Add configuration for Tart VM (#92)

.github/workflows/ci.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ${{ matrix.system }}
     strategy:
       matrix:
-        system: [x86_64-linux, aarch64-darwin]
+        system: [x86_64-linux, aarch64-darwin, aarch64-linux]
     steps:
       - uses: actions/checkout@v4
       - run: om ci run --systems "${{ matrix.system }}"

configurations/nixos/infinitude-nixos/configuration.nix

@@ -0,0 +1,49 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "infinitude-nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  services.openssh.enable = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.srid = {
+    isNormalUser = true;
+    description = "srid";
+    extraGroups = [ "networkmanager" "wheel" ];
+  };
+
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}

configurations/nixos/infinitude-nixos/default.nix

@@ -0,0 +1,21 @@
+{ flake, pkgs, lib, ... }:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  nixos-unified.sshTarget = "srid@192.168.64.6";
+
+  imports = [
+    self.nixosModules.default
+    ./configuration.nix
+    (self + /modules/nixos/shared/github-runner.nix)
+  ];
+
+  services.openssh.enable = true;
+
+  # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
+  # https://github.com/NixOS/nixpkgs/issues/180175
+  systemd.services.NetworkManager-wait-online.enable = false;
+}

configurations/nixos/infinitude-nixos/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/93794f73-b8ae-4b64-8031-c908ccce556d";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/B8F8-6DD4";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/00acfcf3-cdfe-4179-b178-f3bae66fb059"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

configurations/nixos/pureintent/default.nix

@@ -16,7 +16,12 @@ in
     (self + /modules/nixos/shared/github-runner.nix)
   ];
 
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  home-manager.sharedModules = [
+    (self + /modules/home/all/dropbox.nix)
+  ];
+
+  # Using tart VM instead for arm builds. So disable this.
+  # boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   # For flake containers to have network access!
   networking.nat = {

justfile

@@ -24,6 +24,11 @@ infinitude:
 orb:
     nix run . orb-nixos
 
+# Deploy to tart VM
+[group('deploy')]
+tart:
+    nix run . infinitude-nixos
+
 # Run all pre-commit hooks on all files
 pca:
     pre-commit run --all-files

modules/home/linux-only.nix

@@ -13,7 +13,5 @@
     # ./all/wezterm
     ./all/ghostty.nix # Install it anyway for TERM to work on VMs
     # ./all/kitty.nix
-
-    ./all/dropbox.nix
   ];
 }

