From a3e0be725f83cb147b5d12dbb19c39905bf5f9ce Mon Sep 17 00:00:00 2001 From: David Wagner Date: Sat, 2 Mar 2024 19:54:50 +0100 Subject: [PATCH] Update Raspberry Pi installation instructions --- README.md | 88 +++++++++++++++++++++++++++---------------------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 5e256ad..b838f6c 100644 --- a/README.md +++ b/README.md @@ -178,71 +178,61 @@ router/setup.sh ## Raspberry Pi 3 Model B -The installation instructions are based those from -[nix.dev](https://nix.dev/tutorials/nixos/installing-nixos-on-a-raspberry-pi.html). +### SD card image -Download the latest aarch64 SD card image from -[Hydra](https://hydra.nixos.org/search?query=sd_image) and flash it on an SD -card: +Build the Raspberry Pi's SD card image using QEMU's aarch64 emulator. + +On `x230`, because `nuc` [is configured](./hardware/nuc.nix) as a remote builder +for `aarch64` packages, just run: ``` -wget https://hydra.nixos.org/build/226381178/download/1/nixos-sd-image-23.11pre500597.0fbe93c5a7c-aarch64-linux.img.zst -unzstd nixos-sd-image-23.11pre500597.0fbe93c5a7c-aarch64-linux.img -sudo dd \ - if=nixos-sd-image-23.11pre500597.0fbe93c5a7c-aarch64-linux.img \ - of=/dev/mmcblk0 bs=4096 conv=fsync status=progress +nix build .#packages.aarch64-linux.sdcard ``` -Insert the SD card in the Raspberry Pi and power it up. The installer runs -already an SSH server. Set a temporary password for the root user: +On other hosts, specify `nuc` explicitly as a remote builder: ``` -passwd root +nix build -L .#packages.aarch64-linux.sdcard \ + --builders "ssh://root@nuc aarch64-linux $HOME/.ssh/remote-builder 4 1 - - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlLYUV0YzhQTnFoeEFRMjRnWTV0MjVZLzhIVTZTdFVCNmttVTF4bVZ0YTcgcm9vdEBudWMK" ``` -The password is only used for the first time access. Password authentication -will be disabled later. Connect to the freshly booted system using SSH. - -Folow [these instructions][NixOSBootWifi] to connect to a Wifi network. When -connected the system will have the hostname `nixos`. +The elements of `--builders` argument are described [here][NixOSRemoteBuilds]. -Using the password authentication, deploy your SSH public keys: +Uncompress the built image and write it to an SD card: ``` -ssh-copy-id root@nixos +unzstd nixos-sd-image.img.zst +sudo dd if=nixos-sd-image.img of=/dev/mmcblk0 bs=4096 conv=fsync status=progress ``` -On the Raspberry Pi, store the WIFI SSID and password in the file -`/etc/secrets/wireless.env` with the following format: +Insert the SD card in the Raspberry Pi and power it up. The system is +configured as defined in [host-rp3.nix](./host-rp3.nix). -``` -WIFI_SSID=... -WIFI_KEY=... -``` +### Secrets + +If the SD card is build from scratch, change or provision the following +secrets: + +* Host's identity (automatically generated on first boot) +* WiFi SSID and password in `/etc/secrets/wireless.env` +* Tailscale authentication token +* Cachix authentication token -Finally, build the system with the custom configuration: +If this is a complete reinstall, update the host's public key in +[program.ssh.knownHosts](./modules/buildMachines.nix). Run `ssh-keygen rp3` to +obtain the host key's signature. + +Store the WIFI SSID and password in the file `/etc/secrets/wireless.env` with +the following format: ``` -nixos-rebuild switch - --flake ".#rp3" \ - --target-host "root@nixos" \ - --build-host "root@nixos" \ - --fast +WIFI_SSID=... +WIFI_KEY=... ``` -I tried to setup cross-compilation to aarch64, but it didn't work. - -The trick is to add the newly created Raspberry Pi as an aarch64 [remote build -machine for Nix](https://nixos.org/nix/manual/#chap-distributed-builds). This -way the required packages will be built natively on the Pi itself (or other -aarch64 remote build nodes, if you have any). In practice, almost nothing is -built from source, because the required derivations are pulled from the offical -Nix binary cache. +Connect the host to the tailnet with `tailscale login`. -See the section `nix.buildMachines` in [x230.nix](x230.nix), which shows how to -add the Pi to your control PC's remote build pool. Enable some Raspberry Pi -specific arguments in the [hardware specification](hardware/rp3.nix) and use -NixOps as usual. +To connect Cachix, follow [these instructions](#continous-deployment). ### Raspberry Pi Camera 1.3 @@ -277,6 +267,15 @@ ssh root@rp3 \ nix run nixpkgs#mpv -- --demuxer=mkv /dev/stdin ``` +### Reference + +I found the following links useful: + +* [nix.dev](https://nix.dev/tutorials/nixos/installing-nixos-on-a-raspberry-pi.html) + on installing NixOS on the Raspberry Pi. +* [Hydra](https://hydra.nixos.org/search?query=sd_image) hosts the official + NixOS SD card images. + ## NodeMCU I have a couple of NodeMCU boards which can be configured using the scripts in @@ -350,3 +349,4 @@ nix run .#mqtt-dash-listen > nodemcu/mqtt-dash.json ``` [NixOSBootWifi]: https://nixos.org/manual/nixos/stable/#sec-installation-booting-networking +[NixOSRemoteBuilds]: https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html?highlight=builders#remote-builds).