mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temp pi5

Browse Source
This commit is contained in:
mjallen18
2025-05-09 13:32:54 -05:00
parent 2b2fa1bdbc
commit 27b8d8e4d7
6 changed files with 320 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files

268
flake.lock generated
View File

@@ -53,16 +53,16 @@
},
"Pi5-nixpkgs": {
"locked": {
"lastModified": 1746461020,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@@ -87,6 +87,22 @@
"type": "github"
}
},
"argononed": {
"flake": false,
"locked": {
"lastModified": 1729566243,
"narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=",
"owner": "nvmd",
"repo": "argononed",
"rev": "16dbee54d49b66d5654d228d1061246b440ef7cf",
"type": "github"
},
"original": {
"owner": "nvmd",
"repo": "argononed",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
@@ -731,40 +747,6 @@
"type": "github"
}
},
"libcamera-src": {
"flake": false,
"locked": {
"lastModified": 1725630279,
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
}
},
"libpisp-src": {
"flake": false,
"locked": {
"lastModified": 1724944683,
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
"owner": "raspberrypi",
"repo": "libpisp",
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.0.7",
"repo": "libpisp",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
@@ -798,7 +780,9 @@
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": "nixpkgs_2",
"nixpkgs": [
"nas-nixpkgs"
],
"poetry2nix": "poetry2nix",
"systems": "systems"
},
@@ -1099,6 +1083,52 @@
"type": "github"
}
},
"nixos-images": {
"inputs": {
"nixos-stable": [
"nixos-raspberrypi",
"nixpkgs"
],
"nixos-unstable": [
"nixos-raspberrypi",
"nixpkgs"
]
},
"locked": {
"lastModified": 1746225872,
"narHash": "sha256-ySSk4r9Mq6dO2MYaik4vTU18sA17aHTSb2LsAFXdw3E=",
"owner": "nvmd",
"repo": "nixos-images",
"rev": "33343fd9a237ed98df52e3611f833fdab729c358",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "sdimage-installer",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-raspberrypi": {
"inputs": {
"argononed": "argononed",
"nixos-images": "nixos-images",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1746230872,
"narHash": "sha256-w7i0IrlgT/EIgKhu35NEPRwvN2pFqWlKAuzjjCodTyA=",
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"rev": "747b7b8b9644971755c903f4c30d854147371bd7",
"type": "github"
},
"original": {
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1746328495,
@@ -1228,16 +1258,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1746461020,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
"owner": "NixOS",
"lastModified": 1745988343,
"narHash": "sha256-pC1h2+78R9cGcLFpgzFqt00V9S2OShgoQXygfb7+K3w=",
"owner": "nvmd",
"repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
"rev": "69ab0db654ca18be1b4cc5ceddf56f1581fb7173",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "nvmd",
"ref": "modules-with-keys-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -1370,33 +1400,6 @@
"type": "github"
}
},
"raspberry-pi-nix": {
"inputs": {
"libcamera-src": "libcamera-src",
"libpisp-src": "libpisp-src",
"nixpkgs": "nixpkgs_2",
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
"rpi-firmware-src": "rpi-firmware-src",
"rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src",
"rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src",
"rpi-linux-stable-src": "rpi-linux-stable-src",
"rpicam-apps-src": "rpicam-apps-src"
},
"locked": {
"lastModified": 1742223591,
"narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=",
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"rev": "3e8100d5e976a6a2be363015cb33463af9ef441a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"type": "github"
}
},
"root": {
"inputs": {
"Pi5-home-manager": "Pi5-home-manager",
@@ -1423,9 +1426,9 @@
"nas-nixpkgs-stable": "nas-nixpkgs-stable",
"nas-sops-nix": "nas-sops-nix",
"nix-darwin": "nix-darwin",
"nixos-raspberrypi": "nixos-raspberrypi",
"nixpkgs-stable": "nixpkgs-stable_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"raspberry-pi-nix": "raspberry-pi-nix",
"steamdeck-chaotic": "steamdeck-chaotic",
"steamdeck-home-manager": "steamdeck-home-manager",
"steamdeck-impermanence": "steamdeck-impermanence",
@@ -1437,125 +1440,6 @@
"steamdeck-steam-rom-manager": "steamdeck-steam-rom-manager"
}
},
"rpi-bluez-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1708969706,
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
"owner": "RPi-Distro",
"repo": "bluez-firmware",
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "bluez-firmware",
"type": "github"
}
},
"rpi-firmware-nonfree-src": {
"flake": false,
"locked": {
"lastModified": 1723266537,
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
"owner": "RPi-Distro",
"repo": "firmware-nonfree",
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "firmware-nonfree",
"type": "github"
}
},
"rpi-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1728405098,
"narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=",
"owner": "raspberrypi",
"repo": "firmware",
"rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "1.20241008",
"repo": "firmware",
"type": "github"
}
},
"rpi-linux-6_12_17-src": {
"flake": false,
"locked": {
"lastModified": 1740765145,
"narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.12.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-6_6_78-src": {
"flake": false,
"locked": {
"lastModified": 1740503700,
"narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "2e071057fded90e789c0101498e45a1778be93fe",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.6.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-stable-src": {
"flake": false,
"locked": {
"lastModified": 1728403745,
"narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "stable_20241008",
"repo": "linux",
"type": "github"
}
},
"rpicam-apps-src": {
"flake": false,
"locked": {
"lastModified": 1727515047,
"narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
"owner": "raspberrypi",
"repo": "rpicam-apps",
"rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.5.2",
"repo": "rpicam-apps",
"type": "github"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {

