steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

Add SD image pipeline, documentation overhaul, and fix module issues

Browse source 
- Add automatic SD image builds for Raspberry Pi via Forgejo Actions
- Enable binfmt emulation on cryodev-main for aarch64 cross-builds
- Add sd-image.nix module to cryodev-pi configuration
- Create comprehensive docs/ structure with installation guides
- Split installation docs into: first-install (server), reinstall, new-client (Pi)
- Add lib/utils.nix and apps/rebuild from synix
- Fix headplane module for new upstream API (tale/headplane)
- Fix various module issues (mailserver stateVersion, option conflicts)
- Add placeholder secrets.yaml files for both hosts
- Remove old INSTRUCTIONS.md (content moved to docs/)
This commit is contained in:
steffen 2026-03-11 08:41:58 +01:00
parent a5261d8ff0
commit 5ba78886d2
44 changed files with 3570 additions and 609 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/cryodev-pi/default.nix
View file

@ -1,5 +1,6 @@
{
inputs,
lib,
outputs,
...
}:
@ -10,12 +11,21 @@
./hardware.nix
./networking.nix
./packages.nix
./sd-image.nix
./services
./users.nix
outputs.nixosModules.common
outputs.nixosModules.nixvim
outputs.nixosModules.sops
];
# Allow unfree packages (netdata has changed to gpl3Plus ncul1 license)
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"netdata"
];
system.stateVersion = "25.11";
}

30
hosts/cryodev-pi/sd-image.nix Normal file
View file

@ -0,0 +1,30 @@
# SD Card image configuration for Raspberry Pi
{
config,
modulesPath,
lib,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
];
sdImage = {
# Compress with zstd for smaller download
compressImage = true;
# Auto-expand root partition on first boot
expandOnBoot = true;
};
# Image filename based on hostname
image.fileName = "${config.networking.hostName}-sd-image.img";
# Disable ZFS to avoid build issues on SD image
boot.supportedFilesystems = lib.mkForce [
"vfat"
"ext4"
];
}

11
hosts/cryodev-pi/secrets.yaml Normal file
View file

@ -0,0 +1,11 @@
# SOPS encrypted secrets for cryodev-pi
# This file should be encrypted with sops before committing
# See INSTRUCTIONS.md for setup instructions
# Placeholder - replace with actual encrypted secrets
# Generate UUID with: uuidgen
netdata:
stream:
child-uuid: ENC[AES256_GCM,data:placeholder,tag:placeholder,type:str]
tailscale:
auth-key: ENC[AES256_GCM,data:placeholder,tag:placeholder,type:str]

61
hosts/cryodev-pi/services/netdata.nix
View file

@ -1,7 +1,5 @@
{
config,
pkgs,
outputs,
constants,
...
}:
@ -9,23 +7,48 @@
{
services.netdata = {
enable = true;
config = {
stream = {
enabled = "yes";
destination = "${constants.hosts.cryodev-main.ip}:${toString constants.services.netdata.port}";
"api key" = config.sops.placeholder."netdata/stream/child-uuid";
config.global = {
"debug log" = "syslog";
"access log" = "syslog";
"error log" = "syslog";
};
configDir = {
"stream.conf" = config.sops.templates."netdata/stream.conf".path;
};
};
sops =
let
owner = config.services.netdata.user;
group = config.services.netdata.group;
mode = "0400";
restartUnits = [ "netdata.service" ];
in
{
# generate with `uuidgen`
secrets."netdata/stream/child-uuid" = {
inherit
owner
group
mode
restartUnits
;
};
templates."netdata/stream.conf" = {
inherit
owner
group
mode
restartUnits
;
# child node
content = ''
[stream]
enabled = yes
destination = ${constants.hosts.cryodev-main.ip}:${builtins.toString constants.services.netdata.port}
api key = ${config.sops.placeholder."netdata/stream/child-uuid"}
'';
};
};
};
# Make sure sops is enabled/imported for this host to handle the secret
imports = [ outputs.nixosModules.sops ];
sops = {
defaultSopsFile = ../secrets.yaml;
secrets."netdata/stream/child-uuid" = {
owner = "netdata";
group = "netdata";
};
};
}