secrets/github-nix-ci/srid.token.age

@@ -1,19 +1,15 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDk2SVhOUSBSZzho
-UHJmeEsxby9PYys3c3pMM0VwWVFqcmhyUm5PbFBTRkI3c1lqNnlzClBLbzBoMDdq
-eE9FcDhpT2wrM0p0UzcwVEozcU5HNlJqS1hPK1NBMmd3UlkKLT4gc3NoLWVkMjU1
-MTkgTlVtMHJRIHIyaU1mbnFKS3FPaXV0all3OFVRSHBETWFNVWJLQnZWV1A0d00r
-QnM4a00KbVlzcVhEeUdpemY5M1lMeEkrOXc0Mm5tbkkwZlU5NzNoL29GUm94dzRz
-dwotPiBzc2gtZWQyNTUxOSBZc3h2bWcgR3pRQ2tlYjZyY3E4VEJaQVBuK2NJWGlS
-emhocnF4UkE5Sk9HQyt5Qklpawp3cStrQ3RwM0tRV2E3OFdqTkdoWFRiZ240YkxR
-L0RqME16Yi9Sb1lzZEh3Ci0+IHNzaC1lZDI1NTE5IHVmY3pvUSA1Zk10Tm5sUFJP
-QUJ4c3h4UGhDUjJoYjRPalJQZkNwUVpoTmk1MU1SWlZJCmRjQXFNdkZyQWR0R0dt
-V1N5THZuTHowOXF6a25PcnI3eGJ2MVZBOHYrdjQKLT4gc3NoLWVkMjU1MTkgdmc2
-YlBBIGVXVk9QQ2tYTmc2VDdhRElWNXd6NUhEYXpoQ2ZQeVRhU09tYS9VTVdaZ28K
-TysrSXJkSFViTnl1K3UxSFBsaUk5WGdOODdnMW1VdnJ0NEtoKzJMNElyQQotPiBQ
-a31HLDktZ3JlYXNlCjc1YUlVdnNZVk4xQ2tqQVY2aTFOdGtWZnpDcEtaZzROdHE0
-REljUQotLS0gRm54QWdRWHMvSmo3bnUwQjkreVdPaDBuQXdOQWN3RGVrenN2RmVx
-MTJIdwrsxadaUJo7qgnZgQRdOdCN4rbQan1kVZjoWNdmrMNhPLO1HThP7sCiFfOg
-Kqr/NfYAHDLV7C5EZv3OOq7LRBg++6EJ/Iord7+u3jb00xxq27YnD06UnPTBrC/z
-J+T+375IrvzxfSXWz7hlPbmxj8uokG3VcTbIQLXje1Gflp4=
------END AGE ENCRYPTED FILE-----
+age-encryption.org/v1
+-> ssh-ed25519 96IXNQ Y+qQO24dZBkf1fgom8YZBHaFyuhP4YWxawIKw5jXdEA
+SoF1OvNCnLgxICQIVk5KQnAVI1f0ZR+iQWJDOLMWVP0
+-> ssh-ed25519 NUm0rQ 3tYsvMIY6fh8eF/X28IJmzsBioVSdm2gQkCoQG4VSEo
+YdJ1vqiHiuAMvvoY2ZFK6EL72ezT/v9WTszleeVA/50
+-> ssh-ed25519 Ysxvmg UQa0Tr6pvELjX5yBbOYc07ajRMue/t93uZJ/evW3U2g
+q580dGyueeR0JaNHQn0bwclcpzU19PGDmnKYJOKWZFo
+-> ssh-ed25519 ufczoQ qWCE5o3emHCkpqUjCO+uZxe+qQOhtXK265PPFqjhZSI
+Ir8j4TG0aJEKJ+50wHZ7afaq2zWk+8H6G3CzL/ZQL4E
+-> ssh-ed25519 vg6bPA FZfdgunhkJu+/jeinJObk+Pel9nfn+Q7+0JmyOtcky0
+6K0TcrNHS2tqWxAfgnmGztAiQT47JBJ8PO//9BXJ2NU
+-> ssh-ed25519 WpFZgg d6KWTg3iTv8kA6i6zorUlwo/VTOZ6mqaSsHU/hFFACQ
+LW77/Cj6F6l7MRWDGwup7gppDVAA/v9TVRRKgsHmh+w
+--- d44rm7YzVMPLhhBPB1Xue2VE/RDRe2VIdccl+Ydokzo
+KÉ,‚Èè˜ú˱ß—Žu‹ÝnLθP&ižŽ ]ìVÒðRQ¤òæ˜%}(o4÷Éó‘ÅÓï*îR4#³y®Qã&êKgßÂÝè6¼Åô6ë¼^‚¤ßÌcÔ›¯ÝV®`ο‘‚é“¡Ï™e¬ôâ–·’øÙ¡ör¼m%@Z