92
flake.nix
View File

@@ -119,7 +119,7 @@
# nixpgs
Pi5-nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-24.11";
url = "github:NixOS/nixpkgs/nixos-24.05";
};
# Home Manager
@@ -144,7 +144,7 @@
inputs.nixpkgs.follows = "Pi5-nixpkgs";
};
raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix";
nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi";
#####################################################
# Steamdeck #
@@ -256,7 +256,7 @@
Pi5-impermanence,
Pi5-nixos-hardware,
Pi5-sops-nix,
raspberry-pi-nix,
nixos-raspberrypi,
# Steamdeck
steamdeck-nixpkgs,
@@ -384,31 +384,77 @@
};
# Pi5
"pi5" = Pi5-nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
"pi5" = nixos-raspberrypi.lib.nixosSystem {
specialArgs = inputs;
modules = [
Pi5-nixos-hardware.nixosModules.raspberry-pi-4
Pi5-impermanence.nixosModules.impermanence
./hosts/pi5/configuration.nix
Pi5-sops-nix.nixosModules.sops
raspberry-pi-nix.nixosModules.raspberry-pi
raspberry-pi-nix.nixosModules.sd-image
Pi5-home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.matt =
{ ... }:
{
imports = [
./hosts/pi5/home.nix
Pi5-sops-nix.homeManagerModules.sops
];
};
# Hardware specific configuration, see section below for a more complete
# list of modules
imports = with nixos-raspberrypi.nixosModules; [
raspberry-pi-5.base
raspberry-pi-5.display-vc4
raspberry-pi-5.bluetooth
];
}
({ config, pkgs, lib, ... }:
let
kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
in {
boot = {
loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw;
kernelPackages = kernelBundle.linuxPackages_rpi5;
};
nixpkgs.overlays = lib.mkAfter [
(self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (kernelBundle) raspberrypifw;
})
];
networking.hostName = "pi5";
system.nixos.tags = let
cfg = config.boot.loader.raspberryPi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
})
# ...
];
};
# "pi5" = Pi5-nixpkgs.lib.nixosSystem {
# system = "aarch64-linux";
# modules = [
# Pi5-nixos-hardware.nixosModules.raspberry-pi-4
# Pi5-impermanence.nixosModules.impermanence
# ./hosts/pi5/configuration.nix
# Pi5-sops-nix.nixosModules.sops
# Pi5-home-manager.nixosModules.home-manager
# {
# home-manager.useGlobalPkgs = true;
# home-manager.useUserPackages = true;
# home-manager.users.matt =
# { ... }:
# {
# imports = [
# ./hosts/pi5/home.nix
# Pi5-sops-nix.homeManagerModules.sops
# ];
# };
# }
# ];
# };
"steamdeck" = steamdeck-nixpkgs.lib.nixosSystem {
system = "x86_64-linux";

