From 74d928eb7e054b6f7d94a6d30f3fc5db7b915088 Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Tue, 18 Jul 2023 20:40:57 +0200
Subject: [PATCH] Add gooseberry

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 flake.nix                                |  1 +
 nixos/systems/gooseberry/bootloader.nix  |  8 ++
 nixos/systems/gooseberry/default.nix     | 44 +++++++++++
 nixos/systems/gooseberry/filesystems.nix | 98 ++++++++++++++++++++++++
 nixos/systems/gooseberry/networking.nix  | 16 ++++
 nixos/systems/gooseberry/nixpkgs.nix     | 13 ++++
 nixos/systems/gooseberry/users.nix       | 19 +++++
 7 files changed, 199 insertions(+)
 create mode 100644 nixos/systems/gooseberry/bootloader.nix
 create mode 100644 nixos/systems/gooseberry/default.nix
 create mode 100644 nixos/systems/gooseberry/filesystems.nix
 create mode 100644 nixos/systems/gooseberry/networking.nix
 create mode 100644 nixos/systems/gooseberry/nixpkgs.nix
 create mode 100644 nixos/systems/gooseberry/users.nix

diff --git a/flake.nix b/flake.nix
index 78ba07f..00af377 100644
--- a/flake.nix
+++ b/flake.nix
@@ -53,6 +53,7 @@
         nixos/systems/liveusb
         nixos/systems/blowhole
         nixos/systems/altra
+        nixos/systems/gooseberry
 
