fix: enable sudo password - proxmox

Justfile

@@ -202,10 +202,18 @@ aarch:
   colmena apply --on '@aarch' --verbose --show-trace
 
 suzu:
-  colmena apply --on '@suzu' --verbose --show-trace
+  colmena apply --on '@suzu' --build-on-target --verbose --show-trace
 
-suzu-debug:
-  colmena apply --on '@suzu' --verbose --show-trace
+suzu-local mode="default":
+  use utils.nu *; \
+  nixos-switch suzu {{mode}}
+
+rakushun:
+  colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
+
+rakushun-local mode="default":
+  use utils.nu *; \
+  nixos-switch rakushun {{mode}}
 
 ############################################################################
 #

hosts/12kingdoms_rakushun/README.md

@@ -10,7 +10,7 @@ Generate LUKS keyfile to encrypt the root partition, it's used by disko.
 
 ```bash
 # partition the usb stick
-DEV=/dev/sda
+DEV=/dev/sdX
 parted ${DEV} -- mklabel gpt
 parted ${DEV} -- mkpart OPI5P_DSC fat32 0% 512MB
 mkfs.fat -F 32 -n OPI5P_DSC ${DEV}1

hosts/12kingdoms_rakushun/default.nix

@@ -26,10 +26,16 @@ in {
     inherit (vars_networking) defaultGateway nameservers;
 
     networkmanager.enable = false;
-    interfaces.end1 = {
+    # RJ45 port 1
+    interfaces.enP4p65s0 = {
       useDHCP = false;
       ipv4.addresses = [hostAddress];
     };
+    # RJ45 port 2
+    # interfaces.enP3p49s0 = {
+    # useDHCP = false;
+    # ipv4.addresses = [hostAddress];
+    # };
   };
 
   # This value determines the NixOS release from which the default

hosts/12kingdoms_rakushun/hardware-configuration.nix

@@ -9,11 +9,16 @@
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  # Use the EFI boot loader.
-  boot.loader.efi.canTouchEfiVariables = true;
-  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
-  boot.loader.efi.efiSysMountPoint = "/boot";
-  boot.loader.systemd-boot.enable = true;
+  boot.loader = {
+    # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
+    efi.efiSysMountPoint = "/boot/";
+    efi.canTouchEfiVariables = true;
+    # do not use systemd-boot here, it has problems when running `nixos-install`
+    grub = {
+      device = "nodev";
+      efiSupport = true;
+    };
+  };
   # clear /tmp on boot to get a stateless /tmp directory.
   boot.tmp.cleanOnBoot = true;
 

hosts/12kingdoms_suzu/README.md

@@ -39,7 +39,7 @@ ssh rk@<ip-addr>
 
 git clone https://github.com/ryan4yin/nix-config.git
 
-cd nix-config/hosts/12kingdoms_suzu
+cd ~/nix-config/hosts/12kingdoms_suzu
 # 1. change the disk device path in ./disko-fs.nix to the disk you want to use
 # 2. partition & format the disk via disko
 sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./disko-fs.nix

hosts/12kingdoms_suzu/default.nix

@@ -18,6 +18,7 @@ in {
     nixos-rk3588.nixosModules.orangepi5plus.core
     disko.nixosModules.default
     ./disko-fs.nix
+    ./hardware-configuration.nix
   ];
 
   networking = {

hosts/12kingdoms_suzu/disko-fs.nix

@@ -15,7 +15,7 @@
               content = {
                 type = "filesystem";
                 format = "vfat";
-                mountpoint = "/boot/efi";
+                mountpoint = "/boot";
                 mountOptions = [
                   "defaults"
                 ];
@@ -28,7 +28,7 @@
                 type = "luks";
                 name = "crypted";
                 settings = {
-                  keyFile = "/dev/disk/by-label/OPI5P_DSC"; # The keyfile is stored on a USB stick
+                  keyFile = "/dev/disk/by-label/OPI5_DSC"; # The keyfile is stored on a USB stick
                   # The maxium size of the keyfile is 8192 bytes
                   keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command
                   keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command
@@ -84,7 +84,7 @@
                     };
                     "@swap" = {
                       mountpoint = "/swap";
-                      swap.swapfile.size = "16384M";
+                      swap.swapfile.size = "8192M";
                     };
                   };
                 };

hosts/12kingdoms_suzu/hardware-configuration.nix

@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.loader = {
+    # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
+    efi.efiSysMountPoint = "/boot/";
+    efi.canTouchEfiVariables = true;
+    # do not use systemd-boot here, it has problems when running `nixos-install`
+    grub = {
+      device = "nodev";
+      efiSupport = true;
+    };
+  };
+  # clear /tmp on boot to get a stateless /tmp directory.
+  boot.tmp.cleanOnBoot = true;
+
+  boot.initrd.availableKernelModules = ["nvme" "usbhid" "usb_storage"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enP3p49s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enP4p65s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

modules/nixos/server/server-aarch64.nix

@@ -15,6 +15,7 @@
     ../../base.nix
   ];
 
+  boot.loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry
   # Fix: jasper is marked as broken, refusing to evaluate.
   environment.enableAllTerminfo = lib.mkForce false;
 }

modules/nixos/server/server-riscv64.nix

@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{lib, ...}: {
   # =========================================================================
   #      Base NixOS Configuration
   # =========================================================================
@@ -14,4 +14,6 @@
 
     ../../base.nix
   ];
+
+  boot.loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry
 }

systems/colmena.nix

@@ -27,15 +27,14 @@ with allSystemAttrs; let
   };
 
   # aarch64 related
-  # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache.
-  rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;};
+  rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = aarch64_system;};
   # aarch64 related
   rk3588_specialArgs = let
     # using the same nixpkgs as nixos-rk3588
     inherit (nixos-rk3588.inputs) nixpkgs;
     # use aarch64-linux's native toolchain
     pkgsKernel = import nixpkgs {
-      system = "aarch64-linux";
+      system = aarch64_system;
     };
   in
     allSystemSpecialArgs.aarch64_system
@@ -45,9 +44,8 @@ with allSystemAttrs; let
       rk3588 = {inherit nixpkgs pkgsKernel;};
     };
   rk3588_base_args = {
-    inherit home-manager nixos-generators;
+    inherit home-manager;
     inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
-    system = aarch64_system;
     specialArgs = rk3588_specialArgs;
     targetUser = "root";
   };
@@ -65,13 +63,15 @@ in {
 
         # aarch64 SBCs
         suzu = rk3588_specialArgs;
+        rakushun = rk3588_specialArgs;
       };
       nodeNixpkgs = {
         nozomi = lpi4a_pkgs;
         yukina = lpi4a_pkgs;
 
         # aarch64 SBCs
         suzu = rk3588_pkgs;
+        rakushun = rk3588_pkgs;
       };
     };
 

systems/nixos.nix

@@ -15,7 +15,7 @@ with allSystemAttrs; let
     inherit (nixos-rk3588.inputs) nixpkgs;
     # use aarch64-linux's native toolchain
     pkgsKernel = import nixpkgs {
-      system = "aarch64-linux";
+      system = aaarch64_system;
     };
   in
     allSystemSpecialArgs.aarch64_system

systems/vars.nix

@@ -259,6 +259,7 @@ in {
     ];
     # home-module.imports = [];
   };
+  _12kingdoms_rakushun_tags = ["aarch" "rakushun"];
 
   # Shoukei (祥瓊, Shōkei)
   _12kingdoms_shoukei_modules_i3 = {