New

.envrc

@@ -0,0 +1 @@
+use flake

.github/workflows/ci.yml

@@ -14,27 +14,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
-      - name: Set up Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: "1.17"
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v9
 
-      - name: Cache Go stuff
-        uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
+      - name: Cache store
+        uses: DeterminateSystems/magic-nix-cache-action@v3
 
-      # TODO: cache packer
-
-      - name: Initialize packer
-        run: sudo --preserve-env=PATH packer init template.pkr.hcl
+      - name: Prepare vars
+        run: cp image/vars.example.json image/vars.json
 
       - name: Build image
-        run: sudo --preserve-env=PATH packer build template.pkr.hcl
+        run: nix run .#image.builder

.gitignore

@@ -1,3 +1,3 @@
-packer_cache/
-*.img
-*.xz
+/.pre-commit-config.yaml
+/.direnv
+/result*

README.md

@@ -27,16 +27,18 @@ This is a repository holding all necessary code, scripts, etc for my remote cont
 
 ### Software
 
-- Ubuntu
+- Raspberry Pi OS
   - operating system for Raspberry Pi
 - Packer
   - builder of operating system image
 - Ansible
   - provisioner of operating system image
-- Go
-  - server code
-- Flutter
-  - client code
+- Nix
+  - dependency manager and command runner
+- NodeJS
+  - backend code
+- HTML/CSS/JS
+  - frontend code
 
 ## GPIO
 

_unused/Makefile

@@ -0,0 +1,21 @@
+.PHONY: build
+.ONESHELL:
+build:
+	sudo bash <<'EOF'
+		export PATH="$(PATH):/bin:/sbin"
+		export PACKER_CACHE_DIR="$(CURDIR)/.packer-cache"
+		export PACKER_PLUGIN_PATH="$(CURDIR)/.packer-plugins"
+		packer init .
+		packer build -var-file config.json .
+		chmod -R 777 jezdzik.img "$$PACKER_PLUGIN_PATH" "$$PACKER_CACHE_DIR"
+	EOF
+
+.PHONY: flash
+.ONESHELL:
+flash:
+ifndef DEVICE
+	$(error DEVICE is undefined)
+endif
+	sudo bash <<'EOF'
+		pv --sync < jezdzik.img > '$(DEVICE)'
+	EOF

_unused/provision.sh

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+touch /boot/ssh
+
+cat <<EOF > /etc/NetworkManager/system-connections/wifi.nmconnection
+[connection]
+id=wifi
+uuid=965bc859-14c7-4e6f-bffe-65f09cd631b9
+type=wifi
+interface-name=wlan0
+[wifi]
+mode=infrastructure
+ssid=${wifi_ssid}
+[wifi-security]
+auth-alg=open
+key-mgmt=wpa-psk
+psk=${wifi_pass}
+[ipv4]
+method=auto
+[ipv6]
+addr-gen-mode=default
+method=auto
+[proxy]
+EOF
+chmod 600 /etc/NetworkManager/system-connections/wifi.nmconnection
+
+cat <<EOF > /etc/ssh/sshd_config.d/custom.conf
+PermitRootLogin without-password
+PasswordAuthentication no
+PubkeyAuthentication yes
+AllowUsers root
+AuthorizedKeysFile /etc/ssh/authorized_keys
+EOF
+
+cat <<EOF > /etc/ssh/authorized_keys
+${ssh_pubkey}
+EOF
+
+cat <<EOF > /etc/hostname
+jezdzik
+EOF
+
+cat <<EOF > /etc/hosts
+127.0.0.1 localhost jezdzik
+::1 localhost jezdzik
+EOF
+
+cat <<EOF > /etc/nftables.conf
+table ip nat {
+    chain prerouting {
+        type nat hook prerouting priority dstnat; policy accept;
+        tcp dport 80 redirect to :8080
+    }
+}
+EOF
+
+cat <<EOF > /etc/systemd/system/jezdzik.service
+[Unit]
+Description=jezdzik
+
+[Service]
+Type=simple
+ExecStart=/jezdzik
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=default.target
+EOF
+
+systemctl enable nftables jezdzik 2>&1
+
+systemctl disable triggerhappy userconfig dphys-swapfile 2>&1

_unused/template.pkr.hcl

@@ -0,0 +1,44 @@
+variable "wifi_ssid" {
+  type        = string
+  description = "WiFi access point SSID"
+}
+
+variable "wifi_pass" {
+  type        = string
+  description = "WiFi password"
+  sensitive   = true
+}
+
+variable "ssh_pubkey" {
+  type        = string
+  description = "SSH public key, will be added to resulting image"
+}
+
+packer {
+  required_plugins {
+    arm-image = {
+      version = "= 0.2.7"
+      source  = "github.com/solo-io/arm-image"
+    }
+  }
+}
+
+source "arm-image" "os" {
+  iso_url         = "https://downloads.raspberrypi.com/raspios_lite_armhf/images/raspios_lite_armhf-2023-12-11/2023-12-11-raspios-bookworm-armhf-lite.img.xz"
+  iso_checksum    = "sha256:5df1850573c5e1418f70285c96deea2cfa87105cca976262f023c49b31cdd52b"
+  output_filename = "jezdzik.img"
+}
+
+build {
+  sources = ["source.arm-image.os"]
+
+  provisioner "file" {
+    source      = "app/jezdzik"
+    destination = "/jezdzik"
+  }
+
+  provisioner "shell" {
+    env    = var
+    script = "provision.sh"
+  }
+}