         nixng/containers/ingress-blowhole
         nixng/containers/ingress-toothpick
diff --git a/nixos/systems/gooseberry/bootloader.nix b/nixos/systems/gooseberry/bootloader.nix
new file mode 100644
index 0000000..e3e1ece
--- /dev/null
+++ b/nixos/systems/gooseberry/bootloader.nix
@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
+#
+# SPDX-License-Identifier: LGPL-3.0-or-later
+{ pkgs, lib, ... }:
+{
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+}
diff --git a/nixos/systems/gooseberry/default.nix b/nixos/systems/gooseberry/default.nix
new file mode 100644
index 0000000..1acd06a
--- /dev/null
+++ b/nixos/systems/gooseberry/default.nix
@@ -0,0 +1,44 @@
+# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
+#
+# SPDX-License-Identifier: LGPL-3.0-or-later
+{ inputs, lib', config, ... }:
+let
+  inherit (lib')
+    flip
+    mapAttrs
+    singleton
+    mkForce;
+
+  config' = config;
+in
+{
+  flake.nixosConfigurations.gooseberry = inputs.nixpkgs.lib.nixosSystem {
+    system = "aarch64-linux";
+
+    specialArgs = {
+      config' = config';
+      inputs' = inputs;
+      secret = lib'.loadSecrets inputs.secret;
+    };
+
+    modules = singleton
+      ({ pkgs, config, ... }:
+        {
+          imports = [
+            ./bootloader.nix
+            ./filesystems.nix
+            ./users.nix
+            ./nixpkgs.nix
+            ./networking.nix
+            ../../common/remote_access.nix
+
+            inputs.disko.nixosModules.disko
+          ];
+
+          boot.initrd.systemd.enable = true;
+
+          time.timeZone = "Europe/Amsterdam";
+          system.stateVersion = "23.05";
+        });
+  };
+}
diff --git a/nixos/systems/gooseberry/filesystems.nix b/nixos/systems/gooseberry/filesystems.nix
new file mode 100644
index 0000000..29eef16
--- /dev/null
+++ b/nixos/systems/gooseberry/filesystems.nix
@@ -0,0 +1,98 @@
+# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
+#
+# SPDX-License-Identifier: LGPL-3.0-or-later
+{ lib, ... }:
+let
+  inherit (lib)
+    singleton;
+in
+{
+  disko.devices = {
+    disk.boot = {
+      type = "disk";
+      device = "/dev/mmcblk0";
+
+      content = {
+        type = "table";
+        format = "msdos";
+        partitions = [
+          {
+            name = "boot";
+            start = "0";
+            end = "1023Mib";
+            bootable = true;
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          }
+          {
+            name = "swap";
+            start = "1024MiB";
+            end = "2047MiB";
+            content = {
+              type = "swap";
+              randomEncryption = true;
+            };
+          }
+          {
+            name = "root";
+            start = "2048MiB";
+            end = "100%";
+            content = {
+              type = "filesystem";
+              format = "f2fs";
+              mountpoint = "/root-partition";
+            };
+          }
+        ];
+      };
+    };
+
+    nodev."/" = {
+      fsType = "tmpfs";
+      mountOptions = [ "defaults" "size=128M" "mode=755" "noexec" ];
+    };
+  };
+
+  fileSystems = {
+    "/root-partition".neededForBoot = true;
+    "/nix" = {
+      device = "/root-partition/nix";
+      options = [ "bind" ];
+      neededForBoot = true;
+    };
+
+    "/home" = {
+      device = "/root-partition/home";
+      options = [ "bind" ];
+      neededForBoot = true;
+    };
+
+    "/var/lib/nixos" = {
+      device = "/root-partition/var/lib/nixos";
+      options = [ "bind" ];
+    };
+
+    "/var/log" = {
+      device = "/root-partition/var/log";
+      options = [ "bind" ];
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /root-partition/etc/ssh - - - - -"
+  ];
+
+  system.activationScripts = {
+    machine-id = ''
+      ln -sf /root-partition/etc/machine-id /etc/machine-id
+    '';
+  };
+
+  environment.etc."ssh/ssh_host_rsa_key".source = "/root-partition/etc/ssh/ssh_host_rsa_key";
+  environment.etc."ssh/ssh_host_rsa_key.pub".source = "/root-partition/etc/ssh/ssh_host_rsa_key.pub";
+  environment.etc."ssh/ssh_host_ed25519_key".source = "/root-partition/etc/ssh/ssh_host_ed25519_key";
+  environment.etc."ssh/ssh_host_ed25519_key.pub".source = "/root-partition/etc/ssh/ssh_host_ed25519_key.pub";
+}
diff --git a/nixos/systems/gooseberry/networking.nix b/nixos/systems/gooseberry/networking.nix
new file mode 100644
index 0000000..ce14ff8
--- /dev/null
+++ b/nixos/systems/gooseberry/networking.nix
@@ -0,0 +1,16 @@
+{ pkgs, lib, secret, ... }:
+let
+in
+{
+  networking = {
+    hostName = "gooseberry";
+    useDHCP = false;
+    interfaces.eth0.useDHCP = true;
+    firewall.enable = true;
+  };
+
+  services.udev.extraRules = ''
+    ATTR{address}=="b8:27:eb:ef:f4:c3", NAME="eth0"
+    ATTR{address}=="c8:4d:44:21:27:17", NAME="eth1"
+  '';
+}
diff --git a/nixos/systems/gooseberry/nixpkgs.nix b/nixos/systems/gooseberry/nixpkgs.nix
new file mode 100644
index 0000000..cacedfe
--- /dev/null
+++ b/nixos/systems/gooseberry/nixpkgs.nix
@@ -0,0 +1,13 @@
+{ inputs', config', ... }:
+{
+  imports = [
+    ../../common/nixpkgs.nix
+  ];
+
+  nixpkgs.overlays =
+    (with config'.flake.overlays; [])
+    ++
+    (with inputs'.nixng.overlays; [
+      default
+    ]);
+}
diff --git a/nixos/systems/gooseberry/users.nix b/nixos/systems/gooseberry/users.nix
new file mode 100644
index 0000000..b58a9fe
--- /dev/null
+++ b/nixos/systems/gooseberry/users.nix
@@ -0,0 +1,19 @@
+{ inputs', config', secret, ... }:
+{
+  imports = [
+    inputs'.home-manager.nixosModules.default
+    ../../common/users.nix
+  ];
+
+  home-manager.useGlobalPkgs = true;
+  home-manager.extraSpecialArgs = {
+    config' = config';
+    inputs' = inputs';
+    secret = secret;
+  };
+  home-manager.users.main = {
+    imports = [ (inputs'.self + "/home-manager/modules/profiles/server.nix") ];
+
+    home.stateVersion = "23.05";
+  };
+}