secrets/pureintent-basic-auth.age

@@ -1,21 +1,15 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDk2SVhOUSBNYUVy
-RnVnNHVleXNnb2hLdW55SHllUDVuU1pITjVLUHkzT0lVNWhvb2hJCncySDFjTTNh
-VkFOclpxOGJ5SE5HVy84SHFEdkJ4U1JaSG5OamVqVUdjWGMKLT4gc3NoLWVkMjU1
-MTkgTlVtMHJRIHhJbndBd3FTdURHaDV1ODkwZFlKL214NUNSUTdiclA2VjJTbEFK
-VlRuZzgKYktTSU5QVnRLQmNLYnJqTVVUM3F6cjhZQ0U2Y3duR3UrUEZvRzlPckFw
-UQotPiBzc2gtZWQyNTUxOSBZc3h2bWcgYXpPUjBTRG0zdE5yRm9JUHpQTHl0elc0
-eURrVmFjRWlxVnR0L3Aza1h4TQpXOEN0TWxIMENSaVRud1BSSE9CNVN4bS84T2lM
-ZWR5VzJtb0k0YUgwMnpzCi0+IHNzaC1lZDI1NTE5IHVmY3pvUSBrTDFhVmN4aGFa
-UWNvVFBOMFVaSWY2eG1GVmxtN0l3ckdnSVI3TFVzVGhnClljTzZpR3BOVnlHT2tV
-d2M1TGdMWVpqUmUyVXZjNlo4MVkwZFpOWm9hTmsKLT4gc3NoLWVkMjU1MTkgdmc2
-YlBBIDRBdUx1Y0F2MDVTN0tEV1ZLNVhHd3gwSERHb2hKMjJ1b2lVbzNrd3ora1UK
-MUpLOTNKN0tVSVR6WWhTaTltWVRodVZjcWgzSk02RWIwMTZ2cmVWM3lUVQotPiB0
-fFktZ3JlYXNlIGhRLyAnIT4gYmxiSDYrbSAsajk8LgpzRXp1MDJIdC9sVXIxRDZl
-M3BFWDMwbUNCUnBicDZTazhxVlZvblhPUXAvMU5pTkUwbGNrd3NRVmNLalNxcXBD
-ClFPeG1oWTVLajFWVlloYXYyYmt1cFYvWWVjRWJqdlVaZi9DVFpDUFRHOXRWTGpD
-QwotLS0gc2VOdnBjcy9YVUh6ZStzT2hZU2dKMk9TSnRML3BLLzFDTFJSWk1CQlpz
-OApUJalZMCW4JZnrLX1pv7TsuI015x08HAjFqPwd12aSU9L8u+byB8Pg6PXTyq0C
-73efUrR6PGdyFkus+sXsGNAdq0t7KFZeoc8i+QLvBMO4dmqq6fEsMpDW7qTNdHLU
-xnXToA==
------END AGE ENCRYPTED FILE-----
+age-encryption.org/v1
+-> ssh-ed25519 96IXNQ itQhShx/o/E7ozne7cEp8vw2Buh1g2y2q035Db3La00
+ZXDKkeRSIqIMaxN/+qmFf8UXEBUIFcC+iAOI2rVSSVg
+-> ssh-ed25519 NUm0rQ 5CG7yFDB5UEZl4wm07ZDsQJRlzDWBLpAfsRZ39gB0xw
+YGUAoVszdiUslG63DI2Vm8NfkDzRa6bTAXLelirx+lE
+-> ssh-ed25519 Ysxvmg S/4/wl0npyOu4i5oqyiwYrDCyZALyzbFLKYXjnoSR1Y
+Cq7kC2ruGlS99TqI35vANPCM5VriQHyFNOXDIdqgq8U
+-> ssh-ed25519 ufczoQ 07LUiyx8VhDa6k/9NZN4zK+0YA/S+NcEfBGabLBkwgY
+581All66sccmMQjvyQPHnz48pflZo/ZQe+WlsXjixk4
+-> ssh-ed25519 vg6bPA 6x2XbWIIqeMdtVbJ3vfpNKjIpbfAytcjN3aydzlgY18
+LlrI/CBWeSvz0iVzAzlURSO881ebFv7V5D19hnkAItg
+-> ssh-ed25519 WpFZgg HCcCa6MKmpdu5iDy44usic2UBfqrdK06gjLriD20+zg
+z9U+zt5E/T98ipbXtwpx532pJp/g2s5rflLgdvxRrMg
+--- tPekxytCdLtMlyJNNXiSWZS67QD4ZAbnjzUaSRrHSgE
+7ÁäÌ°éçUUW84¸]VáÎ2F‡SµpJݪÛÜ
ZÉ<&îퟣ×$YùvË#Ä(ñ'0Ãõ령ȶ	|DÕ7öHÞ¬Çâ‡UaD7k.‚…‡Kæ*ÈùÂvi‰7	

secrets/secrets.nix

@@ -6,7 +6,8 @@ let
   pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos";
   naivete = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXQ4jgsoM0K+6oddNCerjVFDibQcv7JWwc5OsT8AkGa";
   infinitude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjxxIse4V0mC3qqhPdcVp1dp2R8fQr2AMcf/fd9vWcj";
-  systems = [ appreciate pureintent naivete infinitude ];
+  infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF5YxbeuZhn20pxbmHmA8UU9sWTmvQ/lcKkfY9A+Snx";
+  systems = [ appreciate pureintent naivete infinitude infinitude-nixos ];
 in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;