Generate packages per system - each system only exposes its own packages # Generate packages per system - all available on x86_64 via cross-compilation
mkPackages = mkPackages =
system: system:
let let
@ -103,13 +103,11 @@
{ {
nixosConfigurations = mkConfigurations; nixosConfigurations = mkConfigurations;
# Each system only exposes packages it can build
packages = { packages = {
"${X86}" = mkPackages X86; "${X86}" = (mkPackages X86) // (mkPackages ARM);
"${ARM}" = mkPackages ARM; "${ARM}" = mkPackages ARM;
}; };
# For convenience - all systems get all configs
inherit (dot-nix.outputs) overlays; inherit (dot-nix.outputs) overlays;
}; };
} }

4
iso/not-secrets.nix
View file

@ -48,4 +48,8 @@ in
}; };
}; };
}; };
# Override the installation-cd defaults to prevent password conflicts
users.users.nixos.initialHashedPassword = lib.mkForce null;
users.users.root.initialHashedPassword = lib.mkForce null;
} }