45
hosts/pi5/bootconfig.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, pkgs, lib, ... }:
{
hardware.raspberry-pi.config = {
all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
options = {
# https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
# in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# 8 and 10 on the 40-pin header)
enable_uart = {
enable = true;
value = true;
};
# https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
# enable debug logging to the UART, also automatically enables
# UART logging in `start.elf`
uart_2ndstage = {
enable = true;
value = true;
};
};
# Base DTB parameters
# https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
base-dt-params = {
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
pciex1 = {
enable = true;
value = "on";
};
# PCIe Gen 3.0
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
pciex1_gen = {
enable = true;
value = "3";
};
};
};
};
}

68
hosts/pi5/configuration.nix
View File

@@ -8,18 +8,19 @@ let
user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
SSID = "Joey's Jungle 5G";
wifiSecrets = config.sops.secrets."wifi-password".path;
wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path;
interface = "wlan0";
timezone = "America/Chicago";
hostname = "pi5";
in
{
imports = [
./boot.nix
# ./hardware-configuration.nix
# ./boot.nix
./hardware-configuration.nix
./impermanence.nix
# ./sops.nix
../default.nix
./bootconfig.nix
# ./sops.nix
# ../default.nix
];
raspberry-pi-nix.board = lib.mkForce "bcm2712";
@@ -29,11 +30,13 @@ in
settings = {
substituters = [
# "https://cache.mjallen.dev"
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
@@ -48,6 +51,18 @@ in
];
};
};
# Configure nixpkgs
# Enable non free
nixpkgs.config.allowUnfree = lib.mkForce true;
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
services.xserver = {
enable = false;
@@ -72,28 +87,14 @@ in
time.timeZone = timezone;
networking = {
networkmanager.enable = lib.mkForce false;
hostName = hostname;
wireless = {
enable = false;
secretsFile = wifiSecrets;
networks."${SSID}".psk = "ext:PSK";
interfaces = [ interface ];
};
defaultGateway.address = "10.0.1.1";
nameservers = [ "10.0.1.1" ];
interfaces.enabcm6e4ei0.ipv4.addresses = [ {
address = "10.0.1.2";
prefixLength = 24;
} ];
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 80 53 ];
allowedUDPPorts = [ 80 53 ];
};
};
@@ -126,6 +127,35 @@ in
enableZshIntegration = true;
};
security = {
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
users = {
mutableUsers = false;
users."${user}" = {

71
hosts/pi5/hardware-configuration.nix
View File

@@ -16,53 +16,52 @@
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
mode = "755";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=etc" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7EC2-DEAC";
{ device = "/dev/disk/by-uuid/7793-909B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/firmware" =
{ device = "/dev/disk/by-uuid/7E6D-6434";
{ device = "/dev/disk/by-uuid/777B-8D3F";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d390a564-9ef9-4c7d-ae1a-93951e9873dd"; }
];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@@ -73,4 +72,4 @@
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}
}

46
hosts/pi5/networking.nix Executable file
View File

@@ -0,0 +1,46 @@
{ lib, config, ... }:
let
hostname = "pi5";
in
{
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager = {
enable = lib.mkDefault true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 5G" = {
connection = {
id = "Joey's Jungle 5G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 